Examples of telecommunications

This page describes FICORA's interpretation principles for interpreting when and whose operations the regulation of telecommunications concerns with regard to service chains including several players, subcontracting, and further provision of services. In addition, the page describes the applicability of the regulation to primary and secondary services and to community- and application-specific services. The page also discusses the distinction between software and hardware services and communications services.

Content of the page

1 Service chains, subcontracting and further provision

1.1 General

1.2 Subcontracting

1.3 Further provision

1.4 Internet access service provided as part of case hosting service

2. Primary and secondary service

2.1 General

2.2 Case push email

3. Difference between software service or hardware supply (ICT) and communications service

3.1 General

3.2 case email

3.3. case VoIP exchange

4. Services bound to communities and applications

4.1 General

4.2 Suggestive criteria

4.3. Case instant messaging services

1 Service chains, subcontracting and further provision

1.1 General

Several players are usually involved in the service chain comprised of network services and communications services. These players agree with each other on the implementation of the chain's different parts. The implementation of services becomes fragmented. In an environment involving several players, it must be assessed who is responsible as a network or service operator for telecommunications obligations in the legislation.

The responsibility is clear when a service chain consists of only one operator who provides a communications service to a customer in its own network.

For example, the operator provides a mobile subscription in its own mobile network.

Another example of a clear situation is a situation of two operators with a network operator providing communications network for the use of a service operator that, in turn, provides a communications service to customers via the network. The network and service operator are responsible for their own parts as telecommunications operators. The service operator is responsible for the whole service provided to the customer.

For example, the operator provides an ADSL subscription by means of a subscriber connection it has leased from another operator.

Responsibility issues become more unclear when the network and service operator acquire parts to their services from other operators or when the communications service is provided as part of some other service entity.

Examples: Telecommunications operators often outsource, among others, supervision, maintenance and repair operations. An internet access service and email service are often provided, especially to corporate customers, as part of the ICT entity together with hardware and software. A student flat, a rented flat or an owner-occupied flat may be equipped with a broadband subscription which is charged in the residential charges.

In this case, it must be assessed whether the players in the service chain are, from the legislative point of view, telecommunications operators, subcontractors of the telecommunications operator or further providers of the telecommunications operator's services, and who is responsible for telecommunications obligations. Examples of these obligations are ensuring of the service's technical quality and information security, ensuring of the minimal content in the user's agreement terms, contingency planning, management and notification of faults, disturbances and information security threats, implementation of numbering and call barring categories in accordance with the provisions, and retention of identification data (data retention).

1.2 Subcontracting

Subcontracting's relationship to telecommunications responsibility can be summed up as the following rule of thumb: responsibility cannot be outsourced. The telecommunications operator is responsible for ensuring that the subcontractor complies with its obligations. In practice, this means that when the telecommunications operator obtains, for example, the maintenance of a network from another operator, the telecommunications operator must ensure in the agreement that the obtained service meets the obligations in the legislation. The responsibility for subcontracting also means, for example, that the telecommunications operator is responsible towards the subscribers and the users for the information security of the communications service also in terms of a third party that in full or in part implements the network service or the communications service.

Naturally, the subcontractor has an agreement-based responsibility for performing and possible liability of damages, but only towards its agreement partner. If for example FICORA reckons that the service is defective, the Information Society Code-based obligation to correct is applied to the telecommunications operator, even if the defect is caused by the subcontractor's operations.

1.3 Further provision

To distinguish telecommunications from resale or further provision, two issues can be analysed:

  1. Agreement relationships, i.e. with whom the end user enters into an agreement on the communications service
  2. technical management of the network and the service

Agreement relationships

Resale. Pure resale of a communications service is not telecommunications. Pure resale means here a situation where an agreement relationship does not remain between the seller and the buyer. The responsibility for telecommunications obligations, i.e. the features and the provision of services laid down in the Information Society Code, belongs to the communications service or network operator and not to the reseller. The reseller may have responsibility that is based on e.g. the Consumer Protection Act, the Act on Residential Leases, or other legislation.

An example of resale is the sale of mobile subscriptions in such a manner that the telecommunications operator and the end user enter into an agreement with each other.

