Are you a provider of public telecommunications networks or telecommunications services in the Netherlands? If you provide networks or services such as:
- landline or mobile telephony
- internet access or an internet network
- email or webmail services
- video conferencing services
- internet telephony
you must meet a number of continuity and safety requirements.
Registering as a telecom provider with the ACM
Do you provide telecom services in the Netherlands? You must register with the Authority for Consumers and Markets (ACM, in Dutch). You have to register if you provide:
- public electronic communications networks
- public electronic communications services
- facilities that go with these, or build such facilities
Registration is free. Registered companies with a turnover exceeding €2 million pay an annual fee for the supervision. For this you must provide your annual net turnover to the ACM (in Dutch).
Do you only engage in activities on behalf of a registered telecom provider? Then you do not need to register with the ACM.
Solving and reporting interruptions or failures
You must make sure your services and networks are always functional and do not break down (continuity responsibility). If there is a malfunction or other incident, you need to:
- do everything in your power to restore your services
- report the interruption or security issue to the Dutch Authority for Digital Infrastructure (Rijksinspectie Digitale Infrastructuur).
You must make sure the emergency number 112 can be reached at all times. You must also make sure your customers will be able to receive the NL-Alert warning system’s messages at all times.
Compensation in case of interruptions
If there is an interruption in internet, television, or telephony services that lasts longer than 12 hours, for instance as a result of technical failure, you must compensate your customers (in Dutch).
Security of communication data
You must protect all telecommunications data. You have to secure data from telephony and internet. Employees who have access to sensitive data must have a certificate of conduct (VOG). You as the owner also need certificate of conduct for legal entities (VOG RP).
You have to delete or anonymise traffic and location data as soon as these are no longer needed for the transmission of a communication. These are privacy sensitive data. You are allowed to use these data for business purpose, for example, to write an invoice. You must however let your subscriber or user know for how long and which data you process. You must have your subscriber’s or user’s consent before you start processing the data. Subscribers and users must be able to revoke their consent easily and freely.
Reporting a data leak
Did you experience a security breach where personal data has been leaked? You must report this to the Dutch Privacy Authority (DPA, in Dutch)
Submitting client details
Judicial authorities and intelligence and security services may request information about one of your clients. You may also receive a request for the wiretapping and handing over of telephone communications for criminal investigations. Your network or services have to be available for this.
As a provider of public telecommunications networks or telecommunications services in the Netherlands you may not delay or block competitive telephone or internet services and applications, such as for instance Skype or WhatsApp. You are not allowed to charge extra money for these services and applications either. This is called net neutrality.
In some cases you may block or restrict internet access (in Dutch). For instance to prevent 'congestion' on the network, to stop the spreading of malicious software, or if a law bans a certain website, app, or internet service.
Reporting telecommunications company takeovers
You are not allowed to sell you telecommunications company to an unreliable, untrustworthy, or criminal company. Such a party also cannot have power of control in your company.
Any party that wants to purchase Dutch telecom facilities, should report first to the Ministry of Economic Affairs and Climate Policy (Ministerie van Economische Zaken en Klimaat, EZK).
To secure continuity and reliability of service and to safeguard public interests the government can prohibit or reverse such a takeover. This concerns takeovers of:
- suppliers of telephone and internet services with more than 100,000 Dutch users
- hosting services with more than 400,000 domain names
- internet hubs with more than 300 autonomous connected systems
- data centres with an electric capacity of over 40 megawatts (MW)
- certification services
Do you as a telecom provider have a problem (dispute) with a customer, municipality, or another telecom provider? Then you can ask the Authority for Consumers & Markets to decide on the issue. This is called dispute resolution (geschilbeslechting, in Dutch).