Following the public consultation process, ANCOM adopted Decision no. 70/2024 on the security of public electronic communications networks and publicly available electronic communications services, which harmonizes the provisions of secondary legislation with the provisions of the primary legal framework in the field. The decision was published in the Official Gazette of Romania.
Security of public electronic communications networks and publicly available electronic communications services
The main amendments adopted concern technical and organisational measures to be taken by providers of public electronic communications networks or publicly available electronic communications services in order to adequately manage the risks posed to the security of electronic communications networks and services.
For the purposes of reporting to ANCOM on security incidents with significant impact, providers of public networks and/or publicly available electronic communications services will assess the impact of incidents not only according to quantitative thresholds (i.e., number of affected users and duration of the incident), but also according to a series of qualitative thresholds (incidents affecting the routing of emergency communications to the 112 Emergency Service, incidents with cross-border impact or affecting the security of another provider's networks and services).
As the number of incidents caused by electricity supply interruptions holds a significant share of the total number of security incidents with a significant impact reported to ANCOM, the decision stipulates the obligation for large providers of public electronic communications networks to ensure back-up power supplies for network elements.
A new provision in the decision regards the establishment of an Electronic Communications Security Advisory Group. It will gather representatives of ANCOM and of the providers of public electronic communications networks or publicly available electronic communications services with at least 100,000 connections. The main objectives of this group are promoting harmonisation of security measures, fostering cooperation, assessing emerging risks, facilitating the exchange of information and best practices, and analysing challenges to the security of networks and services.
The decision was published in the Official Gazette of Romania no. 117/09.02.2024 and entered into force on the date of publication, except for the provisions on obligations regarding security measures, which enter into force within 3 months from the date of publication, and the provisions on ensuring back-up power supplies, which enter into force within 18 months from the publication of the decision.
Source: https://www.ancom.ro/en/print/ancom-updated-the-regulations-on-network-security_7095