Industry

Security

Government Emergency Ordinance no.111/2011 on electronic communications, approved with amendments and completions by Law no.140/2012, includes a special chapter dedicated to the security and integrity of electronic communications networks and services and lays down the general framework for ensuring the safe use of electronic communications networks and services, in particular by informing the users on the incidents which affect the security and integrity of networks and services, as well as by determining the providers’ responsibilities and the duties of the regulatory authority in the field.

 

Thus, the providers of public electronic communications networks and of publicly available electronic communications services have the obligation to take all appropriate technical and organisational measures to appropriately manage the risks posed to security of electronic communications networks and services, especially to prevent and minimise the impact of security incidents on users and interconnected networks. Furthermore, the providers of public electronic communications networks have the obligation to take all appropriate steps to guarantee the integrity of their networks and to ensure the continuity of provision of services over these networks.
 
The providers also have the obligation to notify ANCOM in the shortest time possible of any breach of security or loss of integrity which has had a significant impact on the provision of electronic communications networks or services. Based on this information, ANCOM may inform the European Network and Information Security Agency (ENISA) and the regulatory authorities for communications in other Member States of the European Union, if the respective incidents are of interest for these organisations. ANCOM will annually submit a summary report to the European Commission and to ENISA on the notifications received from providers and the action taken in those cases. In addition, ANCOM may inform the public or may require the providers to do so, where incidents with significant impact have occurred.
 
ANCOM may establish the measures defining the circumstances, format and procedures applicable in relation to the notification requirements, as well as the categories of security measures which the providers have to take in view of ensuring an appropriate security of electronic communications networks and services.
 
  • the technical and organisational measures that the providers of public electronic communications networks or of publicly available electronic communications services must take for ensuring an appropriate level of security and integrity of electronic communications networks and services;
  • the circumstances, format and procedures applicable to the notification on the breach of security or loss of integrity with significant impact on the provision of electronic communications networks and services.