Security and integrity of public communications networks and services for operators
Ratel / Electronic Communications / Networks and services / For operators and service providers / Security and integrity of public communications networks and services for operators
The obligations of business entities with regard to ensuring the security and integrity of public electronic communications networks and services and terminal equipment are contained in the provisions of Article 157 of the Law on Electronic Communications („Official Gazette of the Republic of Serbia“, No. 35/23).
The Rulebook on the security and integrity of public electronic communications networks and services and terminal equipment regulates:
· the implementation of adequate technical and organizational measures appropriate to the existing risks and in particular measures for the prevention and minimization of the impact of security incidents on users and interconnected networks;
· the implementation of measures to ensure the continuity of the operation of public communications networks and services;
· the implementation of protection measures to prevent unauthorized use of terminal equipment that enables access to the Internet;
· the procedure for notifying users when there is a particular risk of a breach of the security and integrity of public electronic communications networks and services;
· the procedure for notifying the Regulatory Authority for Electronic Communications and Postal Services of any breach of the security and integrity of public electronic communications networks and services that has significantly affected the operation of the business entity.
In the event of a threat that leads to a significantly elevated risk of breaching the security and integrity of public electronic communications networks and/or services or terminal equipment enabling access to the Internet (unauthorized access, major data loss, compromised communications privacy or personal data security etc), the business entity is obliged to inform users about the threat in a clear and documented way, through its web presentation and in other suitable ways. Should the threat require measures that are outside the scope of those that the business entity is obliged to apply, the business entity must inform the users potentially affected by such a threat, about the possible protection measures that the user can apply, as well as about the possible costs related to the application of those measures.
Rulebook on the security and integrity of public electronic communications networks and services and terminal equipment.