Telecommunications (Security) Act 2021: draft designated vendor direction consultation
Updated 13 October 2022
Overview of consultation
Aim
In accordance with the provisions of the Communications Act 2003 (as amended by the Telecommunications (Security) Act 2021), this consultation seeks the views of the consultees listed at Annex B on the draft designated vendor direction regarding Huawei. Responses received through this consultation will be taken into account in any future decision by the Secretary of State to issue a designated vendor direction regarding Huawei.
Section 105Z3 of the Communications Act 2003 requires the Secretary of State to consult on a proposed designated vendor direction with:
- any public communications provider who would be subject to the proposed direction; and
- the vendor who would be specified as a designated vendor in the proposed direction,
so far as it is reasonably practicable to do so, and unless contrary to the interests of national security. This consultation fulfils that legislative requirement.
Views sought
We are seeking views on the fairness and proportionality of the requirements imposed by the draft designated vendor direction, which has been sent directly to consultees and published on GOV.UK. We are only seeking responses from public communications providers who would be subject to the proposed direction, and Huawei, as the designated vendor in the proposed direction. The list of consultees is set out at Annex B to this consultation.
We are particularly seeking feedback on whether respondents have any concerns with the timelines we have proposed for the requirements to come into effect.
Background
The Telecommunications (Security) Act 2021 amends the Communications Act 2003 to provide the Secretary of State with new national security powers to:
- issue directions, in the interests of national security, to public communications providers placing controls on their use of goods, services or facilities supplied, provided or made available by a designated vendor specified in the direction (designated vendor directions)
- issue notices, in the interests of national security, designating a person for the purpose of issuing a designated vendor direction (designation notices).
Over the course of 2020, the Government made a series of announcements in relation to the use of Huawei goods and services, which have informed the proposed application of these powers. Previous Secretaries of State made oral statements regarding public telecoms providers’ use of high risk vendors in January 2020, July 2020 and November 2020.
Previous publications
The Telecommunications (Security) Act 2021 was developed in close collaboration with the National Cyber Security Centre (NCSC) following the publication of the UK Telecoms Supply Chain Review Report in July 2019. The Report set out the Review’s conclusions and recommendations, and was followed by an announcement in January 2020 relating to high risk vendors. The NCSC has also published a wide range of material in relation to telecoms security, and the use of high risk vendors specifically, including the following documents:
- NCSC’s security analysis for the UK telecoms sector (January 2020).
- NCSC’s advice on the use of equipment from high risk vendors in UK telecoms networks (January 2020, as updated in July 2020).
Designated vendor directions
The Telecommunications (Security) Act 2021 amended the Communications Act 2003 to insert, amongst others, new sections 105Z1 and 105Z3.
Section 105Z1 provides that the Secretary of State may give a ‘designated vendor direction’ to a public communications provider if the Secretary of State considers that it is necessary in the interests of national security and if the requirements imposed by the direction are proportionate to the aim sought to be achieved. Such a direction may impose requirements on a public communications provider with respect to the use of goods, services or facilities supplied, provided or made available by a ‘designated vendor’ specified in the direction.
Section 105Z3 requires the Secretary of State to consult the public communications providers which would be subject to the proposed direction, and the persons who would be specified as designated vendors in the proposed direction, so far as it is reasonably practicable to do so. This consultation fulfils that legislative requirement.
Responding to this consultation
Consultees
In accordance with the Act’s provisions, this consultation is aimed at Huawei and the public communications providers that would be subject to the proposed direction. The list of consultees is set out at Annex B. We have specifically contacted the providers that we consider should receive a designated vendor direction. While the draft designation notice designates a number of international Huawei affiliates (listed in the Annex to the draft notice), we have only approached Huawei Technologies (UK) Co., Ltd. for the purposes of this consultation, on the understanding that they will provide a response on behalf of the wider Huawei corporate group. It remains open to any Huawei affiliate to respond separately if it considers it is necessary and appropriate to do so. While we are not inviting responses from other parties, we have published consultation documents, alongside the draft designation notice and designated vendor direction, on GOV.UK, in the interests of transparency.
Consultation duration
This consultation is open for four weeks from Friday 18 February 2022. The deadline for responses is 23:45 on Monday 21 March 2022. Once the consultation has closed, we will aim to publish a response within 12 weeks, in line with the Cabinet Office’s consultation principles.
