Draft Version 0 - slovensko.skDraft Version 0.5 About ENISA The European Network and Information...
Transcript of Draft Version 0 - slovensko.skDraft Version 0.5 About ENISA The European Network and Information...
December 2011
State of Play 2011
Article13a Implementation
Article 13a Implementation
State of Play in EU Member States
Draft Version 0.5
About ENISA
The European Network and Information Security Agency (ENISA) is a centre of expertise for the
European Union (EU), its Member States (MS), the private sector and Europe’s citizens. As an EU
agency, ENISA’s role is to work with these groups to develop advice and recommendations on good
practice in information security. The agency assists MS in implementing relevant EU legislation, and
works to improve the resilience of Europe’s critical information infrastructure and networks. In
carrying out its work programme, ENISA seeks to enhance existing expertise in MS by supporting the
development of cross-border communities committed to improving network and information security
throughout the EU.
Contact details
For contacting ENISA or for general enquiries on Article13a Implementation, please use the following
details:
Authors: Dimitra Liveri, Marnix Dekker
E-mail: [email protected]
Internet: http://www.enisa.europa.eu
Legal notice
Notice must be taken that this publication represents the views and interpretations of the authors and editors, unless stated otherwise. This publication should not be construed to be a legal action of ENISA or the ENISA bodies unless adopted pursuant to the ENISA Regulation (EC) No 460/2004 as lastly amended by Regulation (EU) No 580/2011. This publication does not necessarily represent state-of the-art and ENISA may update it from time to time.
Third-party sources are quoted as appropriate. ENISA is not responsible for the content of the external sources including external websites referenced in this publication.
This publication is intended for information purposes only. It must be accessible free of charge. Neither ENISA nor any person acting on its behalf is responsible for the use that might be made of the information contained in this publication.
Reproduction is authorised provided the source is acknowledged.
© European Network and Information Security Agency (ENISA), 2011
Article 13a Implementation
State of Play - 2011
3
Executive Summary
Directive 2009/140/EC of the European Parliament and of the Council amends Directive
2002/19/EC, on access to, and interconnection of, electronic communications networks
and associated facilities, Directive 2002/20/EC on the authorization of electronic
communications networks and services, and Directive 2002/21/EC, on a common
regulatory framework for electronic communications networks and services. The directive
asks ENISA to contribute to the security of electronic communications and to contribute to
the harmonization of technical and organizational security measures taken by the Member
States.
Paragraphes 1 and 2 of Article 13a state that MSs should ensure that providers of public
communication networks take measures to guarantee security and integrity of these
networks and to ensure continuity of services provided over these networks 1. Paragraph 3
of Article 13a says that the MSs should report about significant security breaches and
losses of integrity to the EC and ENISA.
In 2010, ENISA, the European Commission (EC), Ministries and Telecommunication
National Regulatory Authorities (NRAs), initiated a series of meetings (workshops,
conference calls) to achieve a harmonized implementation of Article 13a. In these
meetings, a working group of representatives of NRA’s and EC reached consensus about
two technical non-binding documents.
ENISA last year published by the end of 2010 the status of the implementation of article
13a across Europe; after one year and since the transposition deadline was last May, some
modifications took place. In this report, a summary of the decisions made and the status
of the implementation of Article13a in each country will be described.
1 In technical jargon this would be called network availability.
Article 13a Implementation
State of Play 2011
4
Contents
Introduction ......................................................................................................................................... 5
State of Play ......................................................................................................................................... 6
List of Competent Authorities ............................................................................................................. 19
Article 13a Implementation
State of Play - 2011
5
Introduction In this document ENISA describes the status of the implementation and transposition of
Article13a throughout Europe. This document will be published annually in the ENISA
portal for the awareness of the stakeholders. This year ENISA takes a snapshot of the
situation in all the 27 Member States.
The present document has a threefold objective:
to provide to Member States an update on the current state of play in the European
Union with regards to the transposition and implementation of Art.13 a
to verify the consensus points and differences across EU
to inform the stakeholders on the national regulatory authority in charge of the
implementation of Article13a provisions.
Article 13a Implementation
State of Play 2011
6
State of Play ENISA collected information and input from all (27) Member States. The transposition
deadline was the 25th of May 2011. The status of the implementation of article 13a in
each country differs and in this report we will summarize it for country, providing as well
details for the highlights and challenges they faced or will face in the future.
