The rights and obligations of telecoms operators

Telecommunications operators and value-added service providers must maintain the information security of their network and communications services. A telecoms operator must take immediate action when an information security threat is identified.

Telecoms operators' obligations

A telecoms operator must maintain the information security of its network and communications services by ensuring:

  • operating security
  • communications security
  • hardware and software security
  • data security.

Operators are not required to take unreasonable measures for ensuring information security as long as the measures are commensurate with:

  • the seriousness of threats
  • the level of technical development
  • the costs.

FICORA may issue further regulations to telecoms operators regarding the information security of network and communications services or of data retention.

Information Society Code(sections 243, 247 and 272, in Finnish)

Regulation 67 on information security of telecommunications services

Telecoms operators' rights in ensuring information security

In order to prevent information security violations and to ensure information security, a telecoms operator has the right to:

  • prevent the conveyance and reception of messages
  • remove from messages malware that pose a threat to information security
  • take any other comparable technical measures in its communications network.

An operator may undertake these measures only if they are necessary for safeguarding the network or communications services or the communications ability of a message recipient. The measures taken to ensure information security may not limit freedom of speech or the protection of privacy any more than is necessary.

Information Society Code(section 272, in Finnish)

Regulation 67 on information security of telecommunications services

Information security notifications

A telecoms operator must immediately notify its customers and FICORA of significant information security violations or threats to information security in the services and of anything else that prevents or significantly interferes communication services.

A telecoms operator also has to notify its customers of:

  • measures available to customers for protecting themselves against the information security threats discovered identified and the costs of such measures
  • sources of further information on the threats.

Information Society Code (sections 274 and 275, in Finnish)

Regulation 66 on disturbances in telecommunications services

Key words: Information security , Data protection , Telecommunications

Updated 08.01.2015

LinkedIn Print


The Finnish Communications Regulatory Authority (FICORA)

The National Cyber Security Centre Finland (NCSC-FI)

Itämerenkatu 3 A

P.O. Box 313


Media contacts by telephone +358 295 390 248