How to respond
We are inviting representatives of public communications providers, and Huawei, to give their views on the draft designated vendor direction by responding to the questions set out in this consultation. As well as this consultation document, we have sent consultees a copy of the draft designated vendor direction. The questions are listed below. They should be read in light of the reasons for the restrictions given in the draft designated vendor direction.
You can respond to this consultation by replying to the commissioning email.
Consultation principles
This consultation is being conducted in line with the Cabinet Office consultation principles, published in March 2018.
Consultation questions
A. At any time after the date the Direction comes into force, requirement not to make use of any Huawei equipment in 5G networks if such equipment was procured after 31 December 2020 - paragraph 4(1) of the draft direction.
The Direction requires the overall phasing out and ultimate termination of Huawei’s involvement in 5G networks in the interests of national security. The use by Public Communications Providers of Huawei equipment procured after 31 December 2020 in 5G networks would undermine this overall aim. This requirement ensures that Public Communications Providers remain on the ‘pathway to zero’ by discouraging them from procuring and installing in their 5G networks new Huawei equipment, and encouraging them to procure new equipment from other vendors.
Q1. Do you have any concerns about this requirement coming into effect immediately upon the issuing of the direction?
Q2. Do you have any concerns about the procurement cut off date of 31 December 2020?
Q3. Do you agree that this requirement is proportionate to the aim sought to be achieved? If not, please explain how you believe the requirement should be amended so as to be proportionate.
B. At any time after the date the Direction comes into force, requirement not to make use of any Huawei equipment in any network, except for fixed fibre access networks, if the manufacturing process or supply chain for such equipment has been altered as a result of changes to the United States Foreign-Produced Direct Product Rule - paragraph 4(2) of the draft direction.
The US government introduced new sanctions in May 2020 which restricted Huawei’s ability to use US intellectual property and technology in the manufacture of its products. The NCSC advised the UK government that it would not be able to assure the security quality of any Huawei equipment that had been manufactured in accordance with these new sanctions. As such, the use of sanctions-affected equipment in telecoms networks poses a risk to the UK’s national security. This proposed requirement would ensure that no such equipment could be used in networks other than the fixed fibre access network, which is covered by a separate requirement due to the different security risk profile.
Q4. Do you have any concerns about how to establish whether manufacturing processes or supply chains have been altered due to the impact of changes to the US FDPR?
Q5. Do you have any concerns about this requirement coming into effect immediately upon the issuing of the direction?
Q6. Do you agree that this requirement is proportionate to the aim sought to be achieved? If not, please explain how you believe the requirement should be amended so as to be proportionate.
C. At any time after the date the Direction comes into force, requirement not to install any Huawei equipment in any fixed fibre access network if the manufacturing process or supply chain for such equipment has been altered as a result of changes to the United States Foreign-Produced Direct Product Rule - paragraph 4(3) of the draft direction.
As set out under section B, the use of sanctions-affected equipment in telecoms networks poses a risk to the UK’s national security. In July 2020, the government announced that it would undertake a technical consultation with fixed network operators to establish a position towards sanctions-affected equipment in fixed networks. In light of the responses received from the technical consultation, the government proposes that the direction should include a requirement that would ensure that no sanctions-affected equipment could be installed in the fixed fibre network from the date of the direction, but would allow the continued use of equipment already installed in networks. The government considers that this approach would best protect the network from the risks posed by the use of sanctions-affected equipment.
Q7. Do you have any concerns about how to establish whether manufacturing processes or supply chains have been altered due to the impact of changes to the US FDPR?
Q8. Do you have any concerns about this requirement coming into effect immediately upon the issuing of the direction?
Q9. Do you agree that this requirement is proportionate to the aim sought to be achieved? If not, please explain how you believe the requirement should be amended so as to be proportionate.
D. At any time after the date the Direction comes into force, requirement not to install, or allow to be installed, any Huawei equipment in 5G networks, except where such equipment has been installed or deployed in the network before the date this Direction comes into force; and/or such installation is for the purposes of directly maintaining Huawei equipment installed before this date - paragraph 4(4) of the draft direction.
The government announced advice in November 2020 that providers should stop installing Huawei equipment in 5G networks after 30 September 2021, in order to reinforce the pathway to the ultimate removal of Huawei equipment from 5G networks by 2027. As this advisory deadline has now passed, we consider that providers should be in a position to comply, and therefore propose this requirement comes into force from the date of the direction.
Q10. Do you have any concerns that this requirement could prevent you from maintaining pre-existing installations of Huawei equipment?
Q11. Do you have any concerns about this requirement coming into effect immediately upon the issuing of the direction?
