On November 6th, 2020, the German Federal Ministry for Economics and Technology published the first draft of a law to modernise telecommunications law ("TKMoG") for consultation of the German Länder and stakeholder interest groups.
The draft law primarily intends to adapt the German TKG to the EU directive on the "European Code for Electronic Communications" (Directive (EU) 2018/1972 (hereinafter "Code" or "EECC"). To this end, Article 1 of the TKMoG contains a complete revision of the TKG (hereinafter "TKG-draft").
The draft is labelled a "discussion draft" because consensus building between the Federal Government’s competent departments has not yet been completed. Some central points are still controversial (see below). But time is pressing: the EECC needs to be implemented by December 21st, 2020, a deadline that is no longer realistically within reach. In addition, federal elections are scheduled for the summer or autumn of next year, and the Bundestag’s last weeks in session are scheduled for June 2021. Should the law not be passed by then, there is a risk of a massive delay due to discontinuity, the formation of a new government, etc., which would mean that the legislative process would probably not be completed before the end of 2022.
According to the introductory remarks of the draft legislation, the TKMoG has the following main focuses:
- implementation of comprehensive new definitions, in particular a fundamental extension of the scope to cover more types of services,
- creating regulatory incentives for the development of very high capacity networks,
- reform of market regulation, including regulatory holidays for co-investment and co-operation models and introduction of symmetric regulation,
- improving information about infrastructures relevant for telecommunications,
- modernisation of radio spectrum management,
- speeding up authorisation procedures for the build out of very high capacity networks,
- strengthening rights of shared use, including for the deployment of mobile networks,
- consolidation of consumer rights at an overall high level, with improved customer rights in certain cases,
- strengthening the enforceability of rules on state aid for telecommunications networks, including the introduction of rules on open network provision and the binding nature of market consultation procedures,
- modernisation of universal service, including the establishment of a right of individuals to adequate provision of telecommunications services,
- adapting public safety obligations to changing needs and technical developments,
- integration and adaptation of the PTSG (i.e. German legislation to ensure availability of postal and telecommunications services in crisis situations) to the changing needs of the users,
- amendment of organisational and procedural issues of the Federal Network Agency,
- revision of the regime for penalty fines.
Below we provide more details on some points that we consider to be particularly worthy of mention.
Scope of Application
New definitions, extended scope
As already established by the EECC, the TKG-draft uses a new definition of the term "telecommunications service", forming three sub-categories:
- Internet access services (§ 3 No. 22 TKG-draft),
- Interpersonal communications services (Art. 3 No. 23 TKG-draft), and
- Signal transmission services (§ 3 No. 58 lit. c TKG-draft).
Interpersonal communications services are divided into number-based services (Art. 3 No. 34 TKG-draft) and number-independent services (Art. 3 No. 37 TKG). The latter are the so-called OTT services, which are newly included in the law’s scope of application. These include, inter alia, messenger services as well as internet telephony and video conferencing services.
As a result, two aspects in particular will change in the TKG’s scope of application:
- on the one hand, the scope of application of many TKG provisions will become much more fine-grained in the future. Not all provisions will apply to all services and networks. Rather, each provider will have to check the TKG’s applicable "programme of obligations" for each of its services.
- on the other hand, the scope of application of many TKG regulations is extended to OTT services, i.e. number-independent interpersonal communication services.
Reduction of the scope of "contributors
However, the scope of application of the TKG will also be reduced on one important point: The old TKG had treated so-called "contributors" (Mitwirkende) as "providers" of a telecommunications service (cf. § 3 No. 6 lit. b of the still applicable TKG). This encompassed companies and individuals with only a subordinate role in rendering the services. In practice, the role of the "contributor" was primarily relevant for the scope of application of telecommunications data protection, telecommunications secrecy and surveillance obligations, as these obligations also expressly extended to the group of contributors. Whether this will remain the case in the future remains to be seen (see below).
Under the new law, only the so-called "providers" (Erbringer) are treated as telecommunications service providers (§ 1 No. 1 TKG-draft). The "provider" is the company which assumes responsibility for rendering the service vis-à-vis its recipient.
However, in some provisions of the TKG, in particular with regard to IT security (§ 162 TKG-draft), the obligation of "contributors" will remain.
