Corporate report

Public Emergency Call Service disruption, Sunday 25 June 2023: post-incident review

Published 21 March 2024

Introduction

The Public Emergency Call Service (PECS), accessed via the numbers 999 and 112^{[footnote 1]}, acts as the primary means for the UK population to seek help in emergencies. In 2022, the public made 35 million calls to the service, 53% of which were for an ambulance, 44% for police, 3% for fire and rescue, and less than 1% for the HM Coastguard.  Members of the public rely on the service for their safety and security, and so it is essential that the system is resilient and remains available to the public without interruption.

The PECS end-to-end system consists of three key stages that all callers go through^{[footnote 2]}:

• A citizen calls 999 (or 112) from a device and the communication provider automatically transfers the call free-of-charge to BT’s 999 platform;
• The caller is routed via BT’s 999 platform and trained BT^{[footnote 3]} call handlers act as the first point-of-contact, asking a series of questions beginning with, “emergency, which service do you require?”. At this stage, BT filters approximately 30% of calls (identified as repeat calls, misdials, or nuisance callers) and automatically obtains the caller’s location and phone number; then,
• The BT call handler transfers the caller, alongside their location and phone number, to the nearest appropriate Emergency Authority control room for Police, Ambulance, Fire & Rescue, or HM Coastguard^{[footnote 4]}. At this point, the appropriate action is determined by control room staff and, where required, an operational response is provided, including the dispatch of emergency services.

A number of partners are involved in the PECS, and roles are divided across the United Kingdom and Emergency Authorities.  At an operational level, responsibility for delivering the UK PECS falls to BT acting on behalf of all communication providers^{[footnote 5]}, and the relevant Emergency Authorities (EAs) composed of: police forces, fire and rescue services, ambulance service NHS trusts, and HM Coastguard.  While BT and HM Coastguard cover the entire UK, all other partners are divided across a range of regional and national boundaries, or specialities, that make a total of 113 separate entities – consisting of 45 territorial police forces (and 3 special police forces), 49 fire and rescue authorities, and 14 ambulance service trusts^{[footnote 6]}.

Similarly, the governance of the PECS is diverse and multi-layered, with varying levels of oversight and accountability for differing parts of the system.   Policy responsibilities are spread across a number of departments and Governments: the Home Office (HO) is responsible for policing and for fire and rescue services, the Department for Health and Social Care (DHSC) for the NHS and ambulance services, the Department for Transport (DfT) for HM Coastguard and British Transport Police, the Department for Science, Innovation, and Technology (DSIT) for the role of telecommunications providers, including BT, and the Devolved Administrations are responsible for the emergency services within their respective nations.  More generally, the Cabinet Office (CO) has an overarching role in ensuring the coordination of policy, preparing for civil contingency risks affecting the UK, leading policy on UK national resilience, and coordinating the response to national crises.  At an operational level, the 999 Liaison Committee, chaired by an emergency services representative, owns the PECS Code of Practice which outlines the roles and responsibilities in the conveyance of emergency calls from caller to the relevant emergency service, and includes representatives from the EA’s representative bodies, such as the National Fire Chiefs Council, Association of Ambulance Chief Executives, National Police Chief Council, and Maritime and Coastguard Agency.

On Sunday, 25 June 2023, BT experienced a technical fault affecting its ability to transfer 999 calls to the emergency authorities.  First, calls to 999 were unintentionally disconnected, and then failed to connect, until BT’s back-up system was successfully activated which then caused delays in transferring 999 calls before the issue was resolved later the same day.  

In keeping with good practice and the principles set out in the UK Government Resilience Framework, this Post-Incident Review establishes what occurred on 25 June and the wider lessons that should be drawn on to improve the resilience of the PECS through clear recommendations.

Methodology 

The review draws on evidence provided by relevant parties, including the EAs (ambulance, police, fire and rescue, and HM Coastguard), BT (as the Call Handling Agent), Ofcom (the independent regulator for the communications sector), Lead Government Departments (HO, DHSC, DfT, DSIT), alongside the Department for Levelling Up, Housing and Communities (which oversees local government and the relationships with Local Resilience Forums), CO, and the Devolved Administrations. Its findings reflect consultation with the 999 / 112 Liaison Committee, which represents all organisations that have a role to play in delivering and managing the Public Emergency Call Service.

