ComReg Powers
Communications Regulation Act
This Act transposes specific aspects of Directive (EU) 2018/1972 (‘the Directive’), particularly the enforcement, security, alternative dispute resolution, and a limited number of end-user rights provisions. It will also designate the Commission for Communications Regulation (‘ComReg’) as the competent authority for the purpose of enforcing the Directive in the State. The European Union (Electronic Communication Code) Regulations 2022 (S.I. 444 of 2022) (the ‘Code Regulations’) will transpose the remainder of the Directive.
The Act also provides ComReg with a new civil enforcement regime which is used to enforce the obligations established in the Code Regulations, but can, subject to Regulations made by the Minister for the Environment, Climate and Communications, also be used to enforce obligations established by other regulatory regimes for which ComReg is given an enforcement role. The Act also amends Section 108 of the Code Regulations to provide for a higher maximum criminal penalty for conviction of an offence on indictment under those Regulations.
The Act transposed the security provisions of the Directive and, in so doing, provides a mechanism for the Minister to specify security measures by Regulation and to make guidelines relating to network security and to provide a legislative basis to enforce the Electronic Communications Security Measures to ensure that electronic communications services and networks are required to ensure the security of their systems.
The Act provides for new consumer service protections for consumers in the electronic communications sector, including an enhanced alternative dispute resolution process for consumers, a new power for ComReg to set minimum quality-of-service standards, a new compensation scheme for consumers and a new “Customer Charter”.
The Act amended Communications Regulation Act 2002, to align that Act with the Directive and make necessary amendments to ComReg’s current functions and powers, to improve their functionality and complement the new proposed enforcement regime.
The Minister may make regulations in relation to any matter referred to in the Act as prescribed or to be prescribed or to be the subject of regulations or for the purpose of enabling any of its provisions to have full effect.
An authorised officer may exercise any of his or her powers under the Principal Act for the purposes of the Act.
Security of Services
Providers shall take appropriate and proportionate technical and organisational measures to manage the risks posed to the security of networks and services, and the measures taken shall ensure a level of security appropriate to the risk presented with regard to the state of the art.
The Minister may, for the purpose of providing practical guidance to providers, prepare and publish or approve guidelines on the implementation of technical and organisational measures to manage the risks posed to the security of networks and services.
Any legal proceedings before a court or tribunal, the court or tribunal shall have regard to any security measures guidelines in determining any question arising in the proceedings if the question relates to a time when the guideline was in force, and the guideline appears to the court or tribunal to be relevant to the question.
Security measures guidelines
The Commission shall have regard to any security measures guideline in determining any question arising in relation to it carrying out its functions if the question relates to a time when the guideline was in force, and the guideline appears to the Commission to be relevant to the question.
An adjudicator shall have regard to any security measures guideline in determining any question arising in relation to it carrying out its functions if the question relates to a time when the guideline was in force, and the guideline appears to the Commission to be relevant to the question.
Providers to notify
A provider shall, where any security incident occurs that has had or is having a significant impact on the operation of the provider’s networks or services, notify the Commission without undue delay and sets out the procedure for same.
In the case of a particular and significant threat of a security incident in public electronic communications networks or publicly available electronic communications services, a provider of such networks or services shall inform its users potentially affected by such a threat of any possible protective measures or remedies which can be taken by the users, and where appropriate, inform its users of the threat itself.
Compliance by providers
The Commission shall take reasonable steps to ensure that providers comply with the obligations placed on them by or under this Part. The Commission may serve a direction on a provider to remedy a security incident or prevent one from occurring when a significant threat has been identified, or to ensure that a provider is in compliance with this Part.
Where the Commission serves a security measures direction on a provider requiring the provider to submit to a security audit, the Commission may appoint a security auditor to carry out the security audit in accordance with the direction.
Assistance and information sharing
The Commission may consult, cooperate, share information with, or obtain the assistance of the CSIRT, a Computer Security Incident Response Team in another Member State, a national regulatory authority in another Member State to whom a task under the Directive has been assigned, An Garda Síochána and the Data Protection Commission.
Appeal of decisions
There are appeals to the High Court against decisions or requirements of the Commission under the Act and the European Union (Electronic Communications Code) Regulations 2022 and the Minister for the Environment, Climate and Communications under Regulations 70, 76 or 100 of the Code Regulations. It sets out the procedure for these appeals.
It provides that on hearing an appeal, the Court may confirm the decision, or, where it is satisfied by reference to the grounds of appeal that a serious and significant error of law or fact, or a series of minor errors of law or fact which when taken together amount to a serious and significant error, was made in making the decision, or that the decision was made without complying with fair procedures, annul the decision in its totality or in part.
There is an appeals against the decision of the High Court to the Court of Appeal. Such appeals will only be granted with leave of the High Court and where the High Court certifies that the decision involves a point of law of exceptional public importance and that it is desirable in the public interest that an appeal should be made to the Court of Appeal.
Remedies
A payment received by the Commission of any amount due to it pursuant to this Part shall be paid into, or disposed of for the benefit of, the Exchequer in such manner as the Minister shall deterimine.
The service of an urgent interim measure notice or a suspected non-compliance notice; or a referral, may be served or made, as the case may be, by the Commission at any time.
The Commission shall collect information on the general subject matter of appeals under this Chapter, the number of appeals, the duration of appeal proceedings and the number of decisions to urgent interim measures; and provide this information to the Minister.
Revocation, transitional provisions and consequential amendments
There are transitional provisions where Regulator has notified proposed withdrawal of authorisation or suspension or withdrawal of rights
The Act sets out the continuing application of certain regulations where the Regulation has proposed withdrawal of authorisation or suspension or withdrawal of rights.
There is the continuing application of certain regulations where applications have been made by the Regulator.