Heimdell Tech Ai - TPV Verification for Telecom Resellers HEIMDELL TECH AI ← Back to Compliance Hub

UK Telecom Compliance Glossary

Authoritative definitions and 3-step compliance actions for every key regulatory term. Your reference for Ofcom, PECR, TSA, and UK telecom law.

What You Learn

  • ✓ Key compliance terms defined
  • ✓ Regulatory acronyms explained
  • ✓ Industry terminology
  • ✓ Quick reference guide

Who It's For

  • • New compliance staff
  • • Legal teams
  • • Business owners
  • • Anyone navigating UK telecom regulation
HOW TO USE THIS GLOSSARY
Each term includes a 1-sentence definition and 3 compliance steps. Use the alphabet navigation to jump to specific terms. This glossary covers 30+ regulatory terms spanning Ofcom General Conditions, PECR, UK GDPR, Telecoms Security Act, and One Touch Switch requirements.

A

AITArtificial Inflation of Traffic

Deliberate generation of fraudulent telecommunications traffic to premium-rate or international revenue share numbers, typically through automated systems, compromised PBXs, or SIM boxes, resulting in illegitimate revenue for fraudsters at the expense of communication providers.

3 Steps to Comply
  1. Implement real-time monitoring — Set alerts for >50 calls/hour to single destinations, >£500 international spend/day, and calls to known fraud prefixes
  2. Maintain fraud destination blacklists — Subscribe to industry fraud intelligence feeds and auto-block calls to flagged number ranges
  3. Establish 30-minute containment SLA — Document incident response procedures requiring traffic blocking within 30 minutes of confirmed AIT detection

See also: AIT Prevention SOP, GC C1 Fraud Prevention

ADRAlternative Dispute Resolution

Third-party dispute resolution service that UK communication providers must offer customers after 8 weeks of unresolved complaints, or immediately if deadlock is declared. Approved schemes are CISAS and Ombudsman Services: Communications.

3 Steps to Comply
  1. Join an approved ADR scheme — Register with either CISAS or Ombudsman Services: Communications before commencing service
  2. Include ADR details in contracts — Customer contracts must state which ADR scheme you belong to and how to access it
  3. Issue ADR letters at 8 weeks — Send written notification of ADR rights after 8 weeks of unresolved complaint or when declaring deadlock

Automatic Compensation

Ofcom scheme requiring broadband and landline providers to automatically pay customers for delayed repairs, installations, or missed engineer appointments without the customer needing to claim.

3 Steps to Comply
  1. Track SLA breaches automatically — Implement systems to detect delayed repairs (>2 working days) and delayed installations (>missed date)
  2. Calculate and credit compensation — Pay £9.33/day for loss of service, £5.25/day for delayed installation, £26.24 for missed appointments
  3. Credit within 30 days — Apply compensation to customer account within 30 calendar days of the qualifying event

C

CLICaller Line Identification

The telephone number transmitted to identify the calling party. Under PECR and Ofcom rules, providers must not present false or misleading CLI, and must enable customers to withhold their number when required.

3 Steps to Comply
  1. Validate CLI at provisioning — Only allocate numbers you control; verify customer identity before assigning CLI ranges
  2. Block spoofed CLI — Implement STIR/SHAKEN or equivalent validation to reject calls with invalid/spoofed originating numbers
  3. Offer CLI withhold — Provide customers with per-call (141) and permanent CLI withhold options as required by GC C6

Cooling-Off Period

The 14-day statutory right for consumers to cancel a distance or off-premises contract without penalty under the Consumer Contracts Regulations 2013, starting from the day after contract conclusion or delivery of goods.

3 Steps to Comply
  1. Provide written confirmation — Send contract confirmation within 1 working day clearly stating cooling-off rights and cancellation instructions
  2. Record consent for early service — If service starts before cooling-off ends, obtain and document explicit customer consent
  3. Process cancellations within 14 days — Refund all payments within 14 days of receiving cancellation notice; no penalty charges apply

Commission Clawback

Recovery of sales commission by a telecom provider from a reseller when a customer cancels within the cooling-off period, fails identity verification, disputes the sale, or the contract is found non-compliant with regulatory requirements.

3 Steps to Comply
  1. Verify identity at point of sale — Implement ID verification before contract completion to prevent fraudulent sign-ups
  2. Record verbal consent — Create timestamped voice logs confirming customer understanding of contract terms and cooling-off rights
  3. Generate audit-ready evidence — Produce provider-ready compliance certificates for every sale demonstrating regulatory adherence

D

DUA 2025Data Use and Access Act 2025

UK legislation reforming data protection law, amending UK GDPR and PECR. Key changes include first-party analytics cookie exemption, expanded B2B soft opt-in, codified legitimate interests, and Smart Data scheme framework.

3 Steps to Comply
  1. Update cookie consent — Remove consent prompts for first-party analytics; maintain consent for third-party tracking and advertising cookies
  2. Revise B2B marketing processes — Document relationship basis for expanded soft opt-in to corporate subscribers
  3. Monitor Smart Data designation — Track DSIT announcements on potential telecom sector designation for data portability requirements

See also: Data Use Act 2025 Implementation Guide

E

ETCEarly Termination Charge

Fee charged to customers who cancel a fixed-term contract before the minimum term ends. Under Ofcom rules, ETCs must not exceed the provider's actual loss and must be clearly disclosed before contract signing.

3 Steps to Comply
  1. Calculate proportionately — ETC must reflect remaining contract value minus costs saved; cannot be punitive or exceed actual loss
  2. Disclose before contract — Provide clear ETC amounts or calculation method in pre-contract information and contract terms
  3. Communicate on switching — Under OTS, losing provider must accurately state any ETCs due within the confirmation letter

G

General ConditionsOfcom GC

The 27 mandatory regulatory conditions under the Communications Act 2003 that UK communications providers must comply with, covering network access, consumer protection, numbering, and fraud prevention.

3 Steps to Comply
  1. Identify applicable conditions — Determine which of the 27 GCs apply to your service type (ECS, ECN, number-based) using Ofcom's guidance
  2. Document compliance evidence — Maintain records demonstrating adherence to each applicable condition (contracts, procedures, training)
  3. Review annually — Conduct annual compliance review against current GC requirements; update processes for any Ofcom amendments

See also: Ofcom General Conditions Guide

GC C1General Condition C1 — Fraud Prevention

Ofcom General Condition requiring communication providers to take all reasonable steps to prevent fraud and misuse on their networks, including AIT, premium rate fraud, CLI spoofing, and Wangiri scams.

3 Steps to Comply
  1. Implement fraud monitoring — Deploy real-time traffic analysis capable of detecting anomalous call patterns within minutes
  2. Establish rapid response — Document procedures for blocking fraudulent traffic within 30 minutes and notifying affected parties
  3. Report to Ofcom — File fraud reports with Ofcom for significant incidents; maintain 12-month incident log

See also: GC C1 Fraud Prevention Guide

I

IRSFInternational Revenue Share Fraud

Fraud scheme where criminals generate calls to international premium-rate numbers they control, receiving a share of the call charges while the originating provider bears the cost. A major component of AIT fraud.

3 Steps to Comply
  1. Block high-risk destinations — Implement controls for calls to known IRSF hotspots (certain African, Eastern European, Pacific island codes)
  2. Set international spending limits — Apply per-customer daily caps of £200-500 for international calls with alerts at 80% threshold
  3. Subscribe to fraud intelligence — Join i3 Forum or CFCA to receive real-time IRSF destination alerts and update blacklists

O

OfcomOffice of Communications

The UK's communications regulator responsible for telecommunications, broadcasting, and postal services. Ofcom enforces General Conditions, investigates complaints, and can fine providers up to 10% of relevant annual turnover.