Q12. Do you agree that this requirement is proportionate to the aim sought to be achieved? If not, please explain how you believe the requirement should be amended so as to be proportionate.
E. At any time after the date the Direction comes into force, requirement not to make use of Managed Services provided by or on behalf of Huawei in respect of any network, except where Specialist Maintenance Services are provided by or on behalf of Huawei in relation to Huawei equipment - paragraph 4(5) of the draft direction.
It has been long-standing NCSC advice for providers not to use Huawei managed services, given the extensive access to a network that managed service providers have. In light of the long-standing nature of the NCSC’s advice, the government considers that providers should now be prepared to cease using Huawei managed services and proposes that they do so by the date on which this direction comes into force.
Q13. Do you have any concerns about the ways in which ‘managed services’ and ‘specialist maintenance services’ are defined in the draft direction?
Q14. Do you have any concerns about this requirement coming into effect immediately upon the issuing of the direction?
Q15. Do you agree that this requirement is proportionate to the aim sought to be achieved? If not, please explain how you believe the requirement should be amended so as to be proportionate.
F. At any time after 28 January 2023, requirement not to make use of Huawei equipment or any services delivered by, or on behalf of, Huawei in the execution of its Core Network Functions - paragraph 4(6) of the draft direction.
It has been long-standing NCSC advice that providers should not make use of Huawei equipment or services in their core network functions. The government announced this advice to providers in January 2020, and, following the NCSC’s advice, set an advisory timeline of three years for providers to remove any Huawei equipment or services from the core of their networks. The government has considered whether to adjust this timetable, particularly in light of the impacts that the COVID-19 pandemic and social distancing measures have had on providers. However, given the profound security risk of having Huawei equipment and services in the core, the government proposes that this deadline should remain at 28 January 2023. A new requirement has been introduced to set a separate deadline for the removal of Huawei high data rate transmission equipment - see section J. Such equipment was previously included under the definition of ‘core network functions’ in the November 2020 illustrative direction.
Q16. Do you have any concerns about the way in which ‘Core Network Functions’ are defined in the draft direction?
Q17. Do you have any concerns about the timeline for compliance with this requirement?
Q18. Do you agree that this requirement is proportionate to the aim sought to be achieved? If not, please explain how you believe the requirement should be amended so as to be proportionate.
G. At any time after 28 January 2023, requirement not to make use of Huawei equipment or any services delivered by or on behalf of Huawei in parts of mobile access networks which could provide service to subscribers located within such Sites Significant to National Security of which [the Public Communications Provider] has been notified by the Secretary of State - paragraph 4(7) of the draft direction.
In January 2020, the government — following NCSC advice — announced that no Huawei equipment should be used in networks at certain sites significant to national security. Sensitive sites are locations where traffic metadata, such as number of connected devices and quantity of traffic, is unavoidably sensitive. For the most part, this applies in rural locations which host particularly sensitive operations. At these sites, pure metadata about the number, type and distribution of devices connected to PCPs’ local base stations could be used to establish information which could pose a significant risk to the United Kingdom’s national security. We announced an advisory deadline of 28 January 2023 for providers to comply with this requirement, as we considered that this would provide a sufficient period for providers to make any necessary changes.
This proposed requirement will not be relevant for all recipients of the proposed direction. The government has shared a list of Sites Significant to National Security with those providers who would be affected by this requirement, on a confidential basis and for the purposes of consultation only. If a consultee has not received such a list, they will not be expected to undertake any action in relation to this requirement. If, having received network plans from providers under proposed requirement 12(iv) of the draft direction, the government considers that other providers should be directed to remove Huawei equipment from mobile networks at certain sites, the Secretary of State may consider issuing a new direction to such providers, with an appropriate period for compliance. In that case, the proposed new direction (or variation of an existing direction) would be subject to the relevant consultation requirements of sections 105Z3 or 105Z5 of the Communications Act 2003.
Q19. Do the locations of the Sites Significant to National Security (if they have been communicated to you) cause you any practical difficulties for the removal of Huawei equipment?
Q20. Do you have any concerns about the timeline for the compliance with this requirement?
Q21. Do you agree that this requirement is proportionate to the aim sought to be achieved? If not, please explain how you believe the requirement should be amended so as to be proportionate.
H. At all times after 31 July 2023, requirement to restrict the use of Huawei equipment in 5G networks so that it is capped at 35% of the access network, as calculated using the formulae set out in Annex B of the direction - paragraph 4(8) of the draft direction.