While the review identifies fundamental lessons from the 25 June incident, it also takes the opportunity to consider any broader lessons that can be learnt about the resilience of the Public Emergency Call Service.  It addresses the question, ‘What happened to the 999 Public Emergency Call Service on 25 June 2023, how resilient is that system more broadly, and what lessons may be learnt?’. Its focus is on the immediate resilience of the PECS and the management of any incidents within that system, rather than any longer-term broader strategic or policy issues that are better covered elsewhere, such as any consideration of BT’s role as the UK’s Call Handling Agent and the model for how emergency authorities handle calls once received from BT. In addition, the scope of the review focuses purely on the PECS itself, and expressly excludes other aspects of emergency response (such as the response provided by the emergency authorities after a 999 call has concluded).

The review does not look to find fault - its sole aim is to identify lessons to improve the resilience of the system for the future to ensure it continues to meet the needs and expectations of the UK public.  Where applicable, it will take account of any other connected review work, including the findings of BT’s own internal investigation^{[footnote 7]}. In addition, any findings within this Review will have no bearing on any later findings by Ofcom who act independently in their capacity as a regulator and whose investigation relates to compliance with obligations in Ofcom’s General Conditions of Entitlement and applicable sections of the Communications Act 2003^{[footnote 8]}.

The review set out below is organised into four parts.

• First, on the incident itself;
• second, on the response to it by relevant parties;
• third, on findings relating to the wider resilience of the PECS system; and in the final part, it sets out recommendations to strengthen the resilience of the PECS for the future.  

The incident

The 999 PECS has proven itself to be extremely resilient, and the incident that occurred on 25 June was exceptional.  It marked the first nationwide loss of 999 in over 86 years since the inception of the PECS in 1937.  However, any widespread loss of PECS should be examined fully so that lessons may be learnt and implemented.   

On Sunday, 25 June 2023, a complex software issue affecting BT’s 999 Platform significantly disrupted the UK’s Public Emergency Call Service.  As the incident progressed so too did the potential impacts on the UK population in terms of severity and scale, which can be broadly categorised into three phases:

• Disruption.  Between 06:24 and 07:31 (1 hour, 7 minutes).  The time of the initial fault, which resulted in a significant proportion of 999 calls disconnecting.  Some citizens attempting to make emergency calls during this period were disconnected as they were being transferred from the BT call handler to the relevant EA control room.
• Denial.  Between 07:31 and 08:50 (1 hour, 19 minutes).  The most serious period, when all 999 callers were unable to connect to 999 due to a procedural failure by BT in activating their backup system.  During this period, all citizens dialling 999 would have failed to connect to BT’s 999 platform, resulting in a failed call and denial of access to the PECS.
• Delay.  Between 08:50 and 16:56 (8 hours, 6 minutes).  During this time, the service was operational, using the backup system which had reduced functionality compared to the primary system.  All citizens during this phase would have been able to get through to the emergency services, but it would have taken longer than usual, as call handlers in BT and the EAs needed to process some information manually (such as location).

During the incident (spanning 06:24 to 16:56)^{[footnote 9]}, a total of 9,641 unique callers were unable to access the emergency services via 999/112 and many more were delayed or disrupted^{[footnote 10]}. In addition, BT assesses that the alternative PECS services provided to a very small number of customers (such as Video Relay, SMS and eCalling) may have also been impacted by the incident, and continues to cooperate with the Ofcom investigation in respect of the impact to all affected services. 

To date, there are no confirmed reports by the emergency authorities of serious harm done to members of the public as a result of the 999 disruption on Sunday, 25 June 2023, although this will continue to be kept under review by those authorities. This is the first nationwide loss of 999, and the potential harm and impact of such an incident is unacceptable. The lessons need to be fully understood as soon as possible, and citizens need to remain confident in the 999 service. 

The impacts to BT’s functionality had considerable knock-on impacts across the operations of the EAs, specifically the 144 control rooms at the other end of the 999 system.  The disruption phase placed an additional burden on control room staff as they phoned each caller back, adding to call delay queues that would only increase as the incident progressed.  Once the incident entered the denial phase, the EAs experienced a significant drop in call volumes, which caused considerable concern and is widely assumed to have contributed to the delays throughout the remainder of Sunday as callers repeatedly attempted to access the service.  As the incident moved into the final delay phase, the limited functionality of BT’s backup system meant that control room operators needed to ask the caller a number of questions to determine their precise location, which had a considerable impact on the time it takes to handle a call as callers waited to be transferred to an available operator in the relevant control room.

Response  

Based on the evidence provided for this Review, there were a number of issues with the system-wide response to the incident.  These can be categorised into three main themes: the notification process alerting other affected partners of the incident occurring; the mechanisms used to aid  coordination and assist the response effort; and the communication methods, messaging, and advice to the public used across the 999 system.   

