The long-awaited Communications Regulation Bill 2022 was published on 25 September 2022 (the "Bill"), which will, together with the European Union (Electronic Communications Code) Regulations 2022, transpose the European Electronic Communications Code (the "EECC") into Irish law. The EECC codifies many existing EU telecoms regulatory regimes in one legal instrument, and ensures that 'traditional' and 'online-only' operators are subject to the same regulatory rules, preparing the current telecoms regulatory landscape for the digital age.

Our previous article, Cracking the Code: Ireland upgrades its telecommunications regulatory enforcement regime & paves the way for delayed transposition of the European Electronic Communications Code in 2022, provided a summary of the Irish 'Code Regulations' transposing the EECC.

At present, the Commission for Communications Regulation ("ComReg") can exercise its enforcement powers through criminal and occasional High Court proceedings, as well settlement agreements. The introduction of the new civil enforcement options under the Bill, for which the standard of proof is lower and the legal powers are clearer, will provide ComReg with greater direct control than in criminal prosecutions and civil High Court actions which are currently possible. The new enforcement regime will naturally lead to more investigations, the imposition of more sanctions and subsequent appeals challenging the decisions of ComReg and its independent adjudicators.

In this article, we outline the key features of the Bill in the areas of enforcement, security and consumer protection.

Enforcement

As expected, the Bill armours ComReg with an enhanced enforcement toolbox including:

  • New power to subject businesses to interim measures: The Bill proposes to introduce a new power for ComReg to impose interim measures where it has evidence of a breach of a regulatory provision, or a breach of conditions, or of a substantial risk that either such breach will take place. Interim measures can be imposed by ComReg for up to three months (six months in circumstances where enforcement procedures have not been completed). This period can be extended by the High Court on application.1 This new power is very widely drawn and could give rise to significant adverse business interruption and cost consequences for providers of electronic communication services. While we anticipate it will be used sparingly and only kept in the toolbox for extraordinary cases involving potential irreparable harm to consumers, it will take some time and track record for this to be proven.
  • New power to subject businesses to multi-stage civil enforcement investigations: In line with the recently enacted Competition (Amendment) Act 2022 (see our previous update here), the Bill proposes a new multi-stage civil enforcement process. The Bill provides ComReg's authorised officers with the power to carry out investigations on foot of (i) complaints, or (ii) on ComReg's own initiative. Following investigation, the matter may be settled pursuant to a legally binding agreement (which may involve payment of a fine) or referred to the new independent panel of adjudicators (see below). Where a referral is made this may be for the purposes of seeking either an order on consent in respect of a settlement agreement that ComReg has entered into or a decision by the adjudicator in relation to the existence (or not) of a regulatory breach and the imposition (or not) of any civil sanctions or directions. The Bill anticipates that 'fair process' will be followed and in particular that the party / parties under investigation will be consulted and given a fair opportunity to make submissions before the matter is referred to an adjudicator (as set out below). How this will work in practice remains to be seen, and in particular there is a risk that investigations will become very long and resource-intensive for all parties due to the potential for dispute regarding fair process requirements during a long and multi-stage investigation process.
  • New investigation powers: The Bill gives ComReg's authorised officers additional information gathering powers, such as taking possession of and detaining computers and other appliances and requiring persons in possession of records, or who appear to be in a position to facilitate access to records, to do so. In line with other Irish legislation, the authorised officers can take possession of records held on any mode of storage.
  • New power for regulatory breaches to be determined and fines be set by independent adjudicators rather than Irish Courts: The Bill provides for the appointment of a panel of adjudicators to adjudicate matters referred to it including the imposition of a financial penalty or the requirement to pay compensation for a regulatory breach. Adjudicators will be nominated by ComReg and appointed by the Minister for the Environment, Climate and Communications (the "Minister"). The panel of adjudicators will most likely consist of members and employees of ComReg (with the exception of the Chairperson of ComReg) and the Chief Adjudicator (which cannot be a member of ComReg). Members of ComReg that are appointed as adjudicators are required to perform their duties independently of the performance of their other functions (eg, they cannot be involved in the investigation and the adjudication of the same matter). The Minister will make regulations for the appointment, term, requirements and functions of the role of adjudicators. Ensuring that the independent adjudicators are truly independent, while also holding the requisite expertise, will be a very important task as otherwise the entire process would be vulnerable to legal challenge.
    • Powers of independent adjudicators: The Bill equips the adjudicators with the following quasijudicial powers: (i) directing ComReg or one or more of the parties to answer questions, adduce evidence, produce books and documents or clarify an issue of fact, (ii) conducting an oral hearing, and (iii) summoning a witness to appear to give evidence or attend an oral hearing (including on oath). Non-compliance with the adjudicator's directions or a witness summons will be deemed to be an offence. In case of regulatory breaches, adjudicators will be able to impose a range of remedies such as (i) an administrative financial sanction, (ii) the payment of compensation, (iii) the payment of a refund, or (iv) the suspension or withdrawal of an authorisation. Adjudicators decisions can be appealed to the High Court. It is clear from this list of powers that the independent adjudicator stage of a multi-stage investigation has the potential to be lengthy, intensive, costly and intrusive for all affected parties.
  • Settlements and commitments: During the adjudication proceedings (as well as at any earlier investigation stage as noted above), ComReg can enter into settlement agreements with the other party / parties to the investigation and accept legally binding commitments to address the suspected regulatory breach. The terms of the settlement agreement can include financial sanctions or other appropriate remedies.
  • Court Supervision: While the Bill proposes new powers for ComReg to impose administrative financial sanctions (see below), critically, these sanctions will need to be confirmed by the High Court (to ensure compliance with constitutional requirements and similar to the case of fines imposed by other Irish regulators including the Central Bank of Ireland and the Data Protection Commission). Decisions of adjudicators may be appealed to the High Court within 28 days. Upon expiry of this period, and subject to any extension that may be granted by the High Court, ComReg can make an application to the High Court for the confirmation of the adjudication. The High Court's determination is final and cannot be appealed except where the High Court grants leave to appeal to the Court of Appeal on a point of law of exceptional public importance.
  • The end of the 'loser pays' rule in disputes with ComReg?: No order as to costs can be made in proceedings before an adjudicator or the Court (unless a person or ComReg, as the case may be, has engaged in improper, irregular, unfair, or unsatisfactory conduct), effectively giving ComReg immunity from the 'loser pays' rule.2 The Bill also invites any Court to follow this departure from the normal principles in deciding on who pays the costs of any Court appeal.
  • New civil sanctions and increased criminal sanctions: The Bill provides for new civil sanctions and higher criminal sanction with maximum fines for companies of the greater of ?5 million or up to 10% of turnover and for natural persons of ?500,000 or up to 10% of the annual income. As set out above, civil sanctions need to be confirmed by the High Court.

