Relevant laws around the world

Digital Services Act

The Digital Services Act (DSA) came into force on November 16, 2022, with most obligations applying from February 17, 2024. It introduces a new legal framework for digital services within the EU, including requirements on hosting providers for blocking content and reporting on such blocking. Where the DSA is applicable to BT services, and to the extent that any such requests have been received, this reporting will be included in our next reporting.

* The Ministry of Justice publishes this information

BT Italia was formed after we acquired Albacom in 1995. We changed its name to BT Italia in 2006. Our head office is in Milan and we employ over 700 staff nationwide.

In Italy, we operate a 9,800-kilometre long haul fibre optic infrastructure which connects the domestic PoPs, nationwide spread, and GPoPs, running global MPLS. We also locally serve BT’s global multinational customers and some of the major Italian financial services firms, utilities, fashion, retail and manufacturing companies, providing them networking, cloud and security solutions.

Lawful interception

There are a number of laws which govern interception and surveillance in Italy. The Code of Criminal Procedure allows a public prosecutor to ask a judge to authorise all forms of interception of communications in criminal cases, provided that it meets certain statutory conditions. In particular, interception is only permitted if there’s strong evidence that serious crimes are taking place – for example crimes punishable by at least five years in prison, drug or weapon trafficking, or child sexual abuse. Interception of communications can also only be permitted if it’s absolutely necessary for the purposes of the investigation.

The authorisation issued by a judge is valid for 15 days, or 40 days in cases about the prosecution of organised crime. This can be extended for another 15 days at a time, or 20 days in cases of organised crime. If it’s urgent and a delay could seriously prejudice an investigation, the public prosecutor can order interception without judicial authorisation, as long as the order is immediately (at least within 24 hours) communicated to a judge. The judge has to decide whether to confirm or revoke the order within 48 hours. If they don’t confirm this within 48 hours, the interception is stopped and any data collected can’t be used.

Under the Implementation Rules of the Code of Criminal Procedure, the Italian Home Office or senior officers of the main Italian police forces can ask the public prosecutor to authorise an interception to stop terrorism or organised crime. The prime minister or the directors of the secret services empowered by the prime minister can also make the same request, permitted by Law Decree no.144.

As a general rule, interception must be carried out using equipment installed at the public prosecutor’s office dealing with the investigation. But if it’s urgent and the equipment doesn’t work properly or isn’t right, the public prosecutor can issue a reasoned order authorising the interception to be carried out using the equipment of the judicial police. When intercepting electronic communications like emails, the public prosecutor can order that the operation is made through equipment owned by private entities or individuals.

The Italian rules around lawful interception were recently amended by Legislative Decree no.216 of 29 December 2017. This modified some rules of the Italian Code of Criminal Procedure, extending obligations of confidentiality for intercepted communications. In particular, the new rules provide that intercepted communications – and, when relevant, their transcriptions – must be stored at the public prosecutor’s office. Only the preliminary investigations judge, the lawyers of the relevant parties and other authorised roles (for example court officers) can access these. As well as this, the Legislative Decree reinforces the protection of private conversations between an accused person and their lawyer. If the lawyer asks, interceptions that aren’t relevant to a trial (including those containing sensitive data) must be destroyed.

Data Retention

Data retention requirements for preventing and punishing crime were originally contained in the Data Protection Code. This required telephone traffic data to be kept for 24 months and internet traffic data for 12 months (Article 132 of Data Protection Code).

Following the judgment in Digital Rights Ireland, which invalidated the underlying EU Data Retention Directive, Italy introduced an anti-terrorism law. This required all telephone and telematics data kept and collected on 21 April 2015 to be retained until 30 June 2017. This law then expired, which meant the general data retention rule under the Data Protection Code applied again. No specific government order is required for these general obligations.

Recently, Law 167/2017 provided a new exemption from the data retention requirements of the Data Protection Code. Under Article 24 of Law 167/2017, telephony and telematics traffic data can be kept for 72 months where necessary to stop certain types of serious crimes, for example terrorism or organised crime.

The law doesn’t provide a way to target specific individuals, whose data should be kept on the basis that there is objective evidence showing links to the planning or commission of serious crimes. In practice it is likely that those people will only be able to be identified afterwards, for example, by the public prosecutor when they start an investigation into the serious crime. 

