December 2011

State of Play 2011

Article13a Implementation

Article 13a Implementation

State of Play in EU Member States

Draft Version 0.5

About ENISA

The European Network and Information Security Agency (ENISA) is a centre of expertise for the

European Union (EU), its Member States (MS), the private sector and Europe’s citizens. As an EU

agency, ENISA’s role is to work with these groups to develop advice and recommendations on good

practice in information security. The agency assists MS in implementing relevant EU legislation, and

works to improve the resilience of Europe’s critical information infrastructure and networks. In

carrying out its work programme, ENISA seeks to enhance existing expertise in MS by supporting the

development of cross-border communities committed to improving network and information security

throughout the EU.

Contact details

For contacting ENISA or for general enquiries on Article13a Implementation, please use the following

details:

Authors: Dimitra Liveri, Marnix Dekker

E-mail: resilience@enisa.europa.eu

Internet: http://www.enisa.europa.eu

Legal notice

Notice must be taken that this publication represents the views and interpretations of the authors and editors, unless stated otherwise. This publication should not be construed to be a legal action of ENISA or the ENISA bodies unless adopted pursuant to the ENISA Regulation (EC) No 460/2004 as lastly amended by Regulation (EU) No 580/2011. This publication does not necessarily represent state-of the-art and ENISA may update it from time to time.

Third-party sources are quoted as appropriate. ENISA is not responsible for the content of the external sources including external websites referenced in this publication.

This publication is intended for information purposes only. It must be accessible free of charge. Neither ENISA nor any person acting on its behalf is responsible for the use that might be made of the information contained in this publication.

Reproduction is authorised provided the source is acknowledged.

© European Network and Information Security Agency (ENISA), 2011

Article 13a Implementation

State of Play - 2011

3

Executive Summary

Directive 2009/140/EC of the European Parliament and of the Council amends Directive

2002/19/EC, on access to, and interconnection of, electronic communications networks

and associated facilities, Directive 2002/20/EC on the authorization of electronic

communications networks and services, and Directive 2002/21/EC, on a common

regulatory framework for electronic communications networks and services. The directive

asks ENISA to contribute to the security of electronic communications and to contribute to

the harmonization of technical and organizational security measures taken by the Member

States.

Paragraphes 1 and 2 of Article 13a state that MSs should ensure that providers of public

communication networks take measures to guarantee security and integrity of these

networks and to ensure continuity of services provided over these networks 1. Paragraph 3

of Article 13a says that the MSs should report about significant security breaches and

losses of integrity to the EC and ENISA.

In 2010, ENISA, the European Commission (EC), Ministries and Telecommunication

National Regulatory Authorities (NRAs), initiated a series of meetings (workshops,

conference calls) to achieve a harmonized implementation of Article 13a. In these

meetings, a working group of representatives of NRA’s and EC reached consensus about

two technical non-binding documents.

ENISA last year published by the end of 2010 the status of the implementation of article

13a across Europe; after one year and since the transposition deadline was last May, some

modifications took place. In this report, a summary of the decisions made and the status

of the implementation of Article13a in each country will be described.

1 In technical jargon this would be called network availability.

Article 13a Implementation

State of Play 2011

4

Contents

Introduction ......................................................................................................................................... 5

State of Play ......................................................................................................................................... 6

List of Competent Authorities ............................................................................................................. 19

Article 13a Implementation

State of Play - 2011

5

Introduction In this document ENISA describes the status of the implementation and transposition of

Article13a throughout Europe. This document will be published annually in the ENISA

portal for the awareness of the stakeholders. This year ENISA takes a snapshot of the

situation in all the 27 Member States.

The present document has a threefold objective:

to provide to Member States an update on the current state of play in the European

Union with regards to the transposition and implementation of Art.13 a

to verify the consensus points and differences across EU

to inform the stakeholders on the national regulatory authority in charge of the

implementation of Article13a provisions.

Article 13a Implementation

State of Play 2011

6

State of Play ENISA collected information and input from all (27) Member States. The transposition

deadline was the 25th of May 2011. The status of the implementation of article 13a in

each country differs and in this report we will summarize it for country, providing as well

details for the highlights and challenges they faced or will face in the future.