Further provision. The definition of a telecommunications operator has been changed for the Information Society Code in 2015 so that a telecommunications operator is also the one that provides communications services. In the Communications Market Act, a telecommunications operator and a service operator were defined as an operator that transmits messages, i.e. the definition was more tied to the technical implementation of the service.

In the justification of the Act (Government Bill 221/2013, detailed justification in section 3), it is stated that the previous definition has, to some extent, left room for interpretation with regard to the targeting of telecommunications operators' responsibility in situations where a user enters into an agreement on the provision of a communications service with an operator that does not itself maintain technically the communications service. According to the Government Bill, the purpose of the amended definition is to clarify the fact that the requirements concerning a communications service agreement stated in the Act also concern a service provider like this.

If the communications service is part of a more comprehensive service package - as it often is in ICT services of a corporate customer - it is possible in the agreement either to separate the communications service into its own service and agree on the telecommunications operator responsible for it or to include the communications service in the overall agreement.

Technical control of the network and the service

When assessing whether the service provider is a further provider or an actual telecommunications operator, the most relevant basis for the assessment is the service provider's factual right and possibility to technically control the network and access to it or the transmission and the provision of messages by means of an identifier indicating the user or by some other corresponding means.

An actual telecommunications operator can by technical means affect the features and function of the network and the access to it. The identifier indicating the user can be e.g. a subscription number or an IP address. A further provider can, at most, choose the network users, but it does not have any possibility or right to affect the technical features of the network or service.

Thus, the service chain can consist of the telecommunications operator that technically implements the communications service and a further provider that may also partially participate in the technical maintenance. The operators are responsible for the communications service as telecommunications operators for their own parts. In the light of the justification for the Information Society Code, the further provider is responsible at least for the agreement terms. The operator that is responsible for the customer is naturally the one that enters into an agreement with the customer.

An example of a situation when it may be necessary to assess the limit between the further provider and the actual telecommunications operator, the provision of a broadband subscription, i.e. internet access service either with server space or other hardware service or software service or with premises or a flat.

1.4 Internet access service provided as part of case hosting service

A hosting service consists of in its simplest form of server space and connection of the server to the internet. In addition, a service entity can include various additional services, such as ensuring of the information security, backup, supervision and maintenance of the server, as well as an own domain name.

The service can also include an internet access service, i.e. a broadband subscription. In this case, it must be assessed whether the hosting company is the further provider of the internet access service or is the service, to some extent, a communications service implemented by the hosting company itself.

If the hosting service provider administrates active devices between ISP and its own customer's network and can, for example, edit and filter the traffic and supervise the access to the network, it can be considered that the telecommunications service (internet access) is a communications service provided by the hosting service provider as a telecommunications operator.

In practice, questions of interpretation related to the legislative position of hosting services have surfaced especially in conjunction with information security violations. An example that be stated with regard to telecommunications obligations of a hosting company providing communications services is the obligation to notify FICORA, on the basis of the Information Society Code, of information security violations targeted against the telecommunications services provided by the company and of breaches targeted against the personal data related to the services.

2. Primary and secondary service

2.1 General

The reciprocal dependence of the parts in the service entities of communications services can be structured in primary and secondary services. With regard to services that are secondary by nature, there has been discussion whether these services are communications services at all.

For example, email is a primary communications service in relation to the push email service which enables the use of the email service in question for the users via their mobile phones.

Essential with regard to the regulation is the user's service entity and the purpose of the obligations laid down in the legislation. The purpose of the provisions laid down in the Information Society Code is to, for example, guarantee the technical quality and information security of the service, as well as the user's rights. The objectives of the Act are significant also in secondary services when the provider participates in the transmission of messages, i.e. the provider is able to influence the fulfilment of the objectives of the legislation. With regard to the purpose of the Act, a secondary service can therefore considered to be a communications service on the same grounds as other services, too.

The fairness of the regulation also requires that publicly-provided services must be assessed on the basis of their implementation regardless of who the service provider is or if several parties participate in the provision. With regard to the assessment, it is not therefore essential whether a primary and secondary communications service is provided by the same operator or a different operator.

Whether communications services are primary or secondary can affect the applicability of single obligations to the service.

For example, it is not necessary appropriate to impose strict requirements concerning preparedness on secondary services when the user is able to directly use the primary service during a disturbance.