Clarification of the geographical scope
A new provision governs the territorial scope of application of the TKG: According to § 1 (2) TKG-draft, the law applies to "all companies or persons who operate telecommunications networks or provide telecommunications services within this law's territorial scope of applicability".
The provision is not based on the EECC but is ultimately nothing new: it merely puts the marketplace principle into words, which corresponds to the prevailing view in German literature as well as the national regulator’s existing practice.
Notwithstanding this, it will be interesting to see how the regulatory authorities will apply the new rules in practice. Legal issues are increasingly arising, especially with regard to cross-border OTT services and so-called permanent roaming, i.e. the permanent use of foreign telecommunications services within Germany (and vice versa).
Continuation of Asymmetric Regulation, Commitments and Co-Investment Offers
The provisions of market regulation continue to follow the principle of asymmetrical regulation of SMP (Significant Market Power) companies. Asymmetric regulation only applies to companies which have significant market power on certain markets which have been assessed by the BNetzA as requiring regulation in a separate procedure. In this respect (as well as in the procedural steps for defining the regulated markets), there has been little structural change.
Many details have changed, which are primarily intended to speed up the build out of networks and which we cannot all cover in detail. One of the most important changes is the future possibility for SMP companies to submit commitments to the regulatory authority (§ 16 TKG-draft). This instrument is adopted from cartel law. By using this instrument companies commit themselves to a certain market behaviour, the regulator, in return, will refrain from regulatory measures.
The variant of co-investment offers was already particularly controversial during the legislative procedure for the EECC. If a competitor accepts the offer, this can lead to a release from access regulation, sometimes called a ‘regulatory holiday’ (see in more detail § 11 (4) TKG-draft).
Extension of symmetrical market regulation
The new TKG-draft will expand symmetric market regulation, i.e. the application of market regulation rules to companies not having significant market power.
In this area, the BNetzA can impose access obligations on some companies, especially those controlling access to end-users (§ 19 (1) TKG-draft) or to network elements which are difficult to replicate (§ 20 TKG-draft).
The category of symmetrical regulation (in the broader sense) also includes the possibility for the regulator to oblige providers of number-independent interpersonal communications services to make their services interoperable with other services (Art. 19 (2) TKG-draft).
Consumer and Customer Protection
Extension to OTT services
The main new feature of the customer and consumer protection provisions of the TKG-draft is that many of them will apply under the new law to providers of number-independent interpersonal communications services, i.e. also to messenger, internet telephony and video conferencing services.
Enhanced transparency rules
In the area of customer protection, the TKG-draft contains extended transparency provisions, in particular with regard to:
- publication of minimum information on the services offered (§ 50 TKG-draft),
- a contract summary which providers must make available to consumers before the conclusion of contracts (§ 52 TKG-draft),
- the contracts themselves (§ 53 TKG-draft) and
- invoices (§ 60 TKG-draft).
New rules regarding contract amendments
§ 55 TKG-draft introduces a provision on contract amendments based on Art. 105 of the EECC. On the one hand, this provision allows service providers to make unilateral contract amendments, but on the other hand it provides for special termination options for end-users. The provision could possibly bring about a simplification compared to the current legal situation.
The "old" customer protection rules remain
Like the old TKG, the TKG-draft also contains special provisions on fault clearance (§ 56 TKG-draft), changing provider (§ 57 TKG-draft), moving the consumer (§ 58 TKG-draft) and blocking the user’s service. Here, blocks to protect the user and blocks due to late payment have been combined in one provision (§ 59 TKG-draft).
In addition, there are still provisions on billing accuracy (§ 61 TKG-draft), on complaints by end users (§ 65 TKG-draft) and on dispute resolution by the regulator (§ 66 TKG-draft).
Relatively little has changed with regard to the provisions on so-called "router freedom", i.e. the connection of customer equipment to network access points (§§ 70, 71 TKG-draft).
Radio Spectrum Regulation
Regulation of Radio Spectrum is one of the areas to be extensively revised by the new legislation.
New Catalogue of Objectives of Radio Spectrum Regulation
Part 6 of the TKG-draft is preceded by a comprehensive catalogue of objectives and purposes, which goes back to the EECC. The triad of regulatory measures comprising spectrum planning, frequency assignment and monitoring of frequency use remains however unchanged.