Austria

The Federal Ministry for Transport, Innovation and Technology drafted the amendment to

the Telecommunications Act 2003 which includes the obligations under Article 13a. The

government submitted the government bill to the parliament. The National Council (first

chamber of the Austrian Parliament) passed the law on 19 October 2011. The Federal

Council (second chamber) will deliberate it on 4 November 2011. The amendment is

expected to get into force after announcement in the middle of November 2011. Section

16a of the Telecommunications Act 2003 as amended contains provisions on security and

integrity. The competent authorities for enforcement of Section 16a will be primarily the

Austrian Regulatory Authority for Broadcasting and Telecommunications (RTR) and the

Telecom-Control Commission (TKK). In particular, the TKK will be the competent authority

for security audits, and RTR will be the competent authority for other provisions. Fining

authorities will be the telecommunication offices. Notwithstanding these responsibilities,

KommAustria is the competent authority for networks and services used for broadcasting.

RTR, TKK, and KommAustria are interdependent in that RTR is the office of TKK and

KommAustria.

RTR and private sector associations are meeting regularly for discussing security issues.

Meetings with operators are planned for the near future. RTR will use the ENISA Technical

Guidelines as supportive documents to develop the reporting scheme.

Highlights and future steps: The Ministry can enact second order legislation after

hearing the regulatory authority. Possible subjects of second order legislation are security

of network operations, maintenance of network integrity, interoperability of services,

precautionary security measures, details of security guidelines, and actions to be taken

after security breaches.

Challenges: It is not yet clear when second order legislation will be enacted and whether

it will be enacted at all. Enforcement of Section 16a without second order legislation will be

a major challenge.

Belgium

The draft bill which has still to pass through the following steps before its adoption:

Article 13a Implementation

State of Play - 2011

7

- Second lecture by the Council of Ministers

- Second dialog with the federated entities;

- Discussion and vote at the Chamber of representatives

- Eventually, but still not defined, evocation at the Senate level

The competent regulatory authority for implementing Article13a provisions is BIPT.

Highlights and future steps: none

Challenges: none

Bulgaria

The article has been transposed in the Electronic Communications Amendment Act. The

Act was adopted by the Council of Ministers in June 2011. Then it was submitted to the

National Assembly. The Act is now in the final phase – second reading. Bearing in mind

that the Act has undergone broad public consultation and that the amendments suggested

by the Members of Parliament are not numerous, there are high hopes the Act will be

passed by the National Assembly by the end of the year.

The competent authority for the implementation of the Article13a amendments is the

Communications Regulation Commission.

Highlights and future steps: passing of the Electronic Communications Amendment Act.

Challenges: none

Cyprus

The drafting of the relevant primary legislation was concluded in May and is now in

Parliament waiting for the approval/voting process and comments. It is expected that to

come into force by the end of the year. The drafting of secondary legislation in this area

has started and will amend existing legislation as well as introduce new provisions which

will cover the requirements of the Framework Directive.

OCECPR is the competent authority responsible for the implementation of Article 13a.

OCECPR is intending to use as supportive documents the Technical Guidelines for Incident

Reporting as drafted by ENISA, with contributions from the Member States.

Article 13a Implementation

State of Play 2011

8

Highlights and future steps: The primary legislation is awaiting approval by Parliament

and secondary legislation is currently being prepared.

Challenges: Some concerns have been raised by the operators under OCECPR's

jurisdiction regarding the confidentiality of the incident reports that they will provide.

OCECPR plans to discuss these concerns with the relevant stakeholders and mitigate their

concerns so that Article 13a implementation can successfully continue.

Czech Republic

The Senate discussed the bill on the 26th October 2011 and returned it back to the

Chamber of Deputies with amendments. The Chamber of Deputies will discuss the in

December. Expected date of entry into force is 1st February 2012. The scope and form of

the provision of information will be stipulated by the Czech Telecommunication Office

through an implementing legal regulation.

Highlights and future steps: production of the implementing legal regulation.

Challenges: none

Denmark

The Act on Electronic Communications Networks and Services (Act No. 169 of 3 March

2011) and secondary legislation regarding information security and emergency

preparedness came into force the 25th of May 2011 (Executive Order No. 445 of 11 May

2011). The latter describes the context of application which is “to ensure information

security, including protection of personal data, in connection with the provision of public

electronic communications networks and services as well as emergency preparedness

planning in order to be able, in an emergency situation, to continue essential activities in

society carried out by means of electronic communications networks and services”.

The transposing authority was the National IT and Telecom Agency (NITA). However, since

NITA was closed due to changes of government in the beginning of October 2011, the field

of information security confer the above mentioned legislation has been transferred to the

Ministry of Defence. The ministry as such is currently the supervising authority and a

Project Office for Cyber Security within the ministry oversees the compliance with the

obligations of the legislation.