The incident on 25 June 2023 revealed that while there were some incident arrangements in place, these were too slow and incomplete, and there was no single set of cross-system procedures to effectively respond to this type of incident at pace.  The end-to-end 999 system consists of a broad number of entities and partners across the UK who will almost certainly be impacted by any incident affecting PECS, and so a clear and joined-up process is required to respond to serious incidents, especially those that impact on (or have the potential to impact upon) multiple elements within the PECS system.

The time between the issue first occurring and BT’s notification was too long given the severity of the incident, and there were challenges in ensuring the appropriate contacts were informed to ensure a quick response.  The delayed notification period between the incident occurring and BT informing EA partners via email, revealed a range of challenges in how such incidents were escalated within the system.  BT has acknowledged that it should have done better on clear and timely communication with the emergency services and government to keep them informed of events and has put in place a comprehensive improvement plan to prevent this series of events reoccurring, which includes a specific focus on improving communication processes. In addition, all partners should review internal procedures to enable seamless alerting to all appropriate contacts, including out-of-office arrangements.  

The incident highlighted a requirement to establish a cross-999 incident group, with an appropriate membership, which can meet at short notice and provide the required coordination of response efforts.  On the morning of Sunday 25 June, HMG was able to detect apparent issues with the operation of 999 from third parties before formal notification by BT.  There were some response structures and arrangements in place, and three meetings were called by the Cabinet Office which provided a coordination function for the national response with relevant government departments and Devolved Administrations, emergency organisations, BT, and the chair of the 999/112 Liaison Committee.  The arrangement enabled some cross-government coordination, allowing collective decision-making on a number of issues, such as the decision to not issue an Emergency Alert^{[footnote 11]}. However, this event highlighted the requirement to improve existing standing arrangements, which could have been more effective and were sometimes impeded by delayed situational reporting from BT from time of the incident and consistent updates from all stakeholders^{[footnote 12]}. While some emergency response mechanisms are in place, such as the National Emergency Alert for Telecommunications (NEAT), which is well-tested and well-placed to respond to a general emergency affecting the telecommunications sector, the incident highlighted the importance of  having a dedicated emergency response arrangement for 999 incidents to reflect the specific stakeholders involved across the UK – including the right specialists in BT, but also the NHS, police forces, fire and rescue services, HM Coastguard, UK Government and the Devolved Administrations.   

There have not been any comparable 999 outages in the UK in the past, and it was clear that there was no existing central communications plan to ensure that advice to the public remained accurate and consistent across all 999 partners.  This meant that, until approximately 15:45 when HMG released a statement to the media, the public only received advice from regional emergency services, from consequent press reporting, and BT’s statements, rather than an authoritative and consistent national message for the public that could have been issued more quickly.   As a result, the messaging to the public on how they should seek emergency support during an outage of 999 services differed slightly across some regions and emergency organisations, including advice to call alternative numbers such as 101 and 111.  Under the principle of subsidiarity^{[footnote 13]}, it is clear that both emergency services and the central government should have clear and consistent lines of advice prepared in advance, to be able to tailor and issue to the circumstances of any individual incident as quickly as possible, and this could include publicly accessible information, so callers are able to quickly find alternative means of contacting the emergency services in future. 

The collective response to the incident was not as efficient as it could have been due to these three issues (notification, coordination, and communication).  As a result, some processes were affected and important stakeholders, such as Local Resilience Forums, delayed the implementation of multi-agency arrangements to support the response effort.  This also caused confusion in understanding who had been consulted and what decisions had already been made throughout the incident. 

Whilst this specific technical issue was unique to BT, and BT play an important role in the PECS as the entry point for calls, any significant disruption in other parts of the PECS system could cause similar knock-on impacts. It is evident that partners would also not have had the appropriate arrangements and means to adequately notify others, coordinate a system-wide response, and communicate a consistent message to the public.  For example, a technical failure across EA control rooms could have resulted in a similar knock-on impact across the system seen on the 25 June and the response would have been constrained in the same way due to the lack of agreed cross-PECS incident procedures.

Resilience of the end-to-end 999 PECS System  

Any failure in any part of the 999 system is likely to impact other parties who are involved in the end-to-end process, and so the 999 Public Emergency Call Service (PECS) cannot be considered resilient unless the whole end-to-end system is resilient.  This includes BT, but also all four of the emergency authorities’ control rooms based in 144 locations around the UK.  Depending on the scale of an issue and the extent to its impact, any incident occurring across any part of the PECS could have a significant impact on the entire system.  Therefore, a whole end-to-end perspective needs to be applied in order to assess and determine the overall resilience of the system.