Instead, the user's rights and data protection requirements in accordance with the legislation concern, as a rule, secondary services, too. With regard to an agreement, there may be a difference whether the primary and secondary service is implemented by the same operator or a different operator. If the services are provided by the same operator, the secondary service can be considered to be, in some cases, a feature of a communications service. When the services are provided by a different operator, they are more clearly independent communications services from the contractual point of view. This may be of significance in terms of contractual consequences.

2.2 Case push email

Push email means here a technology enabling the reception of an email message to a mobile phone so that email messages are delivered from the server to the receiving terminal device by means of push technology and the user does not have to search for them separately. The push email service requires that software enabling the use of the email service by means of a mobile phone is installed in the user's terminal device. The software is a gateway between the mobile phone and the customer's email service provider.

As a rule, both the sent and received messages are transferred between the mobile terminal device and the email service provider's email server via the push email service provider's server. The provider of the push email service also maintains the login and identification server for the push email service.

The provider of the push email service can be the same company as the provider of the actual email service or a different company. The email service can be provided by, for example, a broadband operator and the mobile operator of the push email service or the manufacturer of the terminal device.

When assessing the applicability of telecommunications obligations to the provider of the push email service, it should be noted that the mere software that is installed on the customer's mobile terminal device and that consists of different elements of the push email service is not a communications service referred to in law. The email service is clearly a communications service, but the provider of the push email service is not responsible for it if it is provided by a different company than the company providing the push email service. The role of the provider of the push email service must be assessed in terms of whether the messages are transmitted by means of the service provider's server so that, with regard to this, the service would be regarded as the push email service provider's own communications service.

Publicly-provided services are assessed in terms of the requirements of the legislation on the basis of their features and implementation regardless of who provides the service and if more than one party participates in the provision. Therefore, the push email service must assessed in the same way regardless of whether the actual email service and the push email service is provided by one and the same company or a different company. The provider of the push email service manages the servers used when transmitting messages and thus also participates in the transmission of the messages in accordance with the legislation. If the provider of the actual email service provides via a gateway the push email service to a mobile terminal device, the gateway must be included in the regulation concerning the information security and the technical quality of a communications service. Similarly, the push email service is a communications service also when it is provided by a different company than the company providing the email service.

Essential with regard to the regulation is the user's service entity and the purpose of the obligations laid down in the legislation. The purpose of the provisions in the Information Society Code is to guarantee the technical quality and information security of the service and the user's right also in cases where the transmission of messages enable that the possibility to use email stretches to the mobile terminal device. On the basis of this, also the mere push email service must be regarded as a communications service, although it is a secondary service with regard to the actual email service. Whether communications services are primary or secondary can, however, affect the applicability of single obligations to the service.

3. Dividing line between software service or hardware supply (ICT) and communications service

3.1 General

Telecommunications operators and IT companies provide to their customer companies a diverse selection of services with varying content for the companies' internal communications solutions and external connections. In terms of drawing a dividing line, a key question is when the service is public telecommunications and when the service provider provides only elements for the customer company's own communications solutions. These interpretation guidelines analyse a situation where software and other elements are provided to a set of users not subject to a prior restriction and where messages are transmitted in a service implemented by means of them. What counts in drawing the line is whether the service provider is responsible for transmitting messages.

For example, the service provider can supply to its customer the mere software for a VoIP or email service or provide, in addition to the software, maintenance services for the service and the server or also ensure the transmission of messages, i.e. provide a communications service.

To draw a dividing line between a software and communications service is usually unclear only in services that are provided to corporates or associations - consumer solutions are normally clearer with regard to the assessment. Interpretation policies:

  • If the corporate or association customer only has a remote possibility to modify the settings of the service, the service can generally be regarded as a communications service provided by another party, and not as an IT service.
  • If the customer has a full control of the service and its features and settings, the provision of the elements required for constructing the service can be regarded as a mere IT service, although the service provider would also make these setting changes on behalf of the customer for example as hourly-charged work or as part of the maintenance agreement.
  • What is relevant with regard to the assessment is, however, the factual nature of the provided service, i.e. by only giving the customer more extensive modification rights does not change the service to an IT service if the service provider is in actual fact responsible for the transmission of messages as well as of the operability and development of the service.