Article 13a Implementation

State of Play - 2011

9

Highlights and Future Steps: The highlight from the Danish process has been the on-

going dialog with the main national providers, which has ensured a constructive

contribution of practical insight to the process of drawing up applicable rules. Hence,

providers has been informed in due time about the new regulation, which is expected to

facilitate the process of establishing appropriate measures and notification procedures.

Next steps are to follow up on these measures and procedures and in that respect the

Project Office for Cyber Security shall include the ENISA guidelines.

Challenges: none

Estonia

The Ministry of Economic Affairs and Communication drafted the amendment to the

Electronic Communications Act which now includes the obligations under article 13a. The

Act entered into force 25.05.2011 and the amendments are basically an exact copy from

article 13a.

The competent authorities for the implementation of article 13a are Ministry of Economic

Affairs and Communication but also Estonian Technical Surveillance Authority (ETSA)

(www.tja.ee).

Highlights and future steps: In July 2011 ETSA issued a basic guidance to telecom

service providers for incident reporting. Since then the reporting has started. At the

moment there are no plans for issuing lower regulation to set the security obligations in

detail. The competent authorities are observing developments in other EU member states

regarding art 13a.

Challenges: none

Finland

The article 13a has been fully implemented in Finland on 26.5.2011. Finland has already a

mandatory reporting scheme in place and most likely it could considered to be already

compliant with the provisions of article 13 a. The amendments to the existing Law and

Regulation are in a draft stage; the draft regulation goes beyond the strict implementation

of the obligation of reporting incidents. FICORA will be the competent authority as referred

in the text of Article13a, and will implement the amendments of Article13a.

Highlights and future steps: the mplementation of Article13a

Article 13a Implementation

State of Play 2011

10

Challenges: none

France

The Ministry of Industry is in charge of the transposition of the Telecommunications

package into the French Law. The first step was achieved with the promulgation of the

Electronic communication Act n° 2011-1012 (dated 24 August 2011). This Act includes the

amendments to the Post and Electronic Communications Code which are needed so as to

transpose telecom directives at legislative level. As far as article 13a transposition is

concerned, this Act (see article 5) provides for an obligation for the operators to put in

place security measures and notification process.

In order to complement the transposition, a secondary legislation (regulation level) is still

in preparation. This draft of regulation should include a text very similar to the article 13a

and should also clarify which are the national competent authorities responsible for

implementation of these measures. This draft of regulation was submitted to a public

consultation, including of course operators, and has now still to go through the inter-

ministerial process. We are now in the final step and it is expected that this regulation be

issued very shortly.

Lastly, it is not decided yet whether additional lower regulation should be necessary for

implementing technical measures such as the ENISA technical guidelines for incident

reporting and for minimal security measures.

Highlights and future steps: submission of the draft regulation.

Challenges: none

Germany

The Federal Ministry of Economics and Technology drafted the amendment to the

Telecommunications Act which includes the obligations under Art.13a. The government

submitted the law to the parliament for consultation which has passed the law in October

2011. The law is expected to get into force end of this year after the approval of the

Federal Council of Germany.

The competent authority for the implementation of the amendments is the

Bundesnetzagentur.

Article 13a Implementation

State of Play - 2011

11

Highlights and future Steps: The Bundesnetzagentur is going to publish a catalogue

with security requirements that will be consolidated with the providers and is also

developing a national reporting template.

Challenges: none.

Greece

The new law for Telecommunications which includes the amendments of article13a is

ready since last May and will be transposed. National changes in the governmental state

put the transposition on fold until further notice. The competent regulatory authority which

is responsible for the implementation is EETT. EETT has been communicating the Minimum

Security Guidelines to the operators and received comments.

Highlights and future Steps: EETT will decide on the provisions of the secondary law,

going more in depth on the reporting provisions, parameters and thresholds; EETT will use

as baseline the ENISA documents.

Challenges: none

Hungary

The law in Hungary has been transposed partially. The third paragraph of article 13a,

where the reporting scheme is mentioned, is not transposed yet. The competent national

regulatory authorities for implementing article13a will be the ministry for Public

Information Technology and the national telecommunications authority.

Highlights and future steps: the law has been transposed.