The cause behind the incident on 25 June, related to a complex software issue. BT confirmed, they have notified the software vendor of the fault, and the vendor has confirmed they do not have other customers with this product in the UK. While this particular software issue affected BT’s system, all parts of the 999 system rely on complex software platforms to process calls and deliver the service for citizens, and so all parts of the PECS system need to ensure resilience against these risks as part of their overall risk management and business continuity arrangements. 

Individual EAs and BT are operationally independent and hold direct responsibility for managing all risks to their operations, ensuring the continued functionality of the 999 system.  There is strong evidence of robust business continuity plans and risk management across all EAs and BT, which are regularly tested and reviewed; although these are often done in isolation (e.g. BT only, or across one EA control room) and HMG oversight is limited.  Clear service level expectations also exist across the system, with some EAs - such as Police - expected to answer 90% of calls within ten seconds.  BT is also set the target of answering 95% of calls within five seconds by Ofcom^{[footnote 14]}. In addition, the PECS end-to-end system is well prepared for upcoming technological changes, such as the ongoing migration from the ageing Public Switched Telephone Network (PSTN) to Voice-over-Internet Protocol (VoIP) by 2025; although, it should be clarified that the incident on 25 June was not related to the PSTN migration, and the benefits of VoIP are likely to present a range of opportunities for the 999 system.

Although existing, robust arrangements make the PECS end-to-end system resilient to a range of risks, a whole-of-system approach to resilience would prove beneficial to test areas of overlap and to highlight potential vulnerabilities that may exist across the 999 service.  The system-wide resilience to the risk of a prolonged power outage provides an example of such strong existing resilience, with both EAs and BT able to continue 999 operations for days without a mains power supply^{[footnote 15]}. While the 999 system is clearly resilient to certain significant risks, there may be value in testing the whole-system together to test against a variety of risks, identifying any gaps or vulnerabilities across the many partners involved in providing the service.  The incident on Sunday 25 June (and this subsequent review process) has not only highlighted issues with BT’s backup procedures (which have already been improved), but also discrepancies with other contingencies that are often relied upon.  For example, in the absence of the availability of 999 for some of 25 June, the public were advised to use the non-emergency numbers 101 and 111 to seek emergency support from police and ambulance services (respectively) in the absence of 999, but this is not applicable for some parts of the UK such as Northern Ireland.  Similarly, the Fire & Rescue service and HM Coastguard do not currently provide any alternative means for the public to contact them should 999 be disrupted.  Such findings from system-wide exercises and testing will prove invaluable in ensuring that the PECs system can be strengthened further and – most importantly – that the safety and security of the public can continue to be protected.  

Recommendations

In light of the immediate value of strengthening the resilience of the PECS wherever possible, a number of the following recommendations have already been delivered or are now underway.  These recommendations are set out in descending order of priority.

Strengthening the end-to-end 999 PECS System  

Recommendation 1: BT to strengthen its resilience of BT’s 999 platform, including the backup system and activation procedures.  The procedure to activate the backup system failed on Sunday 25 June largely due to the complexity of the process and has now been simplified.  In addition, the backup system provided more limited functionality and BT has committed to urgently improving the capabilities of the 999 platform, including the backup system, to ensure all information can be provided to the EAs when required (e.g. location data).  A significant number of these improvements have already been made or are in the process of being implemented, and BT continues to provide regular progress updates on its improvement plans to all partners, whenever required.  [COMPLETED]

Recommendation 2:  All EAs and BT ensure that risk management and business continuity plans remain appropriate to the range of risks to their operation of the 999 PECS, and that any insights relating to cross-cutting risks are shared with all partners of the 999 PECs end-to-end system. Acknowledging that this incident was only one fault within one part of the system, all EAs and BT should continue to strengthen the resilience of their respective areas to prepare for all risks that have the potential to disrupt the 999 PECS service, and share any findings with other PECS partners where impacts are likely to affect more than one area of the 999 PECS system.  Where relevant, EAs and BT should draw on the expertise from technical authorities, such as the National Cyber Security Centre and National Protective Security Authority, consider the use of technical-level forums via the NICC^{[footnote 16]} or 999 Liaison Committee for cross-PECS discussions, and make reference to the 2023 National Risk Register^{[footnote 17]}. [ENDURING]