New Rules on the Term and Extension of Frequency Assignments
The EECC has also prescribed detailed provisions on the issue of duration and extension of frequency usage rights now included in § 89 TKG-draft. In the past, the assignment of frequencies has been a highly contentious topic on which a considerable number of decisions have been handed down by the higher courts. When looking at the draft, one can already imagine the lines of argumentation in the run-up to the next frequency assignment procedure.
Odd new wording Regarding Spectrum Award Criteria
The provision in § 97 (1) sentences 2 and 3 TKG-draft, which goes back to Art. 55 (2) EECC, seems a little odd. Where § 61 (3) sentence 1 TKG currently states that competitive award procedures aimed at determining the most suitable applicant(s), the regulator will be asked, going forward, to define the objectives of the procedure on the basis of several criteria. So, is it no longer about selecting the best candidates? If this provision is adopted in this way, it would probably have to be interpreted as seeking to formulate criteria and aspects to be used for identifying the most suitable candidates. However, this can lead to frictions in tender procedures (beauty contests), because § 97 (6) TKG-draft sets out a list of criteria for selection which does not appear to be fully congruent with the objectives of (1) sentences 2 and 3.
New Measures to Strengthen Competition
New is § 102 TKG-draft, which lists a number of measures to promote competition. Some of these, such as the quantitative limitation of spectrum to be acquired or frequency regulatory merger control, had already been practised or at least attempted by the BNetzA. However, reserving spectrum for new entrants would be uncharted territory in Germany and could lead to conflicts in the next frequency assignment procedures.
Also new are the rules on local roaming and access to active radio infrastructures in § 103 TKG-draft, which are based on Art. 61 of the EECC. These will probably only become relevant in the medium term. The regulator can only impose corresponding obligations on companies if this was already provided for when the frequencies were originally assigned (§ 103 (1) No. 4 TKG-draft). This protection of existing rights, which is also provided for in Article 61 of the EECC, means that these obligations can only be imposed by means of this legal basis for frequencies to be assigned in future proceedings.
However, the last spectrum auction decision of BNetzA (Presidential Chamber decision of 26 November 2018 on the 2019 auction procedure) already provided for a number of similar obligations which are currently being challenged in court by the mobile network operators.
New Provisions on Spectrum Assignment Fees
There is a novelty concerning fees hidden in Art. 55 of the TKMoG, the last provision of the draft legislation. According to this, a payment of frequency assignment fees in annual instalments is to be introduced. And in the case of premature renunciation of frequency rights, there is going to be at least the prospect of recovering fees already paid if the return of spectrum clears the way for its more efficient use. This proposal is contained in a separate article of the TKMoG (Art. 55), in other words, it is not yet part of the TKG-draft intended to enter into force directly after adoption by the legislator. Rather, this amendment is proposed to enter into force only on 21st October 2021. The legislative reasoning published with the draft law does not explain why this amendment should not apply at the same time as the new TKG.
Still Open: Approach to Radio Services for the Government
Still under discussion (and therefore not yet formulated in the current "discussion draft") are some issues regarding the allocation of frequencies for public authorities. These are motivated by wishes of the Ministry of the Interior respectively the BDBOS (the BDBOS is the Federal Agency for Digital Radio for public safety Authorities and Organisations).
Infrastructure, Network Development and Rights of Way
Rights of Way
The rules for granting the right of way for public trafficways to network operators are stipulated in § 122 TKG-draft. The provision does not bring any sweeping changes or simplifications. This is unfortunate as smaller providers and also investors often struggle with the intricateness of the procedure as handled and applied by the regulator. The requirements set by BNetzA in its constant practice do not fit in well with the practices of local expansion projects and the investment funds supporting them.
§ 124 (4) TKG-draft proposes a simplification for "minor individual construction measures": According to this provision, authorised users will in future be able to obtain the road construction authority’s consent for minor measures in a notification procedure. If the authority does not request the authorised user to submit a full application within one month after receipt of the notification, the authority is deemed to have consented. One open flank of this regulation, however, is that its implementation requires that the road construction authorities define in administrative provisions what is to be understood as "minor measure".
Section 124 (5) TKG-draft should provide some legal certainty: According to this provision, official approval of the relocation or modification of a telecommunications line should in future have a limited concentration effect by including any necessary decisions under nature conservation law, water management law, road traffic law and monument protection law.