Challenges: none

Ireland

The Directive was transposed in Ireland on the 1st of July. When completed Ireland

anticipates that it will use the ENISA MSM document as guidance in respect of assessing

operators' obligations around Article 13a. Operators are now required to report incidents

as per the Directive (and now the Regulations) but following conclusion of the ENISA

reporting templates we will be issuing guidance on the format of the reports and the

Article 13a Implementation

State of Play 2011

12

appropriate scale to trigger reporting. The competent authority responsible for Article13a

implementation is ComReg.

Highlights and future steps: Providing guidance to operators in respect of reporting

templates following finalisation of the ENISA document.

Challenges: none

Italy

The Ministry for Economic Development – Communication Department drafted the

amendments to the Electronic Communication Code 2003. This new code, containing the

article 13a provisions, will come into force when the Italian Parliament will issue the

specific law that authorizes the transposition of this directive and of the other directives

that Italy should transpose during this year.

The competent authority for Article 13a implementation is the Ministry of Economic

Development. The guidelines from ENISA will constitute the baseline for the second-level

legislation to be adopted for the actual implementation of article 13a.

Highlights and future steps: the law has been submitted for transposition.

Challenges: none

Latvia

Norms of the directive have been transposed with Information Technologies Security Law.

This law has been adopted on October 28, 2010 and come in to force as of 1 February

2011. The report will focus on issues with significant impact. Competent authority for the

implementation of Article 13a in Latvia is the Information Technologies Security Incident

Response Institution (CERT.LV).

Highlights and future steps: The law is in place since February 2011.

Challenges: none

Article 13a Implementation

State of Play - 2011

13

Lithuania

The Electronic communications act that is covering now networks security and integrity

has been transposed at the 1th of August 2011.

The competent authority which will implement the amendments of Article13a is the

Communications Regulatory Authority there are established mandatory reporting scheme

in place compliant with the provisions of article 13 a. All the appropriate measures to

receive reports of breaches of security in the Telco sector are in place.

Highlights and future steps: The law has been transposed.

Challenges: none

Luxemburg

The Telecommunications Act has been transposed by 27th February 2011. The competent

authority in Luxemburg is the national regulator ILR (Institut Luxembourgeois de

Régulation). ILR has launched a general questionnaire to the operators and service

providers about the technical and organizational network security matters. After the

evaluation process the collected information will be compared to the “Technical

Recommendations for Minimum Security Measures” from ENISA and ILR intends to issue

guidance on the implementation of MSM and reporting of major incidents in line with the

ENISA documentation. For the implementation of the amendments and auditing, it is

envisaged to get external advice.

Highlights and future steps: With regard to the adopted documents and reporting, ILR

is expecting further guidance from ENISA, based on the experiences gained in this area.

Challenges: According to legislation the spectrum of operators and service providers to

be consider is very wide spread. It ranges from incumbent operators to medium and small

service providers till cable TV operators with only very few customers.

Malta

The law was transposed into national law on July 2011. It introduced a separate area for

critical sectors that caters for international connectivity. The competent authority for

implementing the Article13a was MCA. The draft reports of ENISA were set for public

consolidation from the site of the agency.

Article 13a Implementation

State of Play 2011

14

Highlights and future steps: The MCA will develop guidelines in conjunction with the

operators in order to ensure that the regulations are adhered to. From the date of entry

into force the MCA, will closely follow how the reporting of incidents will develop and

ensure that all operators are in line with their obligations with regards to service integrity.

Challenges: The main challenge is to strike the right balance between the level imposing

security measures and the cost to deliver such measures considering the economy of

scales in Malta and the current economic situation.

Netherlands

The Ministry of Economic Affairs, Agriculture and Innovation drafted the amendment to the

Telecommunications Act which includes the obligations under Art.13a. The amendments

are in general a one to one copy from article 13a. The government submitted the law to

the parliament for approval in March 2011. However, approval is still pending because of

parliamentary questions regarding other amendments coming from the NRF than Article

13a. The law is expected to get into force in January 2012.

In parallel to that the ministry is developing lower regulation through which the obligations

are implemented in detail. The ministry has consulted the providers of critical

telecommunications services and networks via the National Forum on Continuity several

times to obtain comments and suggestions during developing the lower regulation and

regarding the several drafts of the ENISA MSM guide. Furthermore, the lower regulation is

subject of a public consultation until November 14th.

The ministry has taken the approach to align the lower regulation as much as possible with

the ENISA guides, which is not a difficult task because in the Netherlands similar formal as

well as informal structures exist which resemble article 13a obligations.

Lower regulation is expected to enter into force in spring 2012. The competent authority

for the implementation of article 13a is the Radiocommunications Agency (part of the

Ministry of Economic Affairs).

