Ref. Ares(2017)3140390 - 22/06/2017
Summary: Analysis & Evidence
Policy Option 1
Open Internet Access SI - Secondary legislation to allow Ofcom the requisite powers to enforce the
requirements of the Regulation, and to set out an appropriate, proportionate and dissuasive penalties regime in UK law.
FULL ECONOMIC ASSESSMENT
Net Benefit (Present Value (PV)) (£m)
(excl. Transition) (Constant Price)
Description and scale of key monetised costs by ‘main affected groups’
Other key non-monetised costs by ‘main affected groups’
Business impact in relation to the statutory instrument enabling Ofcom to monitor and ensure compliance
with the Regulation is unquantified due to the uncertainty of the exact nature of the information requests,
but industry consultation has shown that requests from Ofcom will only produce a minimal cost on
businesses, assuming that the requests will be included in the existing information requests regime. Ofcom
also intends to work with the industry to minimise the burden of these requests.
(excl. Transition) (Constant Price)
Description and scale of key monetised benefits by ‘main affected groups’
When implementing the EU Regulation the UK would not have to face infraction proceedings such as a
minimum lump sump fine of £9,982,000 as well as daily penalty payments and possible court costs. The
daily penalty payments depend on the seriousness, the duration of the infringement and the special factor
'n' corresponding to the GDP and the number of votes it has in the Council of the Member States.
Other key non-monetised benefits by ‘main affected groups’
The UK government would also not be liable to legal challenge from parties seeking to redress such
providers’ practices, which could be substantial.
It is assumed that Ofcom will work in collaboration with industry to ensure that information request reporting
on traffic management is light touch, subsumed into existing regulatory requests, and serviceable through
existing business processes - and that (given widespread compliance with the existing voluntary codes on
open internet) the number of information requests in cases of suspected breach of the Regulation will be
minimal. Risks should be mitigated by a proportionate approach of the SI.
BUSINESS ASSESSMENT (Option 1)
Direct impact on business (Equivalent Annual) £m:
Score for Business Impact Target (qualifying
provisions only) £m:
Evidence Base (for summary sheets)
Problem under consideration
The European Commission emphasised the need to monitor market and technological developments in
relation to “net freedoms” in the European Union to preserve an internet in line with those freedoms, i.e.
an “open” and “neutral” internet.
The concept of net neutrality is defined in part in the Framework Directive on electronic communications
as the ability of end-users to access and distribute information or run applications and services of their
The concept of net neutrality means that all end-users should have equal access to all kinds of online
content (such as email and high-quality video) without operators being able to throttle (“slow-down”),
block or discriminate against any type of content. The issue of net neutrality became increasingly
important due to the massive expansion of content being downloaded and streamed on the internet.
There are concerns that major players may try to buy or leverage content prioritisation at the expense of
smaller companies and start-ups, and that end-users’ rights to access and distribute information might
Ensuring net neutrality (in particular, a prohibition of blocking and throttling with certain legitimate
exceptions) would mean that all end-users will have unrestricted access to use and distribute
applications and services provided over the internet within the limits of contracted data volumes and
speeds. On the one hand, such a guarantee is particularly important for SMEs and start-ups who
(compared to large OTT ”Over the Top Technology” providers) mostly do not possess the leverage to
ensure that ISPs make their services available. On the other hand, the possibility for ISPs to provide
services other than internet access services, such as specialised services with guaranteed quality of
service2 creates major opportunities for innovation and delivery of new services3. Different ways of
regulating traffic management practices create uncertainty which hampers product and business-model
innovation and, consequently, the introduction of new business models4.
Obstacles to net neutrality include, for example5:
the blocking or throttling of traffic by certain network operators, which takes the form of restricting
access to internet services (online television, videoconferences, etc.) or to specific websites, or
categories of websites. The Body of European Regulators for Electronic Communications
(BEREC) and the National Regulatory Authorities (NRAs) may receive users’ complaints from
consumers and/or content and service providers;
traffic congestion, which requires reasonable management. There are various different traffic
management techniques to alleviate congestion;
lack of transparency, which prevents consumers from making informed choices in terms of
services. NRAs are therefore empowered to set minimum quality of service requirements.
Rationale for intervention
EU Regulation (EU) 2015/21206 lays down provisions related to open internet access (“net neutrality”)
and mobile roaming charges. The latter not the subject of the statutory instrument and thus this impact
assessment. The open internet access provisions come into effect from 30 April 2016. The Regulation
1 Korolyn Rouhani-Arani for Taylor Wessing http://united-kingdom.taylorwessing.com/en/first-eu-wide-net-neutrality-rules-set-to-come-into-effect
2 Recital 16 of the EC Regulation (https://ec.europa.eu/digital-single-market/en/news/regulation-european-parliament-and-council-laying-down-
measures-concerning-european-single) sets out that providers of internet access services should be free to offer services which are not internet
access services and which are optimised for specific content, applications or services, or a combination thereof, where the optimisation is
necessary in order to meet the requirements of the content, applications or services for a specific level of quality.