Preparedness to respond to Future 999 PECS Incidents  

Recommendation 3:  HMG to establish a cross-PECS incident notification procedure and coordination group. Wherever possible, the principle of subsidiarity should also be maintained with partners empowered to take decisions at the operational level and coordination done at the highest necessary level.  However, it was clear that the response to the 999 incident on 25 June was not as efficient as it could have been, and firm processes relating to notification, coordination, and communications have now been established.  Following this principle and after collective agreement from all PECS partner on 17 July 2023, a nationwide 999 Strategic Incident protocol was established, consisting of: a formalised procedure to notify all relevant partners involved in the 999 end-to-end process in the right way within a reasonable timeframe; the provision of all appropriate contacts in all other organisations, with an established forum to convene at pace, if required; and aligned nationwide public messaging that can be issued in the event of an incident. An initial test of this new protocol was successfully completed on 14 July 2023, and it will be tested regularly as part of good practice. [COMPLETED]

Recommendation 4:  Cabinet Office to lead the coordination of all responsible departments in order to clarify existing responsibilities and accountability for the entire end-to-end PECS system and determine improved governance arrangements by the end of April 2024.  Given the importance of 999 to UK citizen’s safety and security, and the number of delivery partners involved in the 999/112 PECS process, the Cabinet Office – in conjunction with all relevant departments – will increase oversight of the end-to-end resilience of the service, which will help all partners to support one another more effectively in strengthening the end-to-end resilience of the 999/112 PECS system, and in responding to any future incident.  Any new governance arrangements for 999 will reflect the core principles for the UK’s overall approach to resilience as set out in the UK Government Resilience Framework, including ensuring that:  

• there is a shared understanding of civil contingencies risks to the 999 PECS, and that risk management effort is appropriately balanced across the risk cycle - anticipation, assessment, prevention, mitigation, response, and recovery;
• responsibilities and accountabilities for 999 are clear, coordinated, and coherent (including ministerial responsibilities); and,
• the understanding of national and local risks is dynamic, driven by data and insight where appropriate, and informed by the best UK and international expertise and experience. [BY END APRIL 2024]

Recommendation 5:  Cabinet Office to coordinate with DHSC, DSIT, HO, DfT, DLUHC, DA’s, BT.  communication teams to develop appropriate public advice that can be used for a number of scenarios involving disruption to 999, and ensure any advice is applicable across the UK by the end of April 2024.  Plans will include an appropriate list of channels and key stakeholders to amplify the advice, so that this advice can quickly be tailored to the circumstances of any future incident and issued by the relevant authority.  This deployment of this advice will be included in the exercising outlined in recommendation R6. [BY END APRIL 2024]

Recommendation 6:  Cabinet Office to coordinate an exercise to test the resilience of the 999 PECS system to future incidents, following completion of the above recommendations. This exercise should include appropriate representation from partners across the PECS system, such as LGDs for the various EAs (HO, DHSC, DfT), BT (and DSIT as its LGD), Cabinet Office, DLUHC, the EAs, and the DAs. The exercise should test: 

• the effectiveness of the HMG 999 Response Framework in a range of PECS system disruption scenarios (established by R3);
• the roles and responsibilities of the above parties in a disruption to the PECS system against the principles of subsidiarity (established by R4); and,
• relevant public advice and clearance processes for any communication messaging during an incident (established by R5). [AFTER APRIL 2024]

Annex A: illustration of the 999 call process

Annex A: illustration of the 999 call process.

Annex B: timeline of incident on Sunday, 25 June 2023

Time	Activity	Phase
06:24	BT call handling agents report encountering call cut offs.	Disruption
07:02	BT raises the incident.	Disruption
07:20	BT hosts an internal conference bridge to bring together technical specialists from across the BT Group.	Disruption
07:25	BT makes the decision to move all 999 calls from the affected  primary platform to the backup system.	Disruption
07:31	BT activates the procedure to move from the primary 999 platform onto the backup system.	Denial
07:46	BT recognised that the transfer to the backup system had failed.	Denial
08:01	BT notifies Emergency Authorities of the incident by email.	Denial
08:20	BT classifies the incident as a Serious Incident.	Denial
08:44	BT Group Civil Resilience team are notified and join response effort.	Denial
08:50	BT successfully completes the full transfer onto the backup system with all 999 calls now routed via BT’s backup system.	Delay
09:05	BT notifies Ofcom of the incident by phone.	Delay
09:35	BT issues its first media statement.	Delay
09:45	BT notifies the Department for Science Innovation and Technology (DSIT), Ofcom, and Devolved Administrations of incident by email.	Delay
11.15	Cabinet Office hosts first 999 incident coordination call.	Delay
13:30	Cabinet Office hostssecond 999 incident coordination call.	Delay
14:52	BT starts to move calls and agents back onto the primary 999 platform.	Delay
16:56	BT confirms all services have returned to operating on BT’s primary 999 platform.	Delay
17:00	Cabinet Office hosts third and final 999 incident coordination call.	Delay
17:18	BT closes the incident.	Delay