Highlights and future steps: The Ministry does not foresee any major new steps

regarding the implementation of article 13a. From the date of entry into force both

organisations, the Agency together with the Ministry, will closely follow how the reporting

of incidents will develop. Also media activity will be scheduled to inform the telecom sector

as a whole on the new obligations.

Challenges: To find the right balance between the level imposing security measures and

not hampering business development.

Article 13a Implementation

State of Play - 2011

15

Poland

Transposition of article 13a TFD in Poland involves many authorities including minister

responsible for telecommunication (previously Minister of Infrastructure and after

November election Minister of Administration and Digitalization), President of Office of

Electronic Communications, Inspector General for the Protection of Personal Data and

Minister of Internal Affairs.

Currently the draft of amendments of Telecommunication Act was prepared on

governmental level it will be send to the Polish Parliament in the nearest future. According

Polish internal legislative procedures on this stage it is in responsibility of minister

responsible for telecommunication.

Highlights and future steps: the draft of the Telecommunications Act will be soon sent

for transposition.

Challenges: none

Portugal

The new law for electronic communications, law nº 51/2011, was published on the 13th of

September. The law transposes the changes to the regulatory framework to the exception

of the e-privacy directive. In what regards articles 13a and 13b, ICP-ANACOM is the

competent national regulatory authority.

Highlights and future steps: In accordance to the law, ICP-ANACOM will now have to

come up with a number of decisions regarding, namely, the implementation measures

related to the reporting requirements. In accordance to the directive this measures will be

adopted following a consultation procedure.

Challenges: The main challenges ahead will regard not only article 13a implementation

but also article 13b, namely what will be the audit scheme adopted.

Romania

Article 13a Implementation

State of Play 2011

16

The Telecommunications' law which includes the amendments of article13a has been

withdrawn from the Parliament and will be adopted by Government emergency ordinance,

drafted by the Ministry for Communications and Information Society and ANCOM. The

competent national authority for the implementation of Article 13a is ANCOM and they are

at this point drafting the secondary legislation which will include the reporting scheme and

will be ready on Q2 of 2012.

Highlights and future steps: ANCOM will decide on the provisions of the secondary

legislation, going more in depth on the reporting provisions, parameters and thresholds as

well as the measures to ensure an adequate level of security and integrity of the networks

and services. ANCOM will use the ENISA Technical Guidelines as supportive documents to

develop secondary legislation.

Challenges: The most important challenge is related to the fact that there is still some

uncertainty about the date of entry into force of the new telecom normative act, although

it is foreseen for the end of this year.

This impacts the ability of ANCOM to enforce the Directives' provisions and also delays the

secondary legislation's drafting.

Slovak Republic

The Telecommunications' package was transposed on the 1st of November 2011 and the

secondary law is not made public yet. Processing of secondary legislation with elaborate

wording of section 13 as directed by ENISA working group is in preparation. We have

prepared the first draft, which is now a reminder. The public consultation is expected

sometime in the course of December. Some non-binding guidelines and instructions from

the working group ENISA Article 13a have been used and useful. The competent

regulatory authority to implement the provisions of Article13a is the technical regulation

branch from the Telecommunication office of the Slovak republic.

Highlights and future steps: none

Challenges: none

Slovenia

The competent regulatory authority for implementing Article 13a provisions is APEK. APEK

(Post and Electronic Communications Agency of the Republic of Slovenia) published in

Article 13a Implementation

State of Play - 2011

17

2008 the General act on protection of secrecy, confidentiality and security of electronic

communications and the retention and protection of telecommunication traffic data. The

General act which has legal basis in the current Electronic Communications Act mandates

all operators to implement necessary organizational and technical security measures

appropriate to the risk presented. The General act, which is based on several international

and national standards and recommendations (e.g. ISO/IEC 27K, ITU-T.X 1051), covers

information security management in general and the information security management in

the telecommunication area.

The draft of the revised regulatory framework has been recently submitted to public

consultation. After conclusions following the public consultation procedure the act will go

into parliament.

Highlights and future steps: After the adoption of the new Electronic Communication

Act, APEK is going to publish the updated General Act which will define necessary

measurements and formulate a reporting template according to the final adoption of the

Technical Guidelines for Reporting Security Breaches and Minimum Security Measures.

Challenges: none

Spain

The transposition of the draft law has stopped (General Elections have been called on 20th

November, 2011, and the parliament is currently closed at the moment of writing this

note). In this law there is not any reporting scheme for telephony services. The competent

authority for implementing Article13a is MITYC (Ministry of Industry, Tourism and Trade).