3 See more: EU Commission Impact Assessment, http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52013SC0331
4 See more: EU Commission Impact Assessment, http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52013SC0331
5 See more: EU Commission Impact Assessment, http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52013SC0331
requires that providers of internet access services to the public must treat all internet traffic equally,
except for in certain defined circumstances (e.g. reasonable traffic management measures to mitigate
the effects of exceptional or temporary network congestion). Providers are however allowed to engage in
blocking content etc. where doing so is necessary to comply with EU or national law (e.g. to block or
combat illegal activity / content).
There is also an exemption to allow providers to use traffic management to preserve the integrity of the
network and end-users’ terminal equipment (e.g. to allow for anti-cybercrime, anti-virus and anti-hacking
measures). Providers must also abide by stipulations related to transparency about levels of service in
contracts with end-users.
Action on open internet access was proposed by the European Commission on two grounds. Firstly, to
secure a high level of protection for end-users of electronic communication services, and guarantee the
continued functioning of the internet ecosystem as an engine of innovation. Secondly, to prevent
divergence in the regulatory framework following a number of Member States introducing relevant
The Regulation requires that National Regulatory Authorities (NRAs) in Member States should be
designated to monitor and ensure compliance by providers. It also requires that Member States set out
an appropriate regime of penalties in cases of breach of the Regulation. As part of their duties, it lays
down that NRAs must be able to require providers to supply information about their traffic management
The UK is obliged to implement the EU regulation (or face infraction proceedings). The Statutory
Instrument (SI) therefore ensures the Regulation’s provisions can be implemented by designating Ofcom
as the NRA for the UK, allowing them the necessary powers to monitor and ensure compliance with the
Regulation, and setting out a penalties regime (consistent with Ofcom’s wider regulatory framework
Net neutrality supports the Government’s policy goal of ensuring an open and secure internet that
supports innovation and growth. The EU Regulation will provide a legal framework to prevent internet
service providers from exploiting necessary traffic management arrangements over their networks in
order to gain unfair competitive advantage, by “throttling” (slowing down) or blocking competing services
(e.g. Skype, by providers of paid-for call services). The UK was central to shaping the negotiations of the
EU Regulation to deliver an ambitious, consumer focused package. The Regulation presents a
balanced, principles based package that protects the open internet while supporting innovation.
Description of options considered
• Option 0: Do nothing:
Not legislating to designate Ofcom as the NRA, allow them the necessary
powers to ensure compliance, and to set out a penalties regime for breaches would result in infraction
proceedings by the European Commission (and open the UK to legal challenge).
• Option 1: Preferred Option:
Secondary legislation to allow Ofcom the requisite powers to enforce
the requirements of the Regulation, and to set out an appropriate, proportionate and dissuasive
penalties regime in UK law.
Monetised and non-monetised costs and benefits of Option 1
Monetised costs by ‘main-affected groups
Non-monetised costs by ‘main-affected groups’
The impact of the EU Regulation itself on business and the UK market for internet services is not within
scope of this assessment. However, potential business impact in relation to the Statutory Instrument (SI)
enabling Ofcom to monitor and ensure compliance with the Regulation is in scope. Thus, the main
affected groups are internet service providers.
In effect, the only costs to business will be incurred where Ofcom requests information from providers of
internet access services to the public about their internet traffic management practices.
Ofcom have advised that their information requests would take two broad forms. Firstly, general regular
monitoring of internet access providers’ traffic management. Secondly, specific investigations of
particular providers where a breach of the Regulation is suspected.
On general monitoring, Ofcom are likely to make periodic requests to operators for information about the
capacity and utilisation of their networks, and of the ways in which traffic management policies are
applied to manage that capacity. Ofcom have stated they would expect that this information would be
generated as a matter of course as part of operators' network management, and would expect to work in
collaboration with the industry to ensure this is the case as the approach to regular monitoring is defined.
On specific investigations, where Ofcom may have reason to believe practices at an operator may be in
conflict with the EU Regulation, they may wish to issue more detailed requests covering network
capacity / utilisation etc., and details of the function and impact of traffic management policies which may
affect end-users' ability to access services of their choice. Again, Ofcom advise that they would expect
such information to be available from the network management technologies employed by operators.
We have consulted the main internet access providers (incl. Sky, BT, Talk Talk, Telefonica, Virgin and
Three) on Ofcom’s proposed approach to information requests as above. Their responses have
confirmed Ofcom’s view that this information should be relatively easily supplied. Although they could not
monetise compliance with such information requests, they have confirmed that costs should be
negligible and the impact minor provided that Ofcom subsume these requests into their existing
information requests regime (as part of the normal regulatory process). Where costs could escalate
would be if Ofcom were to increase the frequency and levels of detail of reporting to such an extent that
new and bespoke data collections systems and processes would be required. However, Ofcom have
confirmed that they intend to work with the industry to minimise the burden of these requests. They are
already in informal discussion with providers about including these requests in the existing reporting for
Ofcom’s annual Connected Nations report (this is a suggestion from the providers).