Austria
The Federal Ministry for Transport, Innovation and Technology drafted the amendment to
the Telecommunications Act 2003 which includes the obligations under Article 13a. The
government submitted the government bill to the parliament. The National Council (first
chamber of the Austrian Parliament) passed the law on 19 October 2011. The Federal
Council (second chamber) will deliberate it on 4 November 2011. The amendment is
expected to get into force after announcement in the middle of November 2011. Section
16a of the Telecommunications Act 2003 as amended contains provisions on security and
integrity. The competent authorities for enforcement of Section 16a will be primarily the
Austrian Regulatory Authority for Broadcasting and Telecommunications (RTR) and the
Telecom-Control Commission (TKK). In particular, the TKK will be the competent authority
for security audits, and RTR will be the competent authority for other provisions. Fining
authorities will be the telecommunication offices. Notwithstanding these responsibilities,
KommAustria is the competent authority for networks and services used for broadcasting.
RTR, TKK, and KommAustria are interdependent in that RTR is the office of TKK and
KommAustria.
RTR and private sector associations are meeting regularly for discussing security issues.
Meetings with operators are planned for the near future. RTR will use the ENISA Technical
Guidelines as supportive documents to develop the reporting scheme.
Highlights and future steps: The Ministry can enact second order legislation after
hearing the regulatory authority. Possible subjects of second order legislation are security
of network operations, maintenance of network integrity, interoperability of services,
precautionary security measures, details of security guidelines, and actions to be taken
after security breaches.
Challenges: It is not yet clear when second order legislation will be enacted and whether
it will be enacted at all. Enforcement of Section 16a without second order legislation will be
a major challenge.
Belgium
The draft bill which has still to pass through the following steps before its adoption:
Article 13a Implementation
State of Play - 2011
7
- Second lecture by the Council of Ministers
- Second dialog with the federated entities;
- Discussion and vote at the Chamber of representatives
- Eventually, but still not defined, evocation at the Senate level
The competent regulatory authority for implementing Article13a provisions is BIPT.
Highlights and future steps: none
Challenges: none
Bulgaria
The article has been transposed in the Electronic Communications Amendment Act. The
Act was adopted by the Council of Ministers in June 2011. Then it was submitted to the
National Assembly. The Act is now in the final phase – second reading. Bearing in mind
that the Act has undergone broad public consultation and that the amendments suggested
by the Members of Parliament are not numerous, there are high hopes the Act will be
passed by the National Assembly by the end of the year.
The competent authority for the implementation of the Article13a amendments is the
Communications Regulation Commission.
Highlights and future steps: passing of the Electronic Communications Amendment Act.
Challenges: none
Cyprus
The drafting of the relevant primary legislation was concluded in May and is now in
Parliament waiting for the approval/voting process and comments. It is expected that to
come into force by the end of the year. The drafting of secondary legislation in this area
has started and will amend existing legislation as well as introduce new provisions which
will cover the requirements of the Framework Directive.
OCECPR is the competent authority responsible for the implementation of Article 13a.
OCECPR is intending to use as supportive documents the Technical Guidelines for Incident
Reporting as drafted by ENISA, with contributions from the Member States.
Article 13a Implementation
State of Play 2011
8
Highlights and future steps: The primary legislation is awaiting approval by Parliament
and secondary legislation is currently being prepared.
Challenges: Some concerns have been raised by the operators under OCECPR's
jurisdiction regarding the confidentiality of the incident reports that they will provide.
OCECPR plans to discuss these concerns with the relevant stakeholders and mitigate their
concerns so that Article 13a implementation can successfully continue.
Czech Republic
The Senate discussed the bill on the 26th October 2011 and returned it back to the
Chamber of Deputies with amendments. The Chamber of Deputies will discuss the in
December. Expected date of entry into force is 1st February 2012. The scope and form of
the provision of information will be stipulated by the Czech Telecommunication Office
through an implementing legal regulation.
Highlights and future steps: production of the implementing legal regulation.
Challenges: none
Denmark
The Act on Electronic Communications Networks and Services (Act No. 169 of 3 March
2011) and secondary legislation regarding information security and emergency
preparedness came into force the 25th of May 2011 (Executive Order No. 445 of 11 May
2011). The latter describes the context of application which is “to ensure information
security, including protection of personal data, in connection with the provision of public
electronic communications networks and services as well as emergency preparedness
planning in order to be able, in an emergency situation, to continue essential activities in
society carried out by means of electronic communications networks and services”.