To implement internal communications networks and systems of a company or other corporate or association for its own use, i.e. for a set of users subject to a restriction, is not public telecommunications. In other words, a company that obtains for and provides to its staff a communications service is not a telecommunications operator. It can be a corporate or association subscriber referred to in the Information Society Code.

The dividing line between software and communications services has also been discussed in FICORA's Skype solution according to which for example the provision of mere peer-to-peer network software is not the provision of a communications service.

Opinion on Skype from 2005 (in Finnish)

3.2 case email

Management of internet-based services, such as management of email services, can be divided, in addition to the provision of internet access, into two entities which are

  • management of server/application updates
  • management of the service itself

This section presents criteria for when the provided entity of elements included in the email service is such that the service is a communications service. The interpretation is not affected by the fact who provides the internet access by means of which the email is used.

  • The provision of mere server space or software cannot be regarded as a communications service because they do not involve transmission of messages.
  • A service consisting of also e.g. the maintenance of software or server is closer to the provision of a communications service.
  • The transmission of messages that is included in the definition of a communications service is considered to be, at least, management of the email server settings which enable and steer the transmission of messages.

When interpreting whether the service in question is a communications service provided by an external party or maintained by the customer, it is essential to find out who the party factually responsible for the operability of the service is and to what extent the customers are able to manage the service.

  • If the customer only has a remote possibility to modify the settings of the service, the service can generally be regarded as a communications service provided by another party. A remote possibility to control an email service can mean, for example, that the customer can modify only the email addresses used in the service, routings of email, filtering settings of email and other parameters, mainly parameters that are connected to email accounts. A consumer customer can typically control these parameters. Therefore, it can be considered that the service provider is still responsible for the operability of the whole service and that the service in question is, in terms of the legislation, a communications service.
  • If the customer has a full control of the service and its features and settings, the provision of the elements required for the email can be regarded as a mere IT service, although the service provider would also make these setting changes on behalf of the customer for example as hourly-charged work or as part of the maintenance agreement.
  • What is relevant with regard to the assessment is, however, the factual nature of the provided service, i.e. by only giving the customer more extensive modification rights does not change the service to an IT service if the service provider is in actual fact responsible for the transmission of messages as well as of the operability and development of the service.

3.3. case VoIP exchange

IP exchange (IP-PBX) means here an exchange that is maintained by the customer company itself, the operator (the telecommunications operator providing the telephone service) or some third party and that is implemented by means of IP technology. The connection to the public telephone network can be a conventional circuit-switched (PSTN, GSM) connection or function on a packet switching IP network. Common to all implementations is, however, that the telephones that are connected to the exchanges are IP telephones and they are connected to the exchange by means of IP technology.

In terms of the conventional circuit-switched exchange, the division between communications services and hardware and software services has been reasonably clear: the exchange and the maintenance of it have been deemed as hardware and software services, whereas a telephone subscription and call routing to and from the public telephone network is a communications service.

In the IP exchange, the situation is not as simple as that because the exchange solution can be implemented in several different ways and the role of the players varies in the implementation of the exchange. A provider of IP exchange services may provide to customers

  • only a software solution
  • also maintenance services for the service and the server
  • even the transmission of messages. The transmission of messages can, in turn, include, among others, voice services implemented in various manners, sending of text messages, instant messaging, or email services.

To implement internal communications networks and systems of a company or other corporate or association for its own use, i.e. for a set of users subject to a restriction, is not public telecommunications. Despite the fact that the company obtains communications services for its employees and maintains the service, the company is not a telecommunications operator, but a corporate or association subscriber referred to in the Information Society Code.

It is also possible that the company has outsourced the implementation and maintenance of the IP exchange.

