High risk vendors in the telecommunications sector: key updates
09 February 2021
In the UK, in November 2020, the UK Government introduced the Telecommunications (Security) Bill 1 (the Bill) into the UK’s Parliament. The Bill seeks to introduce a new regulatory framework for telecommunications security in the UK. The Bill would place stronger security-related duties and responsibilities on telecoms companies and would grant Ofcom, the UK’s communications regulator, new enforcement powers. Additionally, and building on the UK Government’s previous announcements in relation to so-called HRVs, the Bill would give the Secretary of State powers to impose directions on “public communications providers” (Providers) 2 in relation to HRVs, which the Bill refers to as “designated vendors”. The Bill was accompanied by a roadmap 3 relating to the removal of HRVs from the UK’s telecoms network (the Roadmap) and a 5G supply chain diversification strategy 4 (the Strategy). Similar measures to the Bill have been adopted or will be adopted in the Netherlands and Belgium.
In this article, we examine the key features of the Bill relating to “designated vendors”, the Roadmap and the Strategy. We also outline the Dutch and Belgian governments’ recent legislative responses to the issues created by HRVs, and set out the EU-level backdrop.
2. This includes companies such as BT, Vodafone and Virgin Media that provide networks and/or services that are wholly or mainly used by the public.
3. UK Government, Press release, Roadmap to remove high risk vendors from telecoms network, published 30 November 2020 (available here: https://
4. UK Government, Guidance, 5G Supply Chain Diversification Strategy, last updated 7 December 2020 (available here: https://www.gov.uk/