Highlights and future steps: none

Challenges: none

Sweden

The law has been transposed since the 1st of July. In Sweden there was already there a

voluntary reporting scheme. Detailed requirements will be implemented in regulations

which are expected to enter into force in Q1 2012. Baseline security measures will be a

part of the general advice. The competent regulatory authority implementing Article13a is

PTS.

Article 13a Implementation

State of Play 2011

18

Highlights and future Steps: PTS’ regulations detailing the incident reporting

requirements will be issued during Q1 2012. PTS’ general advice on security measures will

likely be amended during 2012, partly in order to reflect ENISA’s Minimum Security

Measures.

Challenges: none

United Kingdom

The Telecommunications’ package was transposed and came into force on the 25th of May

as amendments to the Communications Act 2003. No secondary legislation or regulations

will be introduced. Instead, Ofcom (the competent authority) published guidance on the

implementation details alongside the new law on the 25th May. This included details of

compliance requirements, the reporting scheme and associated templates, all of which

came into force on the transposition date. The guidance directed operators to the UK’s

ND1643 Minimum Security Standards published by the NICC industry body as suitable

baseline security measures for protecting interconnection

Highlights and future steps: Many operators are now routinely reporting outages above

the thresholds set in Ofcom’s guidance. Initial analysis of these reports was included in a

recent publication about the UK’s infrastructure2. It is planned that the guidance will be

updated if required next year, following publication of the output of the ENISA Article 13a

workshops and experience of operating the new rules. The UK’s guidance and minimum

security standards are closely aligned with the current drafts of the ENISA process.

Challenges: none

2 Full report available here: http://stakeholders.ofcom.org.uk/market-data-research/telecoms-research/broadband-

speeds/comms-infrastructure-report/

Article 13a Implementation

State of Play - 2011

19

List of Competent Authorities

Country Competent Authority to implement Article 13a provisions

Site

Austria Austrian Regulatory Authority for

Broadcasting and Telecommunications

Telecom-Control Commission

http://www.rtr.at/

Belgium Institute Belge des services postaux et des télécommunications

http://ibpt.be

Bulgaria Communications Regulation Commission http://www.crc.bg

Cyprus OCECPR http://www.ocecpr.org.cy

Czech

republic

Czech Telecommunication Office http://www.ctu.eu

Denmark Project Office for Cyber Security – Ministry of Defence

http://www.fmn.dk

Estonia Ministry of Economic Affairs and Communication

Estonian Technical Surveillance Authority (ETSA)

www.tja.ee

Finland FICORA http://www.ficora.fi/

France ANSSI ARCEP

http://www.ssi.gouv.fr/ http://www.arcep.fr/

Germany Bundesnetzagentur www.bundesnetzagentur.de

Greece EETT – Hellenic Post and Telecommunications Commission

http://www.eett.gr

Hungary Ministry of National Development

www.kormany.hu

Italy Ministry of Economic Development http://www.sviluppoeconomico.gov.it/

Ireland ComReg – Commission for Communication Regulations

http://www.comreg.ie/

Latvia Information Technologies Security Incident Response Institution (CERT.LV)

www.cert.gov.lv

Lithuania Communications Regulatory Authority http://www.rrt.lt

Luxemburg ILR- Institut Luxembourgeois de Regulation http://www.ilr.public.lu/ Malta Malta Communications Authority http://www.mca.org.mt/

Netherlands Radiocommunications Agency (part of the Ministry of Economic Affairs)

http://www.narcis.nl

Poland Department of Defence Affairs Office of http://www.uke.gov.pl

Article 13a Implementation

State of Play 2011

20

Electronic Communications

Portugal ANACOM http://www.anacom.pt

Romania ANCOM http://www.ancom.org.ro/

Slovak Republic

Technical Regulation branch from the Telecommunication office of the Slovak Republic

http://www.teleoff.gov.sk

Slovenia APEK - Post and Electronic Communications Agency of the Republic of Slovenia

http://www.apek.si/

Spain MITYC (Ministry of Industry, Tourism and Trade)

Sweden PTS- Swedish Post and Telecommunications Authority

http://www.pts.se

United Kingdom

OfCom - Independent regulator and competition authority for the UK communications industries

http://www.ofcom.org.uk/

Article 13a Implementation

State of Play - 2011

21

P.O. Box 1309, 71001 Heraklion, Greece

www.enisa.europa.eu