The transposing authority was the National IT and Telecom Agency (NITA). However, since
NITA was closed due to changes of government in the beginning of October 2011, the field
of information security confer the above mentioned legislation has been transferred to the
Ministry of Defence. The ministry as such is currently the supervising authority and a
Project Office for Cyber Security within the ministry oversees the compliance with the
obligations of the legislation.
Article 13a Implementation
State of Play - 2011
9
Highlights and Future Steps: The highlight from the Danish process has been the on-
going dialog with the main national providers, which has ensured a constructive
contribution of practical insight to the process of drawing up applicable rules. Hence,
providers has been informed in due time about the new regulation, which is expected to
facilitate the process of establishing appropriate measures and notification procedures.
Next steps are to follow up on these measures and procedures and in that respect the
Project Office for Cyber Security shall include the ENISA guidelines.
Challenges: none
Estonia
The Ministry of Economic Affairs and Communication drafted the amendment to the
Electronic Communications Act which now includes the obligations under article 13a. The
Act entered into force 25.05.2011 and the amendments are basically an exact copy from
article 13a.
The competent authorities for the implementation of article 13a are Ministry of Economic
Affairs and Communication but also Estonian Technical Surveillance Authority (ETSA)
(www.tja.ee).
Highlights and future steps: In July 2011 ETSA issued a basic guidance to telecom
service providers for incident reporting. Since then the reporting has started. At the
moment there are no plans for issuing lower regulation to set the security obligations in
detail. The competent authorities are observing developments in other EU member states
regarding art 13a.
Challenges: none
Finland
The article 13a has been fully implemented in Finland on 26.5.2011. Finland has already a
mandatory reporting scheme in place and most likely it could considered to be already
compliant with the provisions of article 13 a. The amendments to the existing Law and
Regulation are in a draft stage; the draft regulation goes beyond the strict implementation
of the obligation of reporting incidents. FICORA will be the competent authority as referred
in the text of Article13a, and will implement the amendments of Article13a.
Highlights and future steps: the mplementation of Article13a
Article 13a Implementation
State of Play 2011
10
Challenges: none
France
The Ministry of Industry is in charge of the transposition of the Telecommunications
package into the French Law. The first step was achieved with the promulgation of the
Electronic communication Act n° 2011-1012 (dated 24 August 2011). This Act includes the
amendments to the Post and Electronic Communications Code which are needed so as to
transpose telecom directives at legislative level. As far as article 13a transposition is
concerned, this Act (see article 5) provides for an obligation for the operators to put in
place security measures and notification process.
In order to complement the transposition, a secondary legislation (regulation level) is still
in preparation. This draft of regulation should include a text very similar to the article 13a
and should also clarify which are the national competent authorities responsible for
implementation of these measures. This draft of regulation was submitted to a public
consultation, including of course operators, and has now still to go through the inter-
ministerial process. We are now in the final step and it is expected that this regulation be
issued very shortly.
Lastly, it is not decided yet whether additional lower regulation should be necessary for
implementing technical measures such as the ENISA technical guidelines for incident
reporting and for minimal security measures.
Highlights and future steps: submission of the draft regulation.
Challenges: none
Germany
The Federal Ministry of Economics and Technology drafted the amendment to the
Telecommunications Act which includes the obligations under Art.13a. The government
submitted the law to the parliament for consultation which has passed the law in October
2011. The law is expected to get into force end of this year after the approval of the
Federal Council of Germany.
The competent authority for the implementation of the amendments is the
Bundesnetzagentur.
Article 13a Implementation
State of Play - 2011
11
Highlights and future Steps: The Bundesnetzagentur is going to publish a catalogue
with security requirements that will be consolidated with the providers and is also
developing a national reporting template.
Challenges: none.
Greece
The new law for Telecommunications which includes the amendments of article13a is
ready since last May and will be transposed. National changes in the governmental state
put the transposition on fold until further notice. The competent regulatory authority which
is responsible for the implementation is EETT. EETT has been communicating the Minimum
Security Guidelines to the operators and received comments.
Highlights and future Steps: EETT will decide on the provisions of the secondary law,
going more in depth on the reporting provisions, parameters and thresholds; EETT will use
as baseline the ENISA documents.
Challenges: none
Hungary
The law in Hungary has been transposed partially. The third paragraph of article 13a,
where the reporting scheme is mentioned, is not transposed yet. The competent national
regulatory authorities for implementing article13a will be the ministry for Public
Information Technology and the national telecommunications authority.
Highlights and future steps: the law has been transposed.
Challenges: none
Ireland
The Directive was transposed in Ireland on the 1st of July. When completed Ireland
anticipates that it will use the ENISA MSM document as guidance in respect of assessing
operators' obligations around Article 13a. Operators are now required to report incidents
as per the Directive (and now the Regulations) but following conclusion of the ENISA
reporting templates we will be issuing guidance on the format of the reports and the
Article 13a Implementation
State of Play 2011
12
appropriate scale to trigger reporting. The competent authority responsible for Article13a
implementation is ComReg.
Highlights and future steps: Providing guidance to operators in respect of reporting
templates following finalisation of the ENISA document.
Challenges: none
Italy
The Ministry for Economic Development – Communication Department drafted the
amendments to the Electronic Communication Code 2003. This new code, containing the
article 13a provisions, will come into force when the Italian Parliament will issue the
specific law that authorizes the transposition of this directive and of the other directives
that Italy should transpose during this year.
The competent authority for Article 13a implementation is the Ministry of Economic
Development. The guidelines from ENISA will constitute the baseline for the second-level
legislation to be adopted for the actual implementation of article 13a.
Highlights and future steps: the law has been submitted for transposition.
Challenges: none
Latvia
Norms of the directive have been transposed with Information Technologies Security Law.
This law has been adopted on October 28, 2010 and come in to force as of 1 February
2011. The report will focus on issues with significant impact. Competent authority for the
implementation of Article 13a in Latvia is the Information Technologies Security Incident
Response Institution (CERT.LV).
Highlights and future steps: The law is in place since February 2011.
Challenges: none
Article 13a Implementation
State of Play - 2011
13
Lithuania
The Electronic communications act that is covering now networks security and integrity
has been transposed at the 1th of August 2011.
The competent authority which will implement the amendments of Article13a is the
Communications Regulatory Authority there are established mandatory reporting scheme
in place compliant with the provisions of article 13 a. All the appropriate measures to
receive reports of breaches of security in the Telco sector are in place.
Highlights and future steps: The law has been transposed.
Challenges: none
Luxemburg
The Telecommunications Act has been transposed by 27th February 2011. The competent
authority in Luxemburg is the national regulator ILR (Institut Luxembourgeois de
Régulation). ILR has launched a general questionnaire to the operators and service
providers about the technical and organizational network security matters. After the
evaluation process the collected information will be compared to the “Technical
Recommendations for Minimum Security Measures” from ENISA and ILR intends to issue
guidance on the implementation of MSM and reporting of major incidents in line with the
ENISA documentation. For the implementation of the amendments and auditing, it is
envisaged to get external advice.
Highlights and future steps: With regard to the adopted documents and reporting, ILR
is expecting further guidance from ENISA, based on the experiences gained in this area.
Challenges: According to legislation the spectrum of operators and service providers to
be consider is very wide spread. It ranges from incumbent operators to medium and small
service providers till cable TV operators with only very few customers.
Malta
The law was transposed into national law on July 2011. It introduced a separate area for
critical sectors that caters for international connectivity. The competent authority for
implementing the Article13a was MCA. The draft reports of ENISA were set for public
consolidation from the site of the agency.
Article 13a Implementation
State of Play 2011
14
Highlights and future steps: The MCA will develop guidelines in conjunction with the
operators in order to ensure that the regulations are adhered to. From the date of entry
into force the MCA, will closely follow how the reporting of incidents will develop and
ensure that all operators are in line with their obligations with regards to service integrity.
Challenges: The main challenge is to strike the right balance between the level imposing
security measures and the cost to deliver such measures considering the economy of
scales in Malta and the current economic situation.
Netherlands
The Ministry of Economic Affairs, Agriculture and Innovation drafted the amendment to the
Telecommunications Act which includes the obligations under Art.13a. The amendments
are in general a one to one copy from article 13a. The government submitted the law to
the parliament for approval in March 2011. However, approval is still pending because of
parliamentary questions regarding other amendments coming from the NRF than Article
13a. The law is expected to get into force in January 2012.
In parallel to that the ministry is developing lower regulation through which the obligations
are implemented in detail. The ministry has consulted the providers of critical
telecommunications services and networks via the National Forum on Continuity several
times to obtain comments and suggestions during developing the lower regulation and
regarding the several drafts of the ENISA MSM guide. Furthermore, the lower regulation is
subject of a public consultation until November 14th.
The ministry has taken the approach to align the lower regulation as much as possible with
the ENISA guides, which is not a difficult task because in the Netherlands similar formal as
well as informal structures exist which resemble article 13a obligations.
Lower regulation is expected to enter into force in spring 2012. The competent authority
for the implementation of article 13a is the Radiocommunications Agency (part of the
Ministry of Economic Affairs).
Highlights and future steps: The Ministry does not foresee any major new steps
regarding the implementation of article 13a. From the date of entry into force both
organisations, the Agency together with the Ministry, will closely follow how the reporting
of incidents will develop. Also media activity will be scheduled to inform the telecom sector
as a whole on the new obligations.
Challenges: To find the right balance between the level imposing security measures and
not hampering business development.
Article 13a Implementation
State of Play - 2011
15
Poland
Transposition of article 13a TFD in Poland involves many authorities including minister
responsible for telecommunication (previously Minister of Infrastructure and after
November election Minister of Administration and Digitalization), President of Office of
Electronic Communications, Inspector General for the Protection of Personal Data and
Minister of Internal Affairs.
Currently the draft of amendments of Telecommunication Act was prepared on
governmental level it will be send to the Polish Parliament in the nearest future. According
Polish internal legislative procedures on this stage it is in responsibility of minister
responsible for telecommunication.
Highlights and future steps: the draft of the Telecommunications Act will be soon sent
for transposition.
Challenges: none
Portugal
The new law for electronic communications, law nº 51/2011, was published on the 13th of
September. The law transposes the changes to the regulatory framework to the exception
of the e-privacy directive. In what regards articles 13a and 13b, ICP-ANACOM is the
competent national regulatory authority.
Highlights and future steps: In accordance to the law, ICP-ANACOM will now have to
come up with a number of decisions regarding, namely, the implementation measures
related to the reporting requirements. In accordance to the directive this measures will be
adopted following a consultation procedure.
Challenges: The main challenges ahead will regard not only article 13a implementation
but also article 13b, namely what will be the audit scheme adopted.
Romania
Article 13a Implementation
State of Play 2011
16
The Telecommunications' law which includes the amendments of article13a has been
withdrawn from the Parliament and will be adopted by Government emergency ordinance,
drafted by the Ministry for Communications and Information Society and ANCOM. The
competent national authority for the implementation of Article 13a is ANCOM and they are
at this point drafting the secondary legislation which will include the reporting scheme and
will be ready on Q2 of 2012.
Highlights and future steps: ANCOM will decide on the provisions of the secondary
legislation, going more in depth on the reporting provisions, parameters and thresholds as
well as the measures to ensure an adequate level of security and integrity of the networks
and services. ANCOM will use the ENISA Technical Guidelines as supportive documents to
develop secondary legislation.
Challenges: The most important challenge is related to the fact that there is still some
uncertainty about the date of entry into force of the new telecom normative act, although
it is foreseen for the end of this year.
This impacts the ability of ANCOM to enforce the Directives' provisions and also delays the
secondary legislation's drafting.
Slovak Republic
The Telecommunications' package was transposed on the 1st of November 2011 and the
secondary law is not made public yet. Processing of secondary legislation with elaborate
wording of section 13 as directed by ENISA working group is in preparation. We have
prepared the first draft, which is now a reminder. The public consultation is expected
sometime in the course of December. Some non-binding guidelines and instructions from
the working group ENISA Article 13a have been used and useful. The competent
regulatory authority to implement the provisions of Article13a is the technical regulation
branch from the Telecommunication office of the Slovak republic.
Highlights and future steps: none
Challenges: none
Slovenia
The competent regulatory authority for implementing Article 13a provisions is APEK. APEK
(Post and Electronic Communications Agency of the Republic of Slovenia) published in
Article 13a Implementation
State of Play - 2011
17
2008 the General act on protection of secrecy, confidentiality and security of electronic
communications and the retention and protection of telecommunication traffic data. The
General act which has legal basis in the current Electronic Communications Act mandates
all operators to implement necessary organizational and technical security measures
appropriate to the risk presented. The General act, which is based on several international
and national standards and recommendations (e.g. ISO/IEC 27K, ITU-T.X 1051), covers
information security management in general and the information security management in
the telecommunication area.
The draft of the revised regulatory framework has been recently submitted to public
consultation. After conclusions following the public consultation procedure the act will go
into parliament.
Highlights and future steps: After the adoption of the new Electronic Communication
Act, APEK is going to publish the updated General Act which will define necessary
measurements and formulate a reporting template according to the final adoption of the
Technical Guidelines for Reporting Security Breaches and Minimum Security Measures.
Challenges: none
Spain
The transposition of the draft law has stopped (General Elections have been called on 20th
November, 2011, and the parliament is currently closed at the moment of writing this
note). In this law there is not any reporting scheme for telephony services. The competent
authority for implementing Article13a is MITYC (Ministry of Industry, Tourism and Trade).
Highlights and future steps: none
Challenges: none
Sweden
The law has been transposed since the 1st of July. In Sweden there was already there a
voluntary reporting scheme. Detailed requirements will be implemented in regulations
which are expected to enter into force in Q1 2012. Baseline security measures will be a
part of the general advice. The competent regulatory authority implementing Article13a is
PTS.
Article 13a Implementation
State of Play 2011
18
Highlights and future Steps: PTS’ regulations detailing the incident reporting
requirements will be issued during Q1 2012. PTS’ general advice on security measures will
likely be amended during 2012, partly in order to reflect ENISA’s Minimum Security
Measures.
Challenges: none
United Kingdom
The Telecommunications’ package was transposed and came into force on the 25th of May
as amendments to the Communications Act 2003. No secondary legislation or regulations
will be introduced. Instead, Ofcom (the competent authority) published guidance on the
implementation details alongside the new law on the 25th May. This included details of
compliance requirements, the reporting scheme and associated templates, all of which
came into force on the transposition date. The guidance directed operators to the UK’s
ND1643 Minimum Security Standards published by the NICC industry body as suitable
baseline security measures for protecting interconnection
Highlights and future steps: Many operators are now routinely reporting outages above
the thresholds set in Ofcom’s guidance. Initial analysis of these reports was included in a
recent publication about the UK’s infrastructure2. It is planned that the guidance will be
updated if required next year, following publication of the output of the ENISA Article 13a
workshops and experience of operating the new rules. The UK’s guidance and minimum
security standards are closely aligned with the current drafts of the ENISA process.
Challenges: none
2 Full report available here: http://stakeholders.ofcom.org.uk/market-data-research/telecoms-research/broadband-
speeds/comms-infrastructure-report/
Article 13a Implementation
State of Play - 2011
19
List of Competent Authorities
Country Competent Authority to implement Article 13a provisions
Site
Austria Austrian Regulatory Authority for
Broadcasting and Telecommunications
Telecom-Control Commission
http://www.rtr.at/
Belgium Institute Belge des services postaux et des télécommunications
http://ibpt.be
Bulgaria Communications Regulation Commission http://www.crc.bg
Cyprus OCECPR http://www.ocecpr.org.cy
Czech
republic
Czech Telecommunication Office http://www.ctu.eu
Denmark Project Office for Cyber Security – Ministry of Defence
http://www.fmn.dk
Estonia Ministry of Economic Affairs and Communication
Estonian Technical Surveillance Authority (ETSA)
www.tja.ee
Finland FICORA http://www.ficora.fi/
France ANSSI ARCEP
http://www.ssi.gouv.fr/ http://www.arcep.fr/
Germany Bundesnetzagentur www.bundesnetzagentur.de
Greece EETT – Hellenic Post and Telecommunications Commission
http://www.eett.gr
Hungary Ministry of National Development
www.kormany.hu
Italy Ministry of Economic Development http://www.sviluppoeconomico.gov.it/
Ireland ComReg – Commission for Communication Regulations
http://www.comreg.ie/
Latvia Information Technologies Security Incident Response Institution (CERT.LV)
www.cert.gov.lv
Lithuania Communications Regulatory Authority http://www.rrt.lt
Luxemburg ILR- Institut Luxembourgeois de Regulation http://www.ilr.public.lu/ Malta Malta Communications Authority http://www.mca.org.mt/
Netherlands Radiocommunications Agency (part of the Ministry of Economic Affairs)
http://www.narcis.nl
Poland Department of Defence Affairs Office of http://www.uke.gov.pl
Article 13a Implementation
State of Play 2011
20
Electronic Communications
Portugal ANACOM http://www.anacom.pt
Romania ANCOM http://www.ancom.org.ro/
Slovak Republic
Technical Regulation branch from the Telecommunication office of the Slovak Republic
http://www.teleoff.gov.sk
Slovenia APEK - Post and Electronic Communications Agency of the Republic of Slovenia
http://www.apek.si/
Spain MITYC (Ministry of Industry, Tourism and Trade)
Sweden PTS- Swedish Post and Telecommunications Authority
http://www.pts.se
United Kingdom
OfCom - Independent regulator and competition authority for the UK communications industries
http://www.ofcom.org.uk/
Article 13a Implementation
State of Play - 2011
21
P.O. Box 1309, 71001 Heraklion, Greece
www.enisa.europa.eu