In the draft SI we have included a caveat on information requests that “Ofcom are not to require the
provision of information under this regulation except...where the making of a demand for the information
is proportionate to the use to which the information is to be put in carrying out Ofcom’s functions”. This
will provide an avenue of challenge for providers in any case of disproportionate costs.
In assessing the proportionality of exercising its formal information gathering powers in any particular
case, Ofcom will ordinarily consider:
the extent to which the information sought is necessary in order for Ofcom to exercise properly its
functions, and likely to be relevant to the exercise of those functions;
whether the information is obtainable from other sources and/or in alternative formats that would
cause less of a burden on recipients;
whether any burden imposed on the recipient of a request is, in the relevant circumstances,
proportionate to the reasons for gathering the information.
In some cases, it may be necessary to request comparable information from a range of network
operators - as far as possible Ofcom will work with network operators to design such requests so as to
allow them to provide comparable data which is available from the network management technologies
In the UK all the major UK providers of internet access services are thought to be largely in compliance
with most of the open internet provisions of the EU Regulation, through the existing voluntary framework
of the Open Internet Codes of Practice. There is little or no evidence of current traffic management
practices that would breach the Regulation. It is unlikely therefore that there will be many instances
where Ofcom will need to undertake specific investigations requiring a more detailed level of information
from providers. However, as Ofcom have suggested and providers consulted have confirmed, this
information should still be easily obtainable.
Monetised Benefits for ‘main affected groups’
When implementing the Regulation the UK would not have to face infraction proceedings such as a
minimum lump-sum fine of £9,982,000 well as daily penalty payments and possible court costs. The
daily penalty payments depend on the seriousness, the duration of the infringement and the special
factor 'n' corresponding to the GDP and the number of votes it has in the Council of the Member State.
To date the UK has never been fined for non-compliance with an EU Directive or as a result of any other
type of infraction cases - a record we are very keen to maintain.
Non-Monetised benefits for ‘main affected groups’
The UK government would also not be liable to legal challenge from parties seeking to redress such
providers’ practices which could be substantial.
Rationale and evidence that justify the level of analysis used in the IA (proportionality approach)
Any costs to business are limited to those related to servicing Ofcom’s information requests about their
traffic management practices. The main provider base is small, and is used to supplying information to
Ofcom as part of the existing information requests regime. Providers should be able to access the
information easily (as it is generated by them as a matter of course), and reporting can be subsumed into
existing reporting mechanisms to Ofcom. It is therefore deemed that these costs should be negligible,
and significantly below the £1m p.a. threshold to qualify for the fast-track Better Regulation process.
Risks and assumptions
It is assumed that Ofcom (as they have stated) will work in collaboration with the industry to
ensure that information request reporting in traffic management is light touch, subsumed into
existing regulatory requests, and serviceable through existing business processes.
It is assumed that given widespread compliance with the existing voluntary codes on open
internet, the number of information requests in cases of suspected breach of the Regulation will
The risks of burdensome information requests should be mitigated by the SI’s requirement for
such requests to be proportionate.
Small and Micro-Businesses Assessment
Analysis of small business impacts makes clear that there are potential costs for smaller businesses (up
to 50 employees, and/or less than 10 million Euros turnover), including micro-businesses (up to 10
employees, and/or less than 2 million Euros turnover), but these are likely to be minimal. In the EU
regulation there is no option to exempt small and micro businesses from this new regulatory measures.
Furthermore, the impact on those businesses will be very limited, since the great majority of internet
service providers are larger businesses. No data is available on the number of small and micro-
businesses in this sector but there is evidence that the number is small. The Internet Service Providers
Association (ISPA) represents 144 individual members (not including virtual ISPs), the majority of whom
(126) focus on delivering internet connectivity. This includes the 4 largest consumer-facing ISPs that
collectively serve about 90%+ of fixed-line consumer subscribers (Sky, Talk Talk, BT and Virgin); a large
number of ISPs that specialise in delivering communications services to businesses, with different
services for SMEs and large corporates; and niche providers that focus on a targeted area (e.g. a rural
location) or customer base (e.g. student or military accommodation). Within this number, there are
providers that resell connectivity from wholesale providers and those that build and operate their own
networks using a variety of technologies.
Furthermore, in the UK it is best-practice that providers of internet access are in compliance with the
open internet provisions of the EU Regulation and with non-compliance small and micro-businesses
would be prone to legal challenges of bigger providers. Ofcom and Broadband Stakeholder Group studies
have confirmed there is little or no evidence of current traffic management practices that would breach
The Statutory Instrument (SI) will provide a legislative basis to enforce the EU regulation in the UK,
which will be of general benefit for UK consumers (as end-users of internet access services) and
businesses that wish to ensure their services are not blocked (helping protect innovation in digital