Following NCSC advice, in January 2020 the government announced advice that providers should reduce the share of Huawei equipment to 35% of their access network in 5G by January 2023. This was to manage the network’s exposure to a vendor of Huawei’s security risk profile. Since the announcement of that advisory position, the COVID-19 pandemic and associated social distancing measures have impacted on providers’ abilities to reconfigure their networks in order to meet the advisory deadline. Unlike the requirement to remove Huawei from the core of the network, the government proposes to extend this deadline as compared to the illustrative draft direction published on the gov.uk website on 30 November 2020, and proposes to set a deadline for compliance of 31 July 2023. We consider that allowing providers a further six months to reach the 35% cap is proportionate and manageable, given that there is a reduced security risk to having Huawei equipment in the access network, where it is less likely to carry out sensitive functions than the network core.
Q22. Do you have any concerns about the way in which the 35% cap is calculated, as set out in Annex B to the draft direction?
Q23. Do you have any concerns about the timeline for the compliance with this requirement?
Q24. Do you agree that this requirement is proportionate to the aim sought to be achieved? If not, please explain how you believe the requirement should be amended so as to be proportionate.
I. At all times after 31 July 2023, requirement to restrict the use of Huawei equipment in Fibre to the Property (FTTP) and other gigabit and higher capable access networks so that it is capped at 35% of the access network, as calculated using the formulae set out in Annex B of the direction - paragraph 4(9) of the draft direction.
Following NCSC advice, in January 2020 the government announced advice that providers should reduce the share of Huawei equipment to 35% of their access network in full fibre networks by January 2023. This was to manage the network’s exposure to a vendor of Huawei’s security risk profile. Since the announcement of that advisory position, the COVID-19 pandemic and associated social distancing measures have impacted on providers’ abilities to reconfigure their networks in order to meet the advisory deadline. Unlike the requirement to remove Huawei from the core of the network, the government proposes to extend this deadline as compared to the illustrative draft direction published on the gov.uk website on 30 November 2020, and proposes to set a deadline for compliance of 31 July 2023. We consider that allowing providers a further six months to reach the 35% cap is proportionate and manageable, given that there is a reduced security risk to having Huawei equipment in the access network, where it is less likely to carry out sensitive functions than the network core.
Q25. Do you have any concerns about the way in which the 35% cap is calculated, as set out in Annex B to the draft direction?
Q26. Do you have any concerns about the timeline for the compliance with this requirement?
Q27. Do you agree that this requirement is proportionate to the aim sought to be achieved? If not, please explain how you believe the requirement should be amended so as to be proportionate.
J. At any time after 31 December 2025, requirement not to make use of Huawei high data rate transmission equipment in any part of any network - paragraph 4(10) of the draft direction.
High data rate transmission equipment is of crucial importance to the overall operation and functioning of the network. Interference with such equipment could therefore cause major network disruption, including widespread loss of services, which would undermine national security. Given the national security risks arising from the continuing use of Huawei high data rate transmission equipment, we considered whether to include this equipment under the direction’s definition of ‘Core Network Functions’. However, the Secretary of State has had to balance the security risk with the practical difficulties faced by Public Communications Providers and the impact on network resilience and network stability arising from rapid vendor change. As such, the government proposes to include a requirement that high data rate Huawei transmission equipment used for intra-core and inter-operator transmission should be removed from the network by 31 December 2025 and considers this deadline is proportionate to the security risk.
Q28. Do you have any concerns about the timeline for the compliance with this requirement?
Q29. Do you agree that this requirement is proportionate to the aim sought to be achieved? If not, please explain how you believe the requirement should be amended so as to be proportionate.
K. At any time after 31 December 2027, requirement not to make use of Huawei equipment or any services delivered by, or on behalf of, Huawei in any part of any 5G network - paragraph 4(11) of the draft direction.
Given the expected future centrality of 5G networks to the UK’s economy and critical national infrastructure, the government proposes to include a requirement that Huawei be removed from the entirety of the network by the end of 2027. This timeline was first communicated to providers in advice announced by the former Secretary of State in July 2020. The government considers that 2027 represents an achievable date for providers to comply with this requirement.
Q30. Do you have any concerns about this requirement, in particular regarding the timeline for the compliance with this requirement?
Q31. Do you agree that this requirement is proportionate to the aim sought to be achieved? If not, please explain how you believe the requirement should be amended so as to be proportionate.
L. Further requirements to apply to Huawei equipment or services in any network that are not otherwise prohibited by the requirements set out above - paragraph 4(12) of the draft direction.