Rights of Shared use of Public Utility Networks Remains
The rules currently contained in §§ 77a to 77p TKG on the shared use of public utility networks are reflected in §§ 133 to 148 TKG-draft. They are largely based on the Broadband Cost Reduction Directive 2014/61/EU, which continues to apply unchanged and which was itself transformed into the current TKG by the DigiNetz-Gesetz.
In this respect, amendments are only proposed regarding a tightening of the review of access fees pursuant to § 146 TKG-draft as well as in the extension of the scope of application to carrier structures for the 5G mobile expansion.
For number management in the strict sense, the TKG-draft brings hardly anything new in §§ 105 and 120 apart from globally usable numbers for machine-to-machine services (see below).
The consumer-protecting numbering provisions (e.g. on pricing announcements and holding queues) already existing in the current legislation are also found in the TKG-draft. However, the distinction between fixed and mobile services, which has been practised until now, is going to be given up. This is a consequence of the changing usage behaviour of subscribers.
Numbers for "Permanent Roaming” and Global Use
It is worth mentioning that § 105 (2) of the TKG-draft now provides for a special category of numbers intended for permanent use abroad (permanent roaming). Although these numbers are German numbers, i.e. the BNetzA allocates them to German service providers according to the German numbering plan, they are intended to be used outside Germany. The legislator is thus responding to the needs of IoT providers whose networked devices often require connectivity not only within Germany, but throughout Europe or even worldwide. In many cases, it is not even clear at the time of production or delivery of these devices where customers will ultimately use them.
The German rules are based on Articles 93(4) and 94(6) of the EECC, but go beyond them, as the German legislator allows the extraterritorial use of these numbers not only in the EU but worldwide. However, these numbers are only allowed for non-interpersonal services, i.e. machine-to-machine services.
The fact that German numbers are permanently used in foreign telecommunications networks leads to legal challenges. How should the local regulator react if the number in question is used abroad for illegal purposes? The TKG-draft gives only a rudimentary answer to this question: According to § 120 (6) TKG-draft, the BNetzA allocates extraterritorially usable numbers under "certain conditions", which are intended to ensure compliance with foreign law. If approached by foreign regulatory authority contacts, BNetzA then enforces these conditions vis-à-vis the number holder.
Supply Obligations (Universal Service)
The draft of the new TKG avoids the word "universal service", but in its basic structure sticks with the universal service regime of the current legislation. The TKG-draft now speaks of a "right to be supplied with telecommunications services".
One of the most politically controversial projects is the extension of this right of supply to a "fast Internet access service" (§ 154 (2) and (3) TKG-draft). If undersupply occurs in this area, the BNetzA can oblige selected providers to provide it (§ 158 (2) TKG-draft).
National Security and Telecommunications Surveillance
Still No Agreement on Many Key Points
The area of national security, e.g. data retention and the various types of telecommunications interception was already highly controversial even before the EECC entered into force. In this area, the German legislator also has a largely "free hand"; neither EECC nor the EU ePrivacy Directive lay down very strict rules here. Only the EU Charter of Fundamental Rights imposes limits on the "whether" and "how" of surveillance measures.
The rules in this area were one of the reasons why the publication of the "discussion draft" was so delayed. Even now, this chapter of the draft law begins with a lengthy "disclaimer", according to which the ministries have not yet reached agreement on the following points, among others:
- scope of communication services included,
- obligation for providers of telecommunications services in the domestic market to be legally reachable,
- statutory determination of the marketplace principle,
- reachability of telecommunications service providers,
- requirements for disclosure and interoperability of interfaces of network components, including mandatory technical standards.
The background to the disagreement is primarily the handling of messenger services. As these will be treated as telecommunication services in the future, they will also be included in the scope of the provisions of the telecommunications interception. However, the providers of these services are often not established in Germany and a direct order to carry out telecommunications surveillance against such providers would conflict with the sovereignty under international law of the countries where they are established.
The "Double Door Principle" Remains
Apart from that, the TKG-draft follows the double-door principle already established: The TKG-draft obliges service providers to provide information or to participate in surveillance measures; however, the authorisation of the "authorised bodies" (i.e. the law enforcement and national security agencies) to carry out surveillance measures is governed by special laