News Own Your Online External Link Report it
News Own Your Online External Link
  1. Welcome to the National Cyber Security Centre
  2. What we do
  3. Regulations and standards
  4. TICSA telecommunications network security
  5. About TICSA

About TICSA

The Telecommunications (Interception Capability and Security) Act 2013 (TICSA), sets out obligations for New Zealand’s telecommunications providers in two key areas – Part 2: Interception capability, and Part 3: Network security.

Disclaimer: This section is for information only. Please contact the Regulatory Unit at ticsa@ncsc.govt.nz for specific questions about network operator obligations under TICSA, or any other matters relating to GCSB’s role under the Act. 

Our role under TICSA

The National Cyber Security Centre (NCSC) is part of the Government Communications Security Bureau (GCSB). The Regulatory Unit in the NCSC is the team responsible for the day-to-day network security regulatory functions under Part 3 of TICSA, including assessing certain change proposals to public telecommunications networks. 

The Part 3 requirements apply to network operators, defined in TICSA as:

  • a person who owns, controls, or operates a public telecommunications network, or 
  • a person who supplies (whether by wholesale or retail) another person with the capability to provide a telecommunications service.

Our team works with network operators to identify and address network security risks that may arise when they design, build or operate public telecommunications networks. 

Telecommunications (Interception Capability and Security) Act 2013 No 91 (as at 28 November 2023), Public Act Contents – New Zealand Legislation External Link

Interception capability requirements

New Zealand Police is responsible for the interception capability requirements of TICSA, and for maintaining the Register of Network Operators on behalf of all the surveillance agencies.

Interception capability External Link External Link

Notification of proposed changes to public telecommunications networks

Network operators must notify us if they want to make certain changes or developments to their networks that may intersect with national security.

Our role at NCSC is to assess the proposed changes on a case-by-case basis to identify any potential network security risks, on behalf of the Director-General of the GCSB.

Notification of proposals

TICSA notification of proposals template [DOCX, 107 KB]

Registering as a network operator

Under TICSA, network operators must register within three months after becoming one. This process is managed by New Zealand Police, who maintain a register and have appointed a Registrar.

If an organisation is uncertain whether they meet the definition of a network operator, or if they have any enquiries about registration, they should contact New Zealand Police, who oversee the registration process.

Submit an enquiry to the Registrar securely online External Link

More about registration on the New Zealand Police website External Link

Guidelines to help network operators work with us

To ensure network security risks are identified and addressed as early as possible, the GCSB has developed guidance for network operators to help them:

  • understand their obligations under TICSA, and
  • to work cooperatively and collaboratively with the NCSC. 

The guidelines were developed in consultation with network operators, and cover the:

  • mandatory registration process,
  • network security focus of TICSA,  
  • notification requirements,
  • consideration and communication of proposals, and
  • request process for an exemption.

Read the Guidelines for Network Operators [PDF, 464 KB]