Data disclosure

The disclosure of retained data is mainly governed by the Electronic Communications Code and the Data Protection Code. In general, the competent judicial authority can request that communication service providers provide data for the purposes of justice, with a detailed order referring to the criminal proceedings concerned and outlining the specific data required. The obligation of a communications service provider to comply is set out in Article 96 of the Electronic Communications Code.

Under Article 132 of the Data Protection Code, the public prosecutor, a person accused of a crime or their counsel can ask for retained data to be disclosed during the relevant retention periods.

Under Article 55 of the Electronic Communications Code, a judicial authority can also access, for purposes of justice, data held by the Home Office. Each communications service provider will have passed this data to the Home Office about their own subscribers.

Under Article 226 of the Implementation Rules of the Code of Criminal Procedure, the public prosecutor, the Home Office, directors of the national secret services or senior police officers can request data disclosure in terrorism or organised cases.

Communication service providers must disclose any requested information and grant access to their databases to the Italian secret services for national cyber-security reasons. This is under Act No.124 of 23 August 2007 and the Decree of the Prime Minister No.110835 of 17 February 2017.

Web blocking

Either a judicial authority (in criminal or civil proceedings) or a competent independent supervisory administrative authority (for specific crimes) can require a communications service provider to block access to internet sites or services.

The National Centre Against Child Pornography Centre, established by the Home Office, publishes a list of sites containing child abuse material. Internet service providers must block these within six hours of getting the list, which is continuously updated. Internet service providers must also tell the Centre if they become aware of any of this content. They must also block any material if a judicial authority orders them to for a criminal investigation.

There are also regulations which require internet service providers to block access to copyright infringing material if the Italian Communications Authority orders it. This can include removing single instances of copyright infringing material where the internet service provider hosts the material, or blocking access in the case of a serious infringement, including where the material’s on a website hosted in Italy.

Law 167/2017 requires the Authority to issue a new regulation which governs cases of online copyright infringement, specifically to include interim injunctions that rights holders can apply for from the Authority. This new regulation will, among other things, provide an appeal mechanism against the Authority’s decisions as well as appropriate measures to make sure violations aren’t repeated. So far this regulation hasn’t been adopted.

Digital Services Act

The Digital Services Act (DSA) came into force on November 16, 2022, with most obligations applying from February 17, 2024. It introduces a new legal framework for digital services within the EU, including requirements on hosting providers for blocking content and reporting on such blocking.

We were one of the earliest entrants in Japan's telecommunications market after it was opened to foreign operators in 1985. With offices in Tokyo, we provide data, voice and security services to hundreds of Japanese and international customers from three highly redundant main POPs and 10 associated POPs across the country.

Lawful interception

Under the Act on Wiretapping for Criminal Investigation, a district court judge can issue a warrant to competent investigation authorities who are investigating crime to intercept communications. Communication service providers must cooperate fully with investigation authorities.

There isn’t a law in Japan which justifies interception for state security.

Data Retention

There aren’t any general requirements for communication service providers to keep data. But the Code of Criminal Procedure allows competent investigation authorities to order a provider to keep a history of communications relating to criminal investigations for up to 60 days, on a case-by-case basis. 

Data disclosure

The Code of Criminal Procedure also allows the competent investigation authorities to carry out searches or seize electromagnetic records. This includes communication histories, like names and dates and times. They can do this to investigate an offence, and a judge must issue a warrant.

Web blocking

There aren’t any legal requirements to block access to internet content in Japan.

Some legislation requires internet service providers to make an effort to co-operate with investigating agencies or take action to stop people sending information about child sexual abuse material, or hacking websites. One way this is done is by actively managing passwords. These actions are on a best-efforts basis. But there are also efforts in both the public sector (by the Ministry of Internal Affairs and Communications) and the private sector (by the Internet Content Safety Association) to identify and filter inappropriate content like child sexual abuse materials.

Our office in the Netherlands is in Amsterdam where we employ over 200 people.  We provide services to multinational organisations and international public sector customers with complex communications and information system requirements. As part of BT International we specialise in connectivity and voice services, managed IT services, multi cloud and infrastructure services.