The NCSC has taken specific measures to mitigate the risks arising from the use of Huawei equipment since they first entered the UK market. These measures are necessary to ensure the security of the deployments of Huawei equipment and services in the telecommunications network. The draft direction includes a number of measures which the NCSC has advised providers to follow as part of these mitigation arrangements. These include requirements to share information and technology with the Huawei Cyber Security Evaluation Centre, so that they are able to undertake security analysis. It also includes requirements to ensure that Huawei equipment is used securely within networks. Given that these mitigation arrangements have existed in advisory form for a number of years, the government considers that the timelines as set out within the direction are a proportionate period within which providers should be able to comply with the requirements.
Q32. Do you have any concerns about this requirement? In particular, do you have any concerns with:
a. the timeframes for compliance with this requirement
b. the measure to not use any out of support Huawei equipment (para 4(12)(iii) of the draft direction)
c. the measure which requires the monitoring of access by Huawei to networks by employees reasonably considered to be appropriately skilled to monitor any national security risks arising from the provision of such access?
Q33. Does this requirement amount to something new that you do not currently do?
Q34. Do you agree that this requirement is proportionate to the aim sought to be achieved? If not, please explain how you believe the requirement should be amended so as to be proportionate.
Q35. In addition to the questions above, are there any other concerns that you have about the proposed designated vendor direction that you would like us to consider?
Glossary
The Act: The Telecommunications (Security) Act 2021.
Designation notice: A designation notice designates a person (or people) for the purposes of a designated vendor direction (section 105Z8 of the Communications Act 2003).
Designated vendor: A designated vendor is a person designated by a designation notice (section 151(1) of the Communications Act 2003).
Designated vendor directions: A designated vendor direction may impose requirements on a public communications provider with respect to the use, in connection with a purpose mentioned below, of goods, services or facilities supplied, provided or made available by a designated vendor specified in the direction (section 105Z1 of the Communications Act 2003).
The purposes referred to above are:
a. in the case of a provider of a public electronic communications network, the provision of that network;
b. in the case of a provider of a public electronic communications service, the provision of that service;
c. in the case of a person who makes available facilities that are associated facilities by reference to a public electronic communications network or public electronic communications service, the making available of those facilities; or
d. in the case of a provider of a public electronic communications network or public electronic communications service, enabling persons to make use of that network or service.
Electronic communications network: A transmission system for the conveyance, by the use of electrical, magnetic or electro-magnetic energy of signals of any description, and associated apparatus, software and stored data (section 32(1) of the Communications Act 2003).
Electronic communications service: A service of any of the following types provided by means of an electronic communications network, except so far as it is a content service:
- an internet access service;
- a number-based interpersonal communications service;
- or any other service consisting in, or having as its principal feature, the conveyance of signals, such as a transmission service used for machine-to-machine services of for broadcasting
(section 32(2) of the Communications Act 2003).
NCSC: The National Cyber Security Centre, part of the Government Communications Headquarters.
Public communications provider (PCP): A provider of a public electronic communications network; a provider of a public electronic communications service; or a person who makes available facilities that are associated facilities by reference to a public electronic communications network or a public electronic communications service (section 151(1) of the Communications Act 2003).
Public Electronic Communications Network: An electronic communications network provided wholly or mainly for the purpose of making electronic communications services available to members of the public (section 151(1) of the Communications Act 2003).
Public Electronic Communications Service: Any electronic communications service that is provided so as to be available for use by members of the public (section 151(1) of the Communications Act 2003).
Annex A: Privacy notice
Purpose of this Privacy Notice
The following is to explain your rights and give you the information you are entitled to under the Data Protection Act 2018 and the UK General Data Protection Regulation (“the Data Protection Legislation”).
Our personal information charter explains how we deal with your information. It also explains how you can ask to view, change or remove your information from our records.
This notice only refers to your personal data (e.g. your name, email address, and anything that could be used to identify you personally) not the content of your response to the consultation.
Why are we collecting your personal data?
Your personal data is being collected as an essential part of the consultation process, so that we can determine who has responded to the consultation and contact you regarding your response.
What personal data do we collect?
We collect the following information:
- personal identifiers
- contacts and characteristics (for example, name, contact details and name of organisation if relevant).
With whom we will be sharing your personal data?
Copies of responses may be published after the consultation closes. If we do so, unless you indicate otherwise, we will ensure that neither you nor the organisation you represent are identifiable, and any responses used to illustrate findings will be anonymised.
