Hi All,
In December 2018, a new set of telecom rules called the European Electronic
Communications Code (abbreviated as EECC) was adopted. The EECC updates the EU
telecom package of 2009 and paves the way for the roll out of fibre, very high capacity networks
and next generation mobile networks (5G), which will create jobs and growth, enable new
application scenarios like internet of things (IoT) and new business models. An important part of
the EECC is consumer protection2 and security of electronic communications. EU countries
have to transpose this EU directive into national law by 21 December 2020.
Article 40 of the EECC, which replaces the above-mentioned Article 13a, contains detailed
security requirements for electronic communication providers. Article 41 of the EECC, which
replaces Article 13b, outlines how competent authority can enforce these security requirements.
Although the security requirements under the EECC are similar to the security requirements
under the Framework directive, there are important differences. An overview of the main
differences can be found in an ENISA policy paper about the EECC. As with Article 13a, ENISA
will support the EU Member States with the implementation of Article 40 of the EECC, to ensure
there is an effective, efficient, and harmonized approach to security supervision across the EU.
To reflect this legislative change the Article 13a group has changed its name to ECASEC,
European Competent Authorities for Secure Electronic Communications.
This document, the Guideline on Security Measures under the EECC, provides guidance to
competent authorities about the technical details of implementing Articles 40 and 41 of the
EECC: how to ensure that providers assess risks and take appropriate security measures.
------------------------------
Michael Roza CPA, CISA, CIA, MBA, Exec MBA
------------------------------