The legislation for legal interception, data disclosure, data retention is primarily governed by the Dutch Telecommunications Act, the Dutch Code of Criminal Procedure and the Dutch Intelligence and Security Services Act 2017.

Lawful interception

Under Chapter 13 of the Dutch Telecommunications Act providers of public telecommunications networks and services are required to provide a permanent capability for interception and to co-operate with judiciary authorities when it comes to lawful interception. The powers of the Dutch judiciary authorities to intercept communication for law enforcement purposes are laid down in Art. 126m-126nb of the Dutch Code of Criminal Procedure.

Under Art. 126m of the Code of Criminal Procedure, the public prosecutor can order officers charged with an investigation – for example, the police – to carry out an interception of communication. Such an order can only be given in case of a suspicion of a crime which constitutes a serious breach of the legal order as defined in Art. 67 section 1 of the Dutch Criminal Code, if the interception is urgently needed for the investigation and following a written court order. 

When the order relates to communication over a public telecommunications network or using a public telecommunications service, the public prosecutor must issue a formal request to the telecommunications service provider to assist with the interception activities, unless this is not possible or not in the interest of the investigation to ask for this cooperation. The telecommunications service provider must comply.

Art. 126t and Art. 126zg of the Dutch Code of Criminal Procedure provide for similar powers in case of organised crime or indications of a terrorist crime.

Under the Dutch Intelligence and Security Services Act 2017 the General Intelligence and Security Service (AIVD) and the Military Intelligence and Security Service (MIVD) may carry out targeted interception, recording and tapping of any form of conversation or electronic communication by means of a telephone or internet tap. They are also allowed to carry out untargeted or bulk interception of electronic communication, subsequently determining its nature, determining or verifying the persons or organisations involved, and applying automated data analysis to the metadata and selectively selecting the content data for further analysis. Operators must help them do this – for example, by decrypting encrypted data.

Data Retention

Art. 13.2a of the Dutch Telecommunication Act contains a data retention obligation for providers of public telecommunication networks and/or services to the extent the data – as specified in an annex to the Act - are generated or processed in the context of the networks or services offered, and for the purpose of investigating, detecting and prosecuting serious crimes. This data must be retained for a period of:

a.           twelve (12) months for data relating to fixed or mobile telephone networks; and

b.           six (6) months for data relating to internet access, internet e-mail and internet telephony calculated from the date of the communication.

Data disclosure

The Code of Criminal Procedure and the Dutch Intelligence and Security Services Act 2017 allow the public prosecutor, the AIVD, the MIVD and, in some cases, officers in charge of an investigation to request providers of telecommunication services to provide communications meta data and/or data concerning the subscriber or users of the service.

Web blocking

There is no general or specific law that makes web blocking mandatory, but there are specific situations in which certain forms of web blocking may be applied. It is rather an instrument that can be applied in specific situations, for example based on a breach of code of conduct or breach of an agreement concluded between governmental institutions, special interest groups and internet operators. On the basis of a court order a website can be blocked, or unlawful content can be removed, or to provide identifying information.

Digital Services Act

The Digital Services Act (DSA) came into force on November 16, 2022, with most obligations applying from February 17, 2024. It introduces a new legal framework for digital services within the EU, including requirements on hosting providers for blocking content and reporting on such blocking. Where the DSA is applicable to BT services, and to the extent that any such requests have been received, this reporting will be included in our next reporting.

Digital Services Act

The Digital Services Act (DSA) came into force on November 16, 2022, with most obligations applying from February 17, 2024. It introduces a new legal framework for digital services within the EU, including requirements on hosting providers for blocking content and reporting on such blocking. Where the DSA is applicable to BT services, and to the extent that any such requests have been received, this reporting will be included in our next reporting.

BT Ireland provides data, voice and internet services to government and major businesses in the Republic of Ireland. We also provide wholesale network services, supplying telecommunications products and services to key communications providers.

Until 2009, BT Ireland also provided voice and internet services to consumers and small businesses. Most of these customers were transferred to Vodafone via a wholesale agreement. But we still provide services to a small number of consumers and small businesses on our dial-up internet service.

Lawful interception

Historically, the Postal and Telecommunications Services Act 1983 (as amended by the Postal Packets and Telecommunications Messages (Regulation) Act 1993) was taken to mean that a communications service provider must intercept any form of communications, including post, phone and email. These had to be issued with a written authorisation by the minister for communications or the minister for justice.

