Draft Regulations laid before Parliament under section 267(3)(i) of the Investigatory Powers Act
2016, for approval by resolution of each House of Parliament.

DRAFT

S TAT U T O R Y

INSTRUMENTS

2017 No.
INVESTIGATORY POWERS
The Investigatory Powers (Technical Capability) Regulations
2017
Made -

-

Coming into force

-

-

***

-

-

***

The Secretary of State, in exercise of the powers conferred by section 253(3) and (5) of the
Investigatory Powers Act 2016( a), makes the following Regulations:
In accordance with section 253(4) of that Act, the Secretary of State considers that the obligations
in the Schedules to these Regulations are obligations that are reasonable to impose on those
relevant operators(b) to whom the obligations apply for the purpose of securing that it is (and
remains) practicable to impose requirements on those relevant operators to provide assistance in
relation to relevant authorisations( c), and that it is (and remains) practicable for those relevant
operators to comply with those requirements.
In accordance with section 253(6) of the Investigatory Powers Act 2016, before making these
Regulations the Secretary of State has consulted the Technical Advisory Board, persons appearing
to the Secretary of State to be likely to be subject to the obligations specified in these Regulations
and those representing such persons, and persons with statutory functions in relation to persons
appearing to the Secretary of State to be likely to be subject to the obligations specified in these
Regulations.
In accordance with section 267(3)(i) of the Investigatory Powers Act 2016 a draft of this
instrument was laid before Parliament and approved by resolution of each House of Parliament.
Citation and commencement
1. These Regulations may be cited as the Investigatory Powers (Technical Capability)
Regulations 2017 and come into force on [ ].
Interpretation
2. In these Regulations—
a
b
c

()
()
()

2016 c. 25.
“Relevant operator” is defined in section 253(3) of the Act.
“Relevant authorisation” is defined in section 253(3) of the Act.

“the Act” means the Investigatory Powers Act 2016;
“relevant postal operator” means a postal operator, or a person who is proposing to become a
postal operator(a);
“relevant telecommunications operator” means a telecommunications operator, or a person
who is proposing to become a telecommunications operator( b), but does not include a person
who provides, or who is proposing to provide, a telecommunications service only in relation to
the provision by that person of banking, insurance, investment or other financial services.
Applicable obligations
3.— The Schedules to these Regulations specify applicable obligations for the purposes of
section 253 of the Act.
4.Schedule 1 specifies obligations in relation to warrants issued under Part 2 or Chapter 1 of Part
6 of the Act.
5.Schedule 2 specifies obligations in relation to authorisations granted under Part 3 of the Act
and warrants issued under Chapter 2 of Part 6 of the Act.
6.Schedule 3 specifies obligations in relation to warrants issued under Part 5 or Chapter 3 of Part
6 of the Act.
Relevant operators
7.— Subject to paragraph (3), the obligations in Part 1 of Schedules 1 and 2 and in Schedule 3
may be imposed on a relevant telecommunications operator.
8.The obligations in Part 2 of Schedules 1 and 2 may be imposed on a relevant postal operator.
9.The obligations in Part 1 of Schedule 1 and in Schedule 3 may not be imposed on a relevant
telecommunications operator who does not provide, and does not intend to provide, a
telecommunications service to more than 10,000 persons.

Home Office
Name
Date
Minister of State

a
b

()
()

“Postal operator” is defined in section 262(6) of the Act.
“Telecommunications operator” is defined in section 261(10) of the Act.

2

SCHEDULE 1

Regulation 3(2)

Obligations in relation to warrants under Part 2 or Chapter 1 of Part 6 of
the Act
Part 1
Relevant telecommunications operators
1. To provide and maintain the capability to carry out the interception of communications or the
obtaining of secondary data and disclose anything obtained under the warrant to the person to
whom the warrant was addressed, or any person acting on that person’s behalf, within one working
day, or such longer period as may be specified in the technical capability notice, of the
telecommunications operator being informed that the warrant has been issued.
2. To provide, modify, test, develop or maintain any apparatus, systems or other facilities or
services necessary to provide and maintain the capability described in paragraph 1.
3. To provide and maintain the capability to ensure the interception, in their entirety, of all
communications and the obtaining, in their entirety, of all secondary data authorised or required by
the warrant.
4. To provide and maintain the capability to ensure, where practicable, the transmission of
communications and secondary data in near real time to a hand-over point as agreed with the
person to whom the warrant is addressed.
5. To provide and maintain the capability to disclose, where practicable, only the
communications the interception of which, or the secondary data the obtaining of which, is
authorised or required by the warrant.
6. To provide and maintain the capability to disclose intercepted communications and secondary
data in such a way that the communications and the secondary data can be unambiguously
correlated.
7. To ensure that any hand-over interface complies with any industry standard, or other
requirement, specified in the technical capability notice.
8. To provide and maintain the capability to disclose, where practicable, the content of
communications or secondary data in an intelligible form and to remove electronic protection
applied by or on behalf of the telecommunications operator to the communications or data, or to
permit the person to whom the warrant is addressed to remove such electronic protection.
9. To provide and maintain the capability to simultaneously intercept, or obtain secondary data
from, communications relating to up to 1 in 10,000 of the persons to whom the
telecommunications operator provides the telecommunications service to which the
communications relate.
10. To ensure that any apparatus, systems or other facilities or services necessary to carry out the
interception of communications or obtaining of secondary data are at least as reliable as any
telecommunication system by means of which the communication that is intercepted, or the
communication from which secondary data is obtained, is transmitted.
11. To ensure that the capability to intercept communications or obtain secondary data may be
audited so that it is possible to confirm that the communications that are intercepted, or from
which secondary data is obtained, are those described in the warrant, and that the integrity of the
communications and data is assured.
12. To comply with the obligations imposed by a technical capability notice in such a manner
that the risk of any unauthorised persons becoming aware of any matter referred to in section