  • If the provider of the exchange service provides only a software solution, it is not considered to be the provision of a communications service. In this case, the party that implements the services is a sub-contractor for the corporate or association subscriber.
  • If the provider of the exchange service provides, in addition to the software solution, e.g. maintenance services for servers, it participates often at least in the transmission of call signalling and in some cases even in the transmission of the actual voice call and data traffic. In this case, the provider of the exchange service can be seen, as a rule, providing a communications service. When assessing its role, a crucial factor is whether the operations can be regarded as public telecommunications or is the service regarded as a service that is provided to a set of users subject to a restriction.
  • If the provider of the exchange service transmits signalling and voice call or data traffic only in the internal communications of the customer company, the service can be regarded as a service provided to a set of users subject to a restriction and the service provider still as a sub-contractor of the corporate or association subscriber.
  • If the provider of the exchange service also provides the access from the exchange to the public telephone network using E.164 numbers or with regard to data traffic to other public communications network, the service is regarded as public telecommunications.

The physical implementation of the connection has practically no significance in terms of the interpretation. It can be implemented either conventionally with the telecommunications operator's exchange line from the customer's exchange to the telecommunications operator's exchange or as a service provided on the internet connection.

4. Services bound to communities and applications

4.1 General

Services bound to communities and applications refer here to electronic communications possibilities that are provided on the open internet either within an online community or between users using the same application. Communities and linkage to applications can overlap with each other. Internal communications services of the community can be an essential part of an online community's operations. Users are also provided with many applications and services that enable the communications only between the users who use the application or service in question.

Examples of social communities with the possibility for targeted communications are Facebook, Suomi24's dating service or Habbo Hotel. Examples of application-bound services are Skype Classic or Windows Live Messenger. Examples of terminal-bound services are Apple's or other hardware manufacturers' instant messaging services.

When assessing whether these services pertain, to some extent, to the telecommunications provisions of the Information Society Code, two basic questions must be solved first:

  • is the service in question a communications service, i.e. it is related to the transmission of messages, at all
  • is the service in question public telecommunications, i.e. is the service provided to a set of users not subject to a prior restriction

In terms of the applicability of the legislation, it is essential to pay attention to that the obligations can also concern only part of the service entity.

If the service is not regarded as telecommunications, it can, however, be other conveyance of communications that is subject to the information security and data protection obligations of the Information Society Code as of the beginning of 2015.

Also, with regard to the services provided on the open internet, it must be often assessed whether the operations in question are carried out in Finland, meaning that Finnish legislation is applied to the operations. The applicability of national legislation to transnational electronic communications services is basically a question related to European law and coordination of Directives. It is impossible to give comprehensive interpretation guidelines related to the question. In terms of the information security and data protection obligations, section 2 of the Information Society Code lays down provisions on the situations where the requirements also concern communications services or other conveyance of communications provided from abroad.

4.2 Suggestive criteria

The assessment criteria below are not based on established interpretation procedure, but rather on a general analysis of provisions and services. The criteria have been applied to general guidance, but not in written opinions or decisions. The eventual telecommunications nature of a service must always be assessed on a case-by-case basis as a whole. FICORA deems that the following circumstances may have significance in the case-specific overall assessment.

  • Unrestricted possibility to join a community and the size of the community By means of these, it is possible to assess whether the set of users is subject to a prior restriction. Usually, the communities are large and joining them is unrestricted. Although this is a relevant criterion, it is not often possible to make a difference between public telecommunications and other operations solely on the basis of it.
  • Interconnection of the service or interoperability with other communications networks and services. These can be used for assessing if the set of users is subject to a prior restriction or if the network in question is a public communications network. The larger the service's interconnection is, i.e. the bigger the possibility to send and receive messages from the community or application to other communications networks and services is, the more likely it must be regarded as public telecommunications.
    • For comparison's sake, it can be stated that for example voice services routed by telephone numbers are interconnected globally and the email services on the open internet have, in practice, access to other corresponding services thanks to the interoperability of applications, address systems and protocols.
    • However, access to community- and application-bound communications services described here may typically be restricted to the community or the software or between the chosen cooperation partners.
  • Communications service customership or customers' possibility to communicate. With regard to the user, is it more a question of communications service customership or other kind of customership that relates to the customers' possibility to communicate with each other? This criterion can mainly be used for supplementing the assessment concerning a set of users set to a prior restriction. There are major gradations in terms of what is considered to be essential in the service: the social community in itself (a typical example of this could be Facebook) or the means of communication (Windows Live Messenger or a wlan community network which is based on the sharing of the members' internet connections, such as SparNet/OpenSpark). The closer the service is to the latter, the more likely the service must be regarded as public telecommunications.
  • Diversity, nature and operability of the communications service These intangible factors can used in the overall assessment when drawing a line between communications services and the services that technically resembles them, such as payment transfer systems of banks. In this respect, it is possible to analyse, for example, what kind of messaging ways are provided and if the users can freely create the content of their communications.

