Draft Revised Telecommunications Security Code of Practice 2026
A Draft Revised Telecommunications Security Code of Practice setting out updated guidance for public telecoms providers.
Documents
Details
Presented to Parliament pursuant to sections 105E and 105F of the Communications Act 2003.
This is a Draft Revised version of the Telecommunications Security Code of Practice, first published on 1 December 2022. The Code of Practice provides detailed guidance on how public telecoms providers can comply with the duties in the Telecommunications (Security) Act 2021 and the requirements in the Electronic Communications (Security Measures) Regulations 2022.
The government consulted on proposed updates to the Code of Practice in late 2025, and published the consultation response in June 2026.
Who this applies to
This Draft Revised Code of Practice is detailed guidance for large and medium-sized public telecoms providers.
What this revision does
This Draft Revised Code of Practice refines the language and incorporates changes to address new threats, and technological advancements. It reinforces the expectation that providers take a risk-based approach to security.
How the Code of Practice will be updated
The government will continue to review and update the Code of Practice periodically, informed by advice from the NCSC, evidence from public telecoms providers, and security reports from Ofcom. Where changes are proposed, the government will consult affected providers, and Parliament will be given the opportunity to scrutinise any revised version.