The world of information technology, radio, and telecommunications is a vast minefield of data, requirements, and regulatory compliance.

Here we give you a brief breakdown of some of the regulatory and legislative compliance required for information technology, radio and telecommunications in the United Kingdom.


Radio was previously regulated by the Radio Authority (RA), under the Broadcasting Act of 1990, which was replaced by the Office of Communications (OFCOM) in 2003. OFCOM is the body that issues licenses for and produces codes of conduct for, the radio industry in the United Kingdom. Any radio transmitting device has to be licenced (or exempted).

Where a radio broadcaster breaches a rule, regulation or code, the Radio Authority is the body that will also investigate the breach and if necessary issue a fine, or even suspend or revoke a license.

You may know that The British Broadcasting Corporation (BBC) is a public broadcaster and not subject to such licensing. Instead, they have developed an internal check and control system.

OFCOM concerns itself with the general content of a broadcast (taste, accuracy, violence, defamation, sponsorship etc.), as well as in so far as news broadcasts are concerned impartiality, expressions of opinion and political issues.

Information Technology

Information Technology regulations and compliance primarily focus on security and data protection, which is becoming an ever-important and growing field. The technology used to breach companies’ networks and databases is becoming increasingly sophisticated, and governing authorities have recognised the importance of requiring companies to ensure the safety of people’s personal information.

The United Kingdom currently prescribes to two data protection legislations – the European Union General Data Protection Regulation (GDPR), as well as the United Kingdom Data Protection Act 2018 (DPA). The dual application is due to the fact that the GDPR requires EU member states to adopt local legislation in order to enforce compliance, and with the looming “Brexit” deadline, this will become even more important.

Data protection laws and requirements generally focus on two legs of protection – technical security (firewalls, anti-virus protection, penetration testing etc), and consent (how did an entity obtain someone’s personal information, what do they do with that information, and what happens if you do not want them to have your information any longer). The legislation then focuses on what happens if there is a breach (who must be notified and how), as well as penalties to the data holding entity if they failed to protect the data adequately.


The Telecommunications Act of 1984 saw a major change in the telecommunications environment in the United Kingdom. Previously, British Telecoms (BT) had an exclusive market share in the industry, and this legislation eradicated this monopoly and provided for an open market.

In 2003, European Union directives were issued governing the telecommunications framework in the United Kingdom and the rest of the European Union. There is uncertainty on how this may be impacted by the forthcoming “Brexit” negotiations.

Because both European Union directives and United Kingdom legislation apply to telecommunications, the regulatory framework can be very complicated.

OFCOM specifically concerns itself as to whether a particular telecommunications provider has an unfair competitive advantage or dominance in a market, and can impose conditions to limit that competitive advantage.

That being said, telecommunication service providers do not need a license or permit in order to operate within the United Kingdom, nor does OFCOM need to be notified of a new service, except for radio communication services.