In practice, opening services and connecting them to other services varies a great deal and it can also depend on the degree of the development of the service. For example, text message and multimedia message services are not interconnected between telecommunications operators when the services are launched. The same development will probably be seen in IP-based services more strongly.

An example of applying the above-mentioned criteria in other environment than in internet environment is an email service that a newspaper/magazine provides to its subscribers and that has been opened in other services. The service is clearly a communications service (transmission of messages) and it has been interconnected to other services (general DNS system). The service in question is a communications service and public telecommunications referred to in the legislation, although the email service provided in connection with the newspaper/magazine is probably a secondary reason for joining the "community".

The aforementioned criteria focus on the interpretation of a set of users that is not subject to any prior restriction. The assessment of whether the service is a communications service is discussed in more detail under the other headings.

4.3. Case instant messaging services

Instant messaging differs from email so that the discussion is in real time. The communicating parties can see the text typed by the other either as soon as it has been typed, line by line or message by message. It is possible to send messages to one or to several users simultaneously. In addition to the text-based exchange of messages, the software can include other features as well, such as the transmission of video picture and sound, file sharing, and presence information.

The use of the service typically requires registration, and depending on the software, it may be necessary to install the instant messaging software on the terminal device that is used. Instant messaging software that are used by means of an internet browser are also available. Communications is possible only with a user who has also joined and connected to the service (compare the interconnection criterion in section 4.2).

One general standard or protocol is not used in instant messaging, which means that different services are not automatically interoperable with each other, unlike e.g. email services utilising the internet domain name service (DNS). As a rule, an instant messaging service only functions between the users of the same software. Some services aim at combining different protocols under one customer software.

Examples of instant messaging services on the open internet have during the years been Windows Live Messenger, Jabber, ICQ, AOL Instant Messenger and Yahoo! Messenger, IRC, KIK Messenger and WhatsApp.

The regulation laid down in the Information Society Code is based on technology neutrality. Therefore, all services provided on an internet connection must be assessed as uniformly as possible.

Mainly the same criteria as in VoIP telephone services can be used for assessing instant messaging services (of course, with the exception of the factor of whether the service has been connected to public telephone network numbers in the call and/or reception direction). A service is a communication service when a VoIP service provider or an email service provider participates in the transmission of voice data and email messages.

  • A provider of an instant messaging server also provides a communications services when it participates in the transmission of messages by means of its own server. The messages can contain text, sound or video material.

Instead, the mere provision of software and an availability service resembling a directory service is not considered to be a communications service.

  • Examples of services that are not considered to be communications services are software or search services installed on a computer or other terminal device and whose IP address enables that calls or messages are routed to the recipient.
  • This kind of pure peer-to-peer network architecture does not contain centralised servers participating in the transmission of messages.

Contrary to, for example, email services, there is no access from instant messaging services to other service providers' corresponding services or to other communications services. The possibility to communicate can typically be restricted to concern either users of some certain technical application and/or members of some certain online community. In this case, it must be assessed whether the service in question is a service that is provided to a set of users subject to a prior restriction and that is not public telecommunications.

  • As a rule, the community's internal possibility to communicate cannot be interpreted as public telecommunications.
  • The fact that the service is bound to a certain application or terminal device is not solely a basis to regard the set of users as subject to a restriction because software and devices are provided to a set of users not subject to a restriction. The extent of such a set of users and unrestricted possibility to join it are more like the characteristics of public telecommunications than of a community's internal service.
  • Interconnecting an instant messaging service to other instant messaging services or to other communications services supports the fact that the service is interpreted as public telecommunications, but it is not crucial.
  • The assessment must always be made as a whole, and the key issue in assessing public telecommunications is the extent of a potential set of users and unrestricted possibility to join it as well the provisions of the service and the possibility to use it as an independent communications service.



Key words: Information security, Internet, Telephone, Broadband, Subscription, Guidelines


LinkedIn Print