These new and increased civil and criminal sanctions bring the communications sector and the powers available to ComReg in line with many other sectoral regulators, such as the Competition and Consumer Protection Commission under the new Competition (Amendment) Act 2022. A table setting out all available fines and sanctions is provided below.

Penalties under the Bill

Offence

Penalty

Failure to comply with dispute resolution procedures set out in Section 69 and 75 of the Bill (failure to comply with summons, directions, requests for information, providing misleading evidence, etc)

(a) on summary conviction, Class A fine (ie, a fine not exceeding ?5,000 within the meaning of the Fines Act 2010) imprisonment for up to 6 months or both; or (b) on conviction on indictment, imprisonment for up to 5 years or to a fine not exceeding ?250,000, or both.

Maximum amount of compensation that a provider may be required to pay to an end-user

?5,000.

Maximum amount of compensation that an adjudicator may require a natural person to pay to all the persons affected by a regulatory breach

An amount not exceeding the greater of:

(a) ?500,000; and

(b) 10% of annual income of the person.

Maximum amount of compensation that an adjudicator may require a person other than a natural person to pay to all the persons affected by a regulatory breach

An amount not exceeding the greater of:

(a) ?5,000,000; and

(b) 10% of annual turnover of the person in the State.

Security

The Bill has transposed the network and service security provisions contained in Articles 40, and 41 of the EECC. As part of this, the Bill proposes the introduction of a mechanism which would allow the Minister to specify security measures by regulation and to provide guidelines relating to network security, thus, providing a legislative basis to assist with enforcement of the electronic communications security measures. We outlined previously how 'interpersonal communication services' ("ICS") defined as a service "normally provided for remuneration that enables direct interpersonal and interactive exchange of information via ECN between a finite number of persons" now falls within the regulatory remit of the EECC, meaning that ICS providers must adhere to the regulatory requirements under Articles 40, and 41 of the EECC for the first time (ie, meet a particular network security standard and report significant incidents to its national regulator). For an overview of these requirements read our Cracking The Code: New Security and Outage Reporting Obligations for Internet-Based Providers article.