3

57(4) of the Act is minimised, in particular by ensuring that apparatus, systems or other facilities
or services, as well as procedures and policies, are developed and maintained in accordance with
security standards specified in the notice and any guidance issued by the Secretary of State.
13. In order that the capability to intercept communications and obtain secondary data may be
maintained, to put in place and to maintain arrangements, agreed with the Secretary of State, to
notify the Secretary of State, within a reasonable time, of—
(a) proposed changes to telecommunications services or telecommunication systems to
which obligations imposed by a technical capability notice relate;
(b) proposed changes, to existing telecommunications services, of a description specified in
the notice, and
(c) the development of new telecommunications services.
14. To consider the obligations and requirements imposed by any technical capability notice
when designing or developing new telecommunications services or telecommunication systems.

Part 2
Relevant postal operators
15. To provide and maintain the capability to carry out the interception of, or the obtaining of
secondary data from, communications transmitted by means of a postal service and to disclose
anything obtained under the warrant to the person to whom the warrant is addressed or any person
acting on that person’s behalf within one working day, or such longer period as may be specified
in the technical capability notice, of the postal operator being informed that the warrant has been
issued.
16. To provide and maintain the capability to disclose secondary data in a form specified in the
technical capability notice.
17. To provide and maintain the capability to open, copy and reseal any postal item.
18. To comply with the obligations and requirements imposed by a technical capability notice in
such a manner that the risk of any unauthorised persons becoming aware of any of the matters
referred to in section 57(4) of the Act is minimised, in particular by ensuring that apparatus,
systems or other facilities or services, as well as procedures and policies, are developed and
maintained in accordance with agreed security standards and any guidance issued by the Secretary
of State.

4

SCHEDULE 2

Regulation 3(3)

Obligations in relation to authorisations granted under Part 3 of the Act
and warrants issued under Chapter 2 of Part 6 of the Act
Part 1
Relevant telecommunications operators
1. To provide and maintain the capability to obtain and disclose communications data without
undue delay, and within a period specified in the technical capability notice or agreed between the
telecommunications operator and the Secretary of State, following the telecommunications
operator being informed that obtaining or disclosing the communications data has been authorised
under the Act.
2. To provide, modify, test, develop or maintain any apparatus, systems or other facilities or
services necessary to provide and maintain the capability described in paragraph 1.
3. To ensure that any apparatus, systems or other facilities or services necessary to obtain and
disclose communications data are of a reliability specified in the notice or agreed between the
operator and the Secretary of State.
4. To provide and maintain the capability to ensure the obtaining and disclosure, in their entirety,
of all communications data to which the authorisation or warrant relates.
5. To ensure the transmission of the communications data to a hand-over point in accordance
with levels of service specified in the notice or agreed between the telecommunications operator
and the Secretary of State.
6. To provide and maintain the capability to disclose communications data in such a way that it
is clear to which request or requirement to disclose communications data the data relates.
7. To ensure that any hand-over interface complies with any industry standard, or other
requirement, specified in the technical capability notice.
8. To provide and maintain the capability to disclose, where practicable, only the
communications data the obtaining of which is authorised by the authorisation or warrant.
9. To provide and maintain the capability to disclose, where practicable, communications data in
an intelligible form and to remove any electronic protection applied by or on behalf of the
telecommunications operator to the data, or to permit a person authorised to obtain the
communications data, or the person to whom the warrant was addressed, to remove such
electronic protection.
10. To install and maintain any apparatus provided to the operator by or on behalf of the
Secretary of State for the purpose of enabling the operator to obtain or disclose communications
data, including by providing and maintaining any apparatus, systems or other facilities or services
necessary to install and maintain any apparatus so provided.
11. To ensure that the capability to obtain and disclose communications data may be audited so
that it is possible to confirm that the obtained communications data are those described in the
authorisation or warrant which authorised the obtaining of the communications data, and that the
integrity of the data is assured.
12. To comply with the obligations imposed by a technical capability notice in such a manner
that the risk of any unauthorised persons becoming aware of the obtaining of communications
data, or any matter referred to in sections 82(1)(a) or 174(1) of the Act, is minimised, in particular
by ensuring that apparatus, systems or other facilities or services, as well as procedures and

5

policies, are developed and maintained in accordance with agreed security standards and any
guidance issued by the Secretary of State.
13. In order that the capability to obtain communications data may be retained, to put in place
and to maintain arrangements, agreed with the Secretary of State, to notify the Secretary of State
within a reasonable time of—
14.proposed changes to existing telecommunications services or telecommunication systems to
which obligations imposed by a technical capability notice relate;
15.proposed changes, to existing telecommunications services, of a description specified in the
notice, and
16.the development of new telecommunications services.
17. To consider the obligations imposed by any technical capability notice when designing or
developing new telecommunications services or telecommunication systems.

Part 2
Relevant postal operators
18. To provide and maintain the capability to ensure that communications data in relation to
communications transmitted by means of a postal service can be disclosed to a person authorised
to obtain it.
19. Where, in the course of their normal business, the postal operator keeps records of who sent
which item, to provide and maintain the capability to ensure that communications data in relation
to postal items sent by identified persons can be disclosed to a person authorised to obtain the
data.
20. To comply with the obligations imposed by a technical capability notice in such a manner
that the risk of any unauthorised persons becoming aware of the obtaining of communications
data, or any matter referred to in section 82(1)(a) of the Act, is minimised, in particular by
ensuring that apparatus, systems or other facilities or services, as well as procedures and policies,
are developed and maintained in accordance with security standards specified in the notice and
any guidance issued by the Secretary of State.

6

SCHEDULE 3

Regulation 3(4)

Obligations in relation to warrants issued under Part 5 or Chapter 3 of
Part 6 of the Act
1. To provide and maintain the capability for interference with equipment to be carried out, for
the purpose of obtaining communications, equipment data or any other information, within such
period as may be specified in the technical capability notice of the telecommunications operator
being informed that the conduct has been authorised by a warrant.
2. To provide and maintain the capability to ensure the obtaining of any communications,
equipment data or other information which is authorised by a warrant, and to disclose anything
obtained under a warrant, within such a period as may be specified in the technical capability
notice.
3. To provide and maintain the capability to enable the transmission to the person to whom the
warrant is addressed of any data required to secure equipment interference.
4. To provide, modify, test, develop or maintain any apparatus, systems or other facilities or
services necessary to provide and maintain the capabilities described in paragraphs 1 to 3.
5. To provide and maintain the capability to disclose, where practicable, only the
communications, equipment data and other information the obtaining of which is authorised by the
warrant.
6. To provide and maintain the capability to disclose, where practicable, the communications,
equipment data and other information in an intelligible form to standards specified in the notice
and to remove electronic protection applied by or on behalf of the telecommunications operator to
those communications, equipment data or other information, or to permit the person to whom the
warrant is addressed to remove such electronic protection.
7. To provide and maintain the capability to disclose the communications, equipment data and
other information in such a way that they can be unambiguously correlated.
8. To ensure that any hand-over interface complies with any industry standard, or other
requirement, specified in the technical capability notice.
9.To ensure that the capability to interfere with equipment may be audited so that it is possible to
confirm that the communications, equipment data or other information obtained are those to which
the warrant relates, and that the integrity of the communications, equipment data or other
information is assured.
10. To comply with the obligations imposed by a technical capability notice in such a manner
that the risk of any unauthorised persons becoming aware of any matter referred to in section
132(4) of the Act is minimised, in particular by ensuring that apparatus, systems or other facilities
or services, as well as procedures and policies, are developed and maintained in accordance with
security standards specified in the notice and any guidance issued by the Secretary of State.
11. In order that the ability to interfere with equipment may be maintained, to put in place and to
maintain arrangements, agreed with the Secretary of State, to notify the Secretary of State within a
reasonable time of—
12.proposed changes to telecommunications services or telecommunication systems to which
obligations imposed by a technical capability notice relate;
13.proposed changes, to existing telecommunications services, of a description specified in the
notice, and
14.the development of new telecommunications services.

7

15. To consider the obligations imposed by any technical capability notice when designing or
developing new telecommunications services and telecommunication systems.

8

EXPLANATORY NOTE
(This note is not part of the Regulations)
These Regulations set out the obligations which may be contained in a technical capability notice
given by the Secretary of State under section 253 of the Investigatory Powers Act 2016 (c. 25). A
technical capability notice imposes obligations on a telecommunications operator or postal
operator in order to ensure that the operator has the capability to provide assistance in relation to
interception warrants, equipment interference warrants, or warrants or authorisations for the
obtaining of communications data.
Regulation 3 introduces the obligations which may be imposed by a technical capability notice.
Schedule 1 sets out obligations in relation to bulk and targeted interception warrants; Schedule 2
sets out obligations in relation to authorisations for the targeted acquisition of communications
data or warrants for the bulk acquisition of communications data, and Schedule 3 sets out
obligations in relation to bulk or targeted equipment interference warrants.
Regulation 4 provides that certain obligations may be imposed on postal operators and certain
obligations on telecommunications operators. No obligations may be imposed on a
telecommunications operator which provides a telecommunications service only in relation to
providing banking, insurance, investment or other financial services. Further, obligations in
relation to interception or equipment interference warrants may not be imposed on a
telecommunications operator with fewer than 10,000 customers.

9