VodafoneZiggo is subject to sector-specific regulation enforced by different regulatory authorities, most notably the Authority for Consumer & Markets (ACM) and the Authority for Digital Infrastructure (RDI). Our Regulatory Affairs department regularly consults these and other government stakeholders and closely monitors the latest developments in regulation to minimise the risk of adverse regulatory pressure.
Many laws and regulations VodafoneZiggo is subject to, originate at European Union (EU) level. As of 2022, the Digital Services Act and the Digital Markets Act entered into force, while the EU renewed its Roaming Regulation. Also, in 2022, The Netherlands transposed the full European Electronic Communications Code (EECC) into national law. Member states initially had until December 21, 2020 to transpose the EECC. The Netherlands met this deadline for specific parts of the EECC, but experienced a delay for implementation of the majority of articles.
The EU is in discussion over various proposals d and we expect the introduction of new or amended laws and regulations in the near future, including:
Artificial Intelligence Act, which lays down harmonised rules on artificial intelligence
Gigabit Infrastructure Act, which will replace the Broadband Cost Reduction Directive and includes measures to reduce the cost of deploying Gigabit electronic communications networks
e-Privacy Regulation, which will replace the current e-Privacy Directive
All of these initiatives could have an impact on our business from 2023 onwards and are therefore closely monitored.
ACM performs five-yearly market analyses and can impose (access) obligations on market players as a result. There are currently no such obligations in place following the Court’s annulment of ACM’s market analysis decision in March 2020, which abolished a cable access obligation on VodafoneZiggo and access regulation on KPN.
ACM has since been investigating the need to re-regulate the fixed broadband market. A draft market analysis decision was expected in the first quarter of 2022, but was put on hold after KPN announced it had improved the wholesale conditions to its Fibre to the Home(FttH)-network. In August 2022, ACM made this offer binding for a period of eight years via a so-called commitments decision. In March 2023, ACM announced that its market analysis now focuses on possible regional markets. In a hypothetical cable-only market (where FttH has not been deployed), ACM might consider access obligations on VodafoneZiggo. A draft decision for consultation is expected towards the summer of 2023. ACM is at the same time assessing a request for symmetric access to our fixed network in the city of Amsterdam.
The Ministry of Economic Affairs is responsible for spectrum management and granting of spectrum licenses. A spectrum license confers the right to use a specific set of frequencies in a specific band for a specific period of time and under specific conditions, such as coverage obligations. Spectrum licenses for mobile services are usually assigned via an auction. In addition to one-off license fees, there are annual supervision costs, based on the amount of spectrum held.
We currently hold approximately 33% of the total mobile spectrum licenses in the Netherlands, with which we provide 2G (GSM), 4G (LTE) and 5G communications. In 2020, we acquired licenses in the 700, 1400, and 2100 MHz bands for a period of 20 years. We also hold 800, 900, 1800 and 2600 MHz licenses that will expire in 2030. The Dutch Government is planning to auction 300 MHz in the 3.5 GHz band for mobile services in the second half of 2023. This auction has been delayed as a result of court rulings regarding the protection of satellite services.
Security & continuity
As a provider of public electronic communication networks and services, VodafoneZiggo is subject to specific obligations in the Dutch Telecommunications Act to safeguard the security and integrity of our networks and services. We are also obliged to ensure the continuity of electronic communications services in the event of disturbances or outages of the electricity grid. Further to the Wet beveiliging netwerk- en informatiesystemen (Wbni), the Dutch implementation of the Security of Network and Information systems directive (NIS), we are also required to notify RDI and the National Cyber Security Center (NCSC) of (cyber) security and integrity breaches which materially threaten the continuity of our networks and services.
European institutions are currently discussing the NIS2 directive (a revision of the current NIS regime, aiming to tackle its limitations, as well as respond to changes in the cyber security threat landscape), the Critical Entities Resilience Directive (CER) and the Cyber Resilience Act (CRA). Under NIS2, which will be implemented in a revised Wbni, VodafoneZiggo will be designated an operator of essential services, and will therefore be subject to the strictest obligations of both NIS2 and the CER, the latter regulating physical security aspects. The CRA is a regulation on horizontal cybersecurity requirements for products with digital elements, and aims to increase the cybersecurity of devices with digital elements by establishing common requirements, applicable from the design phase through to the product's entire life cycle.