As regards the content of the response, the Consultation Privacy Statement sets out how respondents to the consultation can mark information in their response as commercially confidential, and how we will handle such information.
For how long we will keep your personal data, or criteria used to determine the retention period?
Your personal data will be held for two years after the consultation is closed. This is so that the department is able to contact you regarding the result of the consultation following analysis of the responses.
Our legal basis for processing your personal data
The Data Protection Legislation states that, as government departments, the departments may process personal data as necessary for the effective performance of a task carried out in the public interest (i.e. a consultation).
We will not:
- sell or rent your data to third parties
- share your data with third parties for marketing purposes
- use your data in analytics.
We will share your data if we are required to do so by law – for example, by court order, or to prevent fraud or other crime.
Consultation privacy statement
Please be aware that, under the Freedom of Information Act 2000 (‘FOIA’), there is a statutory Code of Practice with which public authorities must comply and which deals, amongst other things, with obligations of confidence. We anticipate that some information that is provided to the government by organisations in response to this consultation is likely to be commercially confidential. Section 43(2) of FOIA exempts information the disclosure of which would, or would be likely to, prejudice the commercial interests of any person – including those of the public authority holding the information. In view of this, please tell us in writing what information is confidential and explain to us why you regard the information you have provided as confidential. We ask respondents to clearly distinguish in writing between:
- information that is already published or in the public domain.
- information that is unpublished but could be published by the government in any summary of responses to this consultation.
- information that is commercially confidential.
If we receive a request for disclosure of the information, we will take account where reasonable of your explanation, but we cannot give an assurance that confidentiality can be maintained in all circumstances. An automatic confidentiality disclaimer generated by your IT system will not, of itself, be regarded as binding on the Department.
Your rights, e.g. access, rectification, erasure
The data we are collecting is your personal data, and you have considerable say over what happens to it. You have the right:
- to see what data we have about you
- to ask us to stop using your data, but keep it on record
- to have all or some of your data deleted or corrected
- to lodge a complaint with the independent Information Commissioner (ICO) if you think we are not handling your data fairly or in accordance with the law.
Your personal data will not be used for any automated decision making. Your personal data will be stored in a secure government IT system.
We are committed to doing all that we can to keep your data secure. We have set up systems and processes to prevent unauthorised access or disclosure of your data – for example, we protect your data using varying levels of encryption.
We also make sure that any third parties that we deal with keep all personal data they process on our behalf secure.
Changes to this policy
We may change this privacy policy. In that case, the ‘last updated’ date set out below will also change. Any changes to this privacy policy will apply to you and your data immediately.
If these changes affect how your personal data is processed, the controllers will take reasonable steps to let you know.
Last updated: 17/02/22
How to contact us
The contact details for the data controller’s Data Protection Officer (DPO) are:
Data Protection Officer
The Department for Digital, Culture, Media & Sport
100 Parliament Street,
London
SW1A 2BQ
Email: DCMSdataprotection@dcms.gov.uk
You can find out more here: Personal information charter
How to contact the appropriate authorities
If you believe that your personal data has been misused or mishandled, you can make a complaint to the Information Commissioner, who is an independent regulator. The Information Commissioner can be contacted at:
ICO
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113
Online at: ICO - Contact us
Annex B: List of consultees
Public Communications Providers
- Openreach Limited
- BT Group PLC (BT/EE)
- VMED O2 UK Limited (Virgin Media O2)
- Vodafone Limited
- Sky UK Limited
- TalkTalk Telecom Group Limited
- Hutchison 3G UK Limited (Three)
- Airwave Solutions Limited
- AT&T Global Network Services (UK) B.V.
- Bharti Airtel (UK) Limited
- Cellnex UK Limited
- China Mobile International (UK) Limited
- China Telecom (Europe) Limited
- CityFibre
- Colt Technology Services Group Limited
- Currys PLC
- Daisy Group Holdings Limited
- Elitetele.com PLC
- Fujitsu Services Limited
- Gamma Telecom Ltd
- Gigaclear Limited
- Hyperoptic Limited
- KCOM Group Limited
- Lumen Technologies UK Limited
- Neos Networks Limited
- Shell Energy UK Limited
- Tata Communications (UK) Limited
- Telia Carrier UK Limited
- Telstra Limited
- Tesco Mobile Limited
- Verastar Limited
- Verizon UK Limited
- XLN Telecom Ltd
- Zayo Group UK Limited
Vendors
- Huawei Technologies (UK) Co., Ltd.