Goto Main Content
:::

Chapter Law Content

Title: Regulations for Inspection of Public Telecommunications Networks CH
Category: National Communications Commission(國家通訊傳播委員會)
Chapter Ⅲ Info-communications Security Inspection
Article 10
The competent authority shall select more than six examination-compliant establishers each year to conduct information security inspections.
The competent authority shall consider the criticality, scale, number of subscribers, type of telecommunications service, level of info-communications security responsibility, frequency and extent of info-communications security incidents, frequency and results of the inspection, and other factors related to information security when conducting periodic inspections prescribed in the preceding paragraph.
When the competent authority conducts network performance inspection, it shall act in accordance with the principle of not obstructing telecommunications services.
Article 11
When the competent authority conducts periodic inspections mentioned in the preceding article, it shall notify the inspected entity of the inspection date, inspection items, compliance standards, and payment notice in writing two months in advance. The inspected entity shall complete the payment within the time limit specified in the notice sent by the competent authority.
If the inspected entity in the preceding paragraph fails to cooperate with the inspection at the time designated by the competent authority due to business factors or other legitimate reasons, it may apply to the competent authority to change the inspection date with a written statement of reasons within five days from receiving the notice prescribed in the preceding paragraph.
The application in the preceding paragraph shall be limited to one change only, except for reasons of force majeure.
Article 12
If the establisher falls under any one of the following circumstances, the competent authority may conduct irregular info-communications security inspections to it:
1. The info-communications security incident occurred on the public telecommunications networks and reached a level-3 cyber security incident or higher as stipulated in the Regulations on the Notification and Response of Cyber Security Incident.
2. There is a likelihood that the public telecommunications network may endanger national security or info-communications security, and it is notified by relevant authorities.
Article 13
The content of the info-communications security inspection conducted by the competent authority shall be as follows:
1. For the inspected entity having the information security maintenance plan formulated, the implementation of its information security maintenance plan shall be inspected.
2. For the inspected entity having not formulated the information security maintenance plan, the implementation of its network information security protection planning shall be inspected.
When a part or all of the public telecommunications network of the inspected entity in the preceding paragraph is critical telecommunications infrastructure, the competent authority may require the inspected entity to provide supporting materials that comply with the Technical Specifications for Info-communications Security Testing of Info-communication Equipment of the Critical Telecommunications Infrastructure whose formulation is authorized by Paragraph 8, Article 42 of the Act.
If the supporting materials mentioned in the preceding paragraph cannot be provided, the competent authority may request the inspected entity to provide a valid test report issued by a test body recognized by the competent authority to perform the technical specifications prescribed in the preceding paragraph, within the specified period.
The period prescribed in the preceding paragraph shall be limited to two months.
Article 14
The items and compliance standards of the info-communications security inspection shall be handled in accordance with the info-communications security inspection form announced by the competent authority.
Article 15
The competent authority shall notify the inspected entity of the inspection results within one month after the completion of the info-communications security inspection.
If the inspection results in the preceding paragraph show deficiencies or improvement needed, the inspected entity shall submit an improvement report to the competent authority within one month after receiving the inspection results.
After the inspected entity submits an improvement report prescribed in the preceding paragraph, within the time specified by the competent authority, according to the nature and extent of the deficiencies or items needing improvement, the implementation of the improvement report shall be submitted in writing; if deemed necessary by the competent authority, the competent authority may request the inspected entity to explain or undertake improvements.