  • ICS providers must prepare to meet the minimum security requirements for the first time: ICS providers are now subject scrutiny and investigation by ComReg and the Bill does not stipulate whether ICS providers are to be exempt from certain security provisions and / or whether special accommodations are to be made. Therefore, Irish-based OTT companies, including internet-based messaging and calling services should ensure full adherence to these security provisions.
  • Use of high-risk and non-EU vendors: In short, there is no provision in the Bill which explicitly designates or restricts the use of 'high-risk vendors' or non-EU actors from the supply of telecoms infrastructure and equipment to Irish providers of electronic communications networks and services ("ECN and ECS"). Additionally, there is nothing in the Bill which deals with the potential categorisation of 'high-risk' vendors. Thus, the Bill is silent on whether ComReg or the the Minister proposes to prohibit the use and supply of telecoms equipment produced by certain infrastructure suppliers. However, a number of provisions in the Bill afford to the Minister and ComReg the ability to establish regulations and measures in relation to the types of action to be taken by providers of ECN and ECS (and suppliers) to manage certain security risks and threats. There appears to be sufficient scope for the establishment of a future restriction / prohibition on the use and supply of telecoms equipment made by 'high-risk' vendors / non-EU actors in the event the Minister or ComReg perceives same as constituting a high security risk or threat.3

Consumer Protection

The Bill seeks to introduce a number of consumer protections, developed in close co-operation with ComReg. These include the following:

  • Digital accessibility: ComReg can require providers to publish information on the quality of their technical and non-technical services as well as the adequacy of access to its services by endusers with disabilities. In this regard, providers should familiarise with Directive (EU) 2019/882 on the accessibility requirements for products and services (the "European Accessibility Act"), which will be transposed into Irish law in due course.
  • Quality of service, compensation schemes and customer charter: The Bill equips ComReg with powers to set minimum quality-of-service standards as regards customer service or switching of providers. If a provider fails to comply with these standards or does not adequately facilitate the porting of phone numbers or the switching of providers, ComReg can require the provider to pay compensation to any affected internet users. The provider will be required to publish a compensation scheme document on its website setting out information as to the amount and how and when the compensation will be paid. ComReg may also require providers to prepare and publish a 'customer charter', to measure their performance against the standards set out in the charter and to report the findings to ComReg. ComReg may also order an independent audit to be carried out and paid for by the provider to assess its performance.4
  • Enhanced ADR process for end-users: The Bill requires providers to prepare and publish a code of practice for dealing with complaints and settling disputes. Upon receipt of a complaint by an end-user, providers must inform that end-user of their right to refer a dispute to ComReg, which may make resolutions that are binding on providers. Importantly, the referral of disputes to ComReg does not extinguish an end-users general legal rights, such as bringing proceedings to the Irish courts. The Bill also imposes reporting requirements on providers which must report any new complaints to ComReg bi-annually, and ComReg can direct providers to publish or furnish to it complaints-related data.5

The consumer protection provisions introduced by the Bill will have practical implications on current investigations by ComReg, which has taken an active role in enforcing consumer rights in Ireland. ComReg's investigation of eir's contract termination conditions and procedures in 2014 is notable in this regard. Following a lengthy investigation, the parties agreed to a settlement agreement, which compelled eir to bring its practices into compliance by discontinuing the practice of charging customers a penalty for failure to provide notice of their intention to change service provider outside their minimum contract period, applying disaggregated bundle charges for the final bill when the customer is switching provider and engaging in 'Save' activity with a customer wishing to leave eir eg, by making the customer speak to a retentions team.

Conclusion

With the introduction of a range of new offences and a boost to ComReg's investigatory and enforcement powers, we expect to see a greater number of longer, more complex and more contentious ComReg investigations of a wider range of regulated providers in future. We also expect that such investigations will, in time, lead to complex Court appeals which will be needed to clarify the standard of proof and the fair procedure requirements which must be applied by ComReg and independent adjudicators prior to handing down potentially far-reaching and damaging civil findings and sanctions.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.