1. 112 is also used to access the relevant emergency services across most European countries and remains in effect in the UK following EU Exit.  Calls via 112 are identical to 999 calls in the UK. ↩

2. Annex A illustrates the 999 end-to-end call process with reference to the three stages. ↩

3. BT Group, referred to as BT in this report. ↩

4. Other emergency services can also be reached through the 999/112 service but do not necessarily have 24/7 dedicated control rooms and are not considered to be PECS partners, including: Lifeboat (volunteer force), Mountain Rescue (volunteer force); Cave Rescue (volunteer force); Mine Rescue (an Employee Benefit Trust); and, Bomb Disposal (provided by HM Armed Forces). ↩

5. BT contracts with Communication Providers (CPs) who are obligated by Ofcom’s General Condition (now A3.2) to ensure uninterrupted access to emergency organisations.  All CPs pay BT to provide the PECS service on their behalf (via commercial contracts) in order to fulfil the A3.2 obligation, and BT is known as the “Call Handling Agent” in this arrangement. ↩

6. For more detailed lists of the different services provided by each EA, see: https://www.nationalfire chiefs.org.uk/fire-and-rescue-services; https://www.police.uk/pu/find-a-police-force; and https://aace .org.uk/uk-ambulance-service/. ↩

7. A full report on the incident was published by BT on its website on 29 June: https://newsroom.bt. com/bt-group-review-999-emergency-call-services-disruption-on-sunday-25-june-2023/.  ↩

8. Details regarding the investigation can be found on Ofcom’s website: https://www.ofcom.org.uk/ about-ofcom/bulletins/enforcement-bulletin/open-cases/bt-999-outage-june-23. ↩

9. Annex B outlines the three phases and key events on Sunday, 25 June.   ↩

10. The 9,641 figure comprises the number of unique callers provisionally identified which were called back by BT, in line with BT’s usual procedures.  If the contact was unsuccessful, BT passed the details onto the police to investigate. Following the incident, this process was completed by 08:16 Wednesday, 28 June. 253 unique callers were not able to be contacted. ↩

11. On this occasion, it was decided that the criteria to send an emergency alert was not met, given the incident was UK-wide and not consigned to specific region to which an alert could be sent and because it was agreed in cross-Government discussions that there was not an urgent need for all members of the public to take an immediate action.  However, there remain clear processes in place to consider using an emergency alert if it was quickly discovered that a local area experienced a 999 outage, and a specific and distinct action for a smaller group of the UK population was required.  ↩

12. BT attended all meetings and provided additional updates throughout the incident, but information provided was sometimes out-of-date given the pace of the response. ↩

13. Subsidiarity is the principle whereby decisions are taken at the lowest appropriate level, with coordination at the highest necessary level.  In practice, this means that most incidents are handled within the capabilities of local agencies and responders, without central involvement.  The principle is at the core of the UK’s overall approach to resilience as set out in the HMG Resilience Framework. ↩

14. Ofcom guidance stipulates that all communications must be answered within 5 seconds 95% of the time, measured in 15-minute intervals; set out in this statement:  https://www.ofcom.org.uk/__data/ assets/pdf_file/0028/220879/statement-emergency-video-relay.pdf ↩

15. However, there remains a separate issue relating to the resilience of the public telecommunications networks during a power outage which may affect a citizen’s access into the 999 system, but this issue is out-of-scope for this Review.  The Secretary of State for DSIT has asked Ofcom to review how all communications providers are meeting the needs of their customers. The government continues to liaise with Ofcom to understand what may be considered appropriate and proportionate, while also working in partnership with the energy sector and its regulator - Ofgem - to better understand the co-dependencies and improve our joint approach to building resilience for the future. ↩

16. NICC is a technical forum for the UK communications sector that develops interoperability standards for public communications networks and services in the UK, more information can be found here: https://niccstandards.org.uk/.   ↩

17. The 2023 National Risk Register has recently been published and can be found here: https://www. gov.uk/government/publications/national-risk-register-2023. ↩