But in 2016 the Irish Department of Justice stated publicly that it doesn’t interpret the 1993 Act as giving a lawful basis for intercepting email communications. They laid this out in a policy document called ‘Amendments to the legislative basis for the lawful interception of communications’, in November 2016.

Under the Criminal Justice (Surveillance) Act 2009, senior law enforcement officers can apply to a district court for a court order to allow interception in specific circumstances in criminal investigations.

A High Court judge is designated to review the use of powers under both the Postal and Telecommunications Services Act 1983, the Postal Packets and Telecommunications Messages (Regulation) Act 1993 and the Criminal Justice (Surveillance) Act 2009.

Data Retention

The previous law relating to the retention of data in Ireland, the Communications (Retention of Data) Act was subject to a legal challenge in the Irish High Court. This led to a referral to the CJEU, which found that the Data Retention Directive (Directive 2006/24/EC) wasn’t valid (see the case Digital Rights Ireland v Minister for Communications and Others, joined cases C-293/12 and C-514/2). A later challenge to the Act was brought in the case of Dwyer v Commissioner of An Garda Síochána & Others 2015/351 P.

In response to these challenges, the Irish government passed the Communications (Retention of Data) (Amendment) Act 2022, parts of which came into force on 26 June 2023. Under the new law, general and indiscriminate retention of communications traffic and location data are only allowed on national security grounds and require approval by a designated judge.

The new law requires user data and internet source data to be retained for a period of 12 months, for various purposes including combating crime, safeguarding State security, protecting the life and safety of persons, or locating missing persons. General and indiscriminate retention of communications traffic and location data is only permitted for national security purposes, subject to judicial approval by a designated judge. The law also makes provision for Preservation Orders and Production Orders which may be obtained by an Garda Síochána, the Defence Forces, the Revenue Commissioners or the Competition and Consumer Protection Commission.

Data disclosure

The Retention Act gives specified senior law enforcement officers (including the revenue commissioners, Competition and Consumer Protection Commission and the Garda Síochána Ombudsman Commission), military officers and judges power to order communication service providers to disclose data for certain purposes (for example, to safeguard security or prevent a serious offence). Disclosure requests must be made in writing, unless they’re urgent, in which case they can be made verbally.

Other law enforcement agencies can get search warrants under a wide range of legislation, like the Criminal Justice Acts, the Competition and Consumer Protection Act 2014, the Companies Act and the Taxes Consolidation Act 1997. Search warrants that mean a communications service provider must provide copies of retained data can be issued by a district court judge or a peace commissioner.

Web blocking

A copyright holder can apply to the Irish High Court to grant an injunction requiring internet service providers to block specific IP addresses which are infringing copyright. This is allowed under the Copyright & Related Rights Act 2000 (as amended by the European Union (Copyright and Related Rights) Regulations 2012).

In 2016, the Irish Court of Appeal affirmed the power of the High Court to order non-infringing internet service providers to put a graduated response system in place for customers who infringe copyright under the Copyright & Related Rights Act 2000 (see the case Sony Music Entertainment (Ireland) Ltd & Others v UPC Communications Ireland Ltd [2016] IECA 231). We aren’t aware of any further orders being granted by the High Court. But it is possible they have been granted but not publicised.

BT Ireland is a member of the Internet Service Providers Association of Ireland (ISPAI). Their code of practice requires members to comply with notices from www.hotline.ie that ask for potentially illegal material to be removed from websites or newsgroups hosted by members, as long as it is technically practical to do that.

Digital Services Act

The Digital Services Act (DSA) came into force on November 16, 2022, with most obligations applying from February 17, 2024. It introduces a new legal framework for digital services within the EU, including requirements on hosting providers for blocking content and reporting on such blocking. Where the DSA is applicable to BT services, and to the extent that any such requests have been received, this reporting will be included in our next reporting.

We have provided services in Spain for 25 years. Our headquarters are in Madrid and we employ around 220 people.

Lawful interception

Interception powers are governed by the Criminal Procedure Act, which was approved by Royal Decree of 14 September 1882, as amended by Act 13/2015 of 5 October 2015. A competent court can order communications to be intercepted if the judicial police, the intelligence agencies or the customs agencies ask them to, and it is for a criminal investigation about certain serious offences – for example organised crime or terrorism.

In urgent cases, and where an investigation is being carried out into crimes by armed gangs or terrorists, the ministry of Home Affairs, or the secretary of state for security, can order the interception of communications. The courts must review and confirm or revoke the order within 72 hours.

Requests for interception must be based on objective evidence that they’ll help verify facts or circumstances that are relevant to a criminal investigation.

Under the Organic Act 2/2002, the Supreme Court can authorise the secretary of state for directorship of the National Intelligence Centre to adopt measures that might affect the secrecy of communications, including intercepting them. This is as long as these measures are necessary to perform the tasks assigned to the NIC – for example to protect national security and prevent crime.

Under Law 9/2014 of the General Telecommunications and the Royal Decree 424/2005, a communications service provider must intercept communications when asked by a court or the NIC. So communication service providers must maintain a permanent technical interface for this purpose, based on government technical specifications. They must use this to transfer intercepted information to interception reception centres, where authorities can access it.

Data Retention

Data retention is governed by Law 25/2007 on retention of data related to electronic communications and public communication networks.

Operators that provide publicly available electronic communications services or operate public communications networks must keep traffic data about voice services, including fixed and mobile, and internet services for 12 months. Communication service providers and internet service providers must keep data for crime-fighting purposes, even if a specific order hasn’t been issued. This period can be reduced to six months or extended up to two years by the government, after consulting with the communication service providers, and depending on the data in question.

Law 25/2007 expressly states that content data can’t be retained.

Data disclosure

Law 25/2007 allows authorised agents to ask for data for detecting, investigating or prosecuting serious criminal offences. These agencies include members of the state security forces, Customs Surveillance Directorate or agents from the National Intelligence Centre, who must get an order from the competent court. Data disclosure is also regulated by Act 13/2015, which modifies the Criminal Procedure Act.

Web blocking

Under Act 34/2002 on Information Society Services and Electronic Commerce, authorities can block access to a website if it infringes certain principles of public policy and human dignity, including intellectual property rights and the protection of children. In certain cases – for example if the measure to be adopted might affect fundamental rights like freedom of speech or right to information – the competent court must authorise the web blocking.

Any provider of information services, including internet service providers, must co-operate with authorities when it comes to blocking internet sites.

Digital Services Act

The Digital Services Act (DSA) came into force on November 16, 2022, with most obligations applying from February 17, 2024. It introduces a new legal framework for digital services within the EU, including requirements on hosting providers for blocking content and reporting on such blocking. Where the DSA is applicable to BT services, and to the extent that any such requests have been received, this reporting will be included in our next reporting.

BT Nordics Sweden AB, based in Stockholm, is part of BT International and operates across the Nordics where it supports local operations of global multinationals as well as locally based multinationals.

Legal Interception

In Sweden, lawful interception of communications is permitted under specific legal frameworks, primarily the Act on Secret Surveillance in Criminal Investigations (LSI), the Electronic Communications Act (ECA).  These regulations outline the conditions under which law enforcement agencies can intercept communications, the types of crimes for which it is authorised, and the supervising mechanisms in place.  Interception is primarily allowed in investigations of serious crimes, as defined in chapter 27, section 18 of the LSI, and must be of exceptional importance for the investigation.  The decision to intercept communications requires careful consideration and is not granted lightly. There are specific criteria and procedures outlined in the legislation.

Data Disclosure

Pursuant to the Swedish Act on Retention and Access to Electronic Communications Data (SECA) retained data may be accessed with legal basis described in SECA 9:33, the RB 27:19; or EIA (lag 2012: 278). SECA 9:33 applies to providers of electronic communications networks or services. The provision must be read in conjunction with the following:

• SECA 9:31, laying down the duty of confidentiality in respect of subscriber data, the content of the communication, and data related to the communication.  The data necessary to disclose the providers involved in the transmission of the message, shall be disclosed to the public authority who ordered that the data be preserved. The same must apply if the data have also been retained.
• RB 27:19, which concerns “secret surveillance”, i.e. the secret collection of data related to electronic messages under transmission or that have been transmitted to or from a telephone number or other address, data disclosing the electronic communications equipment that have been present in a specific geographic area, or data disclosing in which geographic area a specific electronic communications equipment is or has been located. Retained data of the kind mentioned above may be disclosed to the police in the investigation of an offence (including attempt and preparatory acts). 
• The Electronic Intelligence Act (EIA) which provides for the collection of the same data as mentioned in RB 27:19 when necessary for intelligence activities aimed at preventing, intervening against, or uncovering criminal activities as further specified in that act. The reference to the EIA in SECA 9:21 entails that retained data may be accessed for intelligence purposes. The activity must concern an offence with a prescribed penalty of imprisonment for at least 2 years or other offences as specified in EIA § 2. The authorities that may access retained data for intelligence purposes are the Police Authority, the Police Security Service, and the Customs Authority.

Data Retention

The data retention provisions are laid down in the Swedish Act on Retention and Access to Electronic Communications Data (SECA).  The data to be registered and stored are broadly specified in SECA 9:19, which specifies that the data are necessary to trace and identify the source of the communication, the final destination of the communication, date, time, and duration of the communication, type of communication, communication equipment, as well as the location of mobile communication devices at the time of the communications’ beginning and end. The data are described in more detail in the Government Regulation on Electronic Communications (2022:511) 9:7 and 9:8.

The storage period is set out in SECA 9:22:

• Data related to telephony or the processing of messages through a mobile termination point: 6 months. However, location data may be stored for 2 months only.
• Data related to internet access shall be stored for 10 months. However, data that identify the equipment that finally secludes the communication from the service provider to the subscriber shall be stored only for 6 months.
• The storage period commences on the date when the communication ended.
• The data shall be deleted upon expiration of the storage period. Exceptions exist in respect of data access based on SECA 9:33 first para point 2 and 5 (access to subscriber data); RB 27:19 (secret surveillance in the investigation of serious crime); EIA lag 2012: 278 (secret surveillance in intelligence activities); or where the data are subject to a preservation order as per RB 27:16.  In such case, the provider shall continue to store the data until it has been disclosed as per the request or the preservation period has expired, following which the data must immediately be deleted.

Moreover, in 2025 draft legislation is being considered to amend and extend the data retention period in SECA up to one or two years for purposes of protecting national security and to combat serious crimes.

Digital Services Act

The Digital Services Act (DSA) came into force on November 16, 2022, with most obligations applying from February 17, 2024. It introduces a new legal framework for digital services within the EU, including requirements on hosting providers for blocking content and reporting on such blocking. Where the DSA is applicable to BT services, and to the extent that any such requests have been received, this reporting will be included in our next reporting.

In Switzerland, we provide various networked IT services including data, voice and internet services. We have operated in Switzerland since 1992. Our headquarters are in Zurich-Wallisellen and we have offices in Berne, Basel and Geneva, which employ more than 200 people.

Lawful interception

The revised Postal and Telecommunications Surveillance Act, along with the Federal Act on International Judicial Assistance in Criminal Matters, allow certain law enforcement authorities to carry out surveillance of telecommunications networks. They need communication service providers to provide access to their premises and systems for real time and retroactive surveillance. Other providers and company network and public access point operators must also provide access. Authorities can ask for surveillance:

• in criminal proceedings
• to search for missing people or for people who have to serve a custodial sentence
• to provide international legal assistance
• as required under the Federal Intelligence Service Act (see below).

Law enforcement authorities must get court approval for surveillance requests. The Surveillance Office runs a centralised data processing system. Surveillance data collected from communications service providers goes through this database. The Surveillance Office can then give it to the authority who has asked for it. While communication service providers have only very limited rights to challenge surveillance requests, people who are the target of the surveillance can challenge them.

The Federal Intelligence Service Act allows the Federal Intelligence Service to ask for help from communication service providers for interception activities. It’s possible for a private operator to challenge these requests under Federal Intelligence Service Act in the Federal Administrative Court.

In exceptional circumstances, like an emergency or when national interests or security are at risk, the Federal Telecommunications Act allows the Federal Council or the Federal Department on the Environment, Transport, Energy and Communications to order communication services to be intercepted, limited or interrupted.