3 Steps to Comply
  1. Register as a provider — Notify Ofcom before providing electronic communications services using their online notification system
  2. Monitor regulatory updates — Subscribe to Ofcom consultations and statements affecting your service type
  3. Respond to information requests — Comply with Ofcom Section 135 requests within specified deadlines; retain evidence for 6+ years

OTSOne Touch Switch

Ofcom's industry-wide switching process launched April 2023 allowing residential broadband customers to switch providers by contacting only the gaining provider. Switches must complete within 10 working days.

3 Steps to Comply
  1. Register with TOTSCo — Complete registration with The One Touch Switching Company and integrate with Hub APIs or Portal
  2. Meet 10-day SLA — Ensure all residential broadband switches complete within 10 working days; monitor at-risk orders from day 7
  3. Automate compensation — Pay £5.25/day automatically for delays; £26.24 for missed appointments; credit within 30 days

See also: One Touch Switch Compliance Guide

P

PECRPrivacy and Electronic Communications Regulations 2003

UK law governing electronic marketing, cookies, and communications privacy. Covers consent for marketing calls/emails, TPS checking, CLI requirements, traffic data retention, and cookie consent rules.

3 Steps to Comply
  1. Obtain marketing consent — Record explicit opt-in for email/SMS marketing; check TPS/CTPS before live marketing calls
  2. Display valid CLI — Never present false or misleading caller ID; offer call-back capability on marketing calls
  3. Implement cookie consent — Obtain consent for non-essential cookies (except first-party analytics under DUA 2025)

See also: PECR Telecom Compliance Guide

PortingNumber Portability

The right of customers to keep their telephone number when switching providers, mandated by Ofcom GC A2. Geographic and non-geographic numbers must port within 1 working day.

3 Steps to Comply
  1. Process port requests in 1 day — Complete number ports within 1 working day of receiving valid request from gaining provider
  2. Never block ports — Cannot refuse porting due to outstanding bills; must not create artificial delays
  3. Maintain porting records — Log all port requests, completion times, and any failures for regulatory audit

S

Soft Opt-In

PECR exemption allowing electronic marketing without explicit consent when contact details were obtained during a sale or negotiation, marketing relates to similar products, and opt-out was offered at collection and in every message.

3 Steps to Comply
  1. Document sales context — Record how contact details were obtained (purchase, quote, enquiry) with timestamp
  2. Market similar products only — Limit marketing to products/services similar to those originally purchased or discussed
  3. Include opt-out in every message — Provide clear unsubscribe mechanism; honour opt-outs within 28 days

STIR/SHAKEN

Secure Telephone Identity Revisited / Signature-based Handling of Asserted information using toKENs — international standards framework for digitally signing calls to authenticate CLI and combat spoofing.

3 Steps to Comply
  1. Implement certificate authority — Obtain STIR certificates from approved CA; configure SIP infrastructure for call signing
  2. Sign outbound calls — Apply attestation levels (A/B/C) based on your knowledge of the calling party's right to use the CLI
  3. Verify inbound calls — Check SHAKEN signatures on received calls; flag or block calls with invalid/missing attestation

See also: Telecoms Access Review 2026

T

TSATelecommunications (Security) Act 2021

UK legislation establishing a security framework for public telecoms networks, requiring providers to implement security measures proportionate to their tier classification, with Ofcom enforcement powers.

3 Steps to Comply
  1. Determine your tier — Classify based on annual revenue: Tier 1 (>£1bn), Tier 2 (£50m-£1bn), Tier 3 (<£50m)
  2. Implement mandatory measures — Complete all required Code of Practice measures: 65 (Tier 1), 52 (Tier 2), or 38 (Tier 3)
  3. Remove high-risk vendors — Exclude designated vendors from core network functions by December 2027 deadline

See also: Telecoms Security Act: Tier 1, 2, 3 Requirements

Tier 1 Provider

UK telecommunications provider with gross annual relevant revenue exceeding £1 billion, subject to all 65 mandatory Telecoms Security Act Code of Practice measures. Examples: BT, Virgin Media O2, Vodafone, Three.

3 Steps to Comply
  1. Implement all 65 measures — No measures are "recommended" for Tier 1; all Code of Practice requirements are mandatory
  2. Establish dedicated SOC — Maintain 24/7 Security Operations Centre capability with incident response procedures
  3. Commission external audits — Conduct annual independent security audits; report findings to Ofcom on request

Tier 2 Provider

UK telecommunications provider with gross annual relevant revenue between £50 million and £1 billion, subject to 52 mandatory and 13 recommended Telecoms Security Act measures. Examples: Sky, TalkTalk, Hyperoptic.

3 Steps to Comply
  1. Implement 52 mandatory measures — Prioritise mandatory requirements; document rationale for not implementing recommended measures
  2. Conduct risk assessment — Annual security risk assessment covering network, services, and supply chain
  3. External audit (recommended) — While not mandatory, independent audits demonstrate due diligence to Ofcom

Tier 3 Provider

UK telecommunications provider with gross annual relevant revenue below £50 million, subject to 38 mandatory and 27 recommended Telecoms Security Act measures. Covers most resellers and regional ISPs.

3 Steps to Comply
  1. Implement 38 mandatory measures — Focus on: board security owner, risk assessment, access control, patch management, incident response
  2. Document security policy — Written policy covering all applicable measures, reviewed annually
  3. Establish breach notification — Process to notify Ofcom within 72 hours of significant security incidents

TOTSCoThe One Touch Switching Company

Industry body operating the central Hub that facilitates all One Touch Switch transactions between UK broadband providers. All residential broadband providers must integrate with TOTSCo.

3 Steps to Comply
  1. Complete registration — Register with TOTSCo before offering residential broadband services; choose integration method
  2. Integrate with Hub — Implement API integration (high-volume), Portal access (low-volume), or use wholesale partner's integration
  3. Meet message SLAs — Process all TOTSCo Hub messages within 2 hours; maintain audit logging for 12 months

TPS/CTPSTelephone Preference Service

UK opt-out registers for consumers (TPS) and businesses (CTPS) who do not wish to receive unsolicited marketing calls. Callers must check these registers before making live marketing calls.

3 Steps to Comply
  1. Subscribe to TPS/CTPS — Register with the Direct Marketing Association to access the registers for screening
  2. Screen before calling — Check numbers against TPS (consumers) and CTPS (businesses) within 28 days before each campaign
  3. Maintain suppression lists — Keep your own suppression list of opt-outs; retain for minimum 6 years

U

UK GDPRUK General Data Protection Regulation

The retained EU GDPR as it applies in the UK post-Brexit, governing the processing of personal data. Enforced by the ICO with fines up to £17.5 million or 4% of global turnover.

3 Steps to Comply
  1. Establish lawful basis — Document lawful basis (consent, contract, legitimate interest) for each category of personal data processing
  2. Respond to DSARs — Handle Data Subject Access Requests within 30 days; provide call records, account data on request
  3. Implement Article 22 safeguards — For automated decisions with legal effects, provide human review mechanism and right to contest

See also: UK GDPR for Telecom Providers

W

Wangiri Fraud

Phone scam where fraudsters make brief calls from premium-rate international numbers, hoping recipients call back and incur high charges. Japanese for "one ring and cut." Providers must block known Wangiri sources under GC C1.

3 Steps to Comply
  1. Block calls from known Wangiri sources — Subscribe to industry intelligence feeds and auto-block originating ranges
  2. Alert customers — Warn customers about callback scams via messaging, bill inserts, or website notices
  3. Monitor callback patterns — Detect customers calling high-cost destinations after receiving short-duration inbound calls
📚

Part of the UK Telecom Compliance Hub

Return to the main compliance guide for detailed implementation guides on each regulatory area.

Need Compliance Support?

TELECOM COMPLIANCE provides managed compliance verification for telecom resellers. Let us handle your documentation, audits, and regulatory monitoring.

Request Assessment

Related Pages

Ofcom General Conditions

All 27 conditions explained

UK Telecom Compliance

Complete regulatory framework

UK GDPR for Telecoms

Data protection obligations