Data Retention

Under the Postal and Telecommunications Surveillance Act, communication service providers must keep certain information about users for the length of their contractual relationship, and then for six months after this ends. It also requires communication service providers to keep certain identification, traffic and marginal communications data for six months.

Data disclosure

Communication service providers must keep their users’ communications confidential. But if the Surveillance Office asks for them, they must give them the data.

Web blocking

At the moment there are no laws specifically regulating website blocking in Switzerland. But these requirements might arise either to limit our own potential liability for contributing to the distribution of unlawful content, or where courts order certain unlawful content (like copyright infringing material or illegal pornography) be blocked.

* Can't disclose

We employ more approximately 700 people and have offices in 5 cities across the US.

We own and operate our own network infrastructure in North America. This includes nationwide coverage in all major US cities, making ours one of the largest networks of this type in the region. Around half of our top 2,000 customers operate in North America, which is why we have such a large presence here.

Lawful interception

There are separate laws for law enforcement access to communications data and access for national security and intelligence purposes.

Under the Wiretap Act, a federal or authorised state judge can issue a wiretap order that allows law enforcement agencies to intercept oral, wire or electronic communications. The application must meet certain conditions, which include probable cause that the interception will reveal a federal crime.

A court can also issue a pen/trap order, which is authorised by the Pen/Trap Statute, as long as an executive officer provides the required certification. The order can be used to get dialling, routing, addressing or signalling information, but not the contents of a communication.

The Foreign Intelligence Surveillance Act allows the Foreign Intelligence Surveillance Court to authorise a federal officer to conduct certain surveillance if there’s probable cause that the target is a foreign power or an agent of one (among other requirements). In an emergency, the Attorney General can authorise the order to get foreign intelligence information, but they must also inform a judge and apply for an order in the usual way within seven days.

The Attorney General can also authorise interception without a court order under the Attorney General Foreign Intelligence Surveillance Act directive. This allows an interception for up to one year if it only targets communications between foreign powers, and if other conditions around the impact on US citizens are met.

The Foreign Intelligence Surveillance Act also allows the Attorney General to order a communications service provider to provide information, facilities or technical assistance for interception. They don’t need a court order for this, but the communications service provider can ask for a judicial review.

The Communications Assistance for Law Enforcement Act states that communication service providers and related equipment manufacturers must have a permanent capability on their networks which allows law enforcement officers to carry out electronic surveillance.

Data Retention

The Stored Communications Act regulates the government’s ability to get the stored content of electronic communications and subscriber data from communication service providers. They can order providers to preserve communications records for 90 days and extend this for a further 90 days.

Under the Federal Communications Commission Regulations, telecommunication carriers must keep any records that are necessary for billing information about telephone toll calls for 18 months.

Civil litigants also have the right to require communications data to be preserved under the Federal Rules of Civil Procedure.

Data disclosure

Law enforcement officials and intelligence agency officials can make a communication service provider disclose data they hold through court orders, warrants or subpoenas. These must be authorised under the Stored Communications Act.

The intelligence agencies can ask for data about foreign powers, either by National Security Letters, under the PATRIOT Act, or by a Foreign Intelligence Surveillance Act court order. The CLOUD Act amended the Stored Communications Act to allow federal law enforcement to compel communications services providers to provide requested data stored on servers regardless of whether the data is stored in the US or overseas.

The Communications Act also gives consumers the right to require reasonable disclosure of their own data from companies that store it.

Web blocking

Blocking internet content generally isn’t authorised under current legislation. The US Supreme Court has invalidated blocking orders made in the lower courts on the basis that they breach the right of free expression in the First Amendment to the American Constitution. This includes indecent material likely to be accessible to under 18s.

There are exceptions to this, including in the Digital Millennium Copyright Act. Here copyright holders can ask for injunctions against internet service providers which force them to take down infringing content.

UK-US Data Access Agreement

Under the Agreement between the Government of the United States of America and the Government of the United Kingdom of Great Britain and Northern Ireland on Access to Electronic Data for the Purpose of Countering Serious Crime, which entered into force on 3 October 2022, BT Plc can be served directly with legal requests for disclosure of data from law enforcement authorities in the USA (UK law enforcement can make similar requests of US telecommunications providers). These requests are covered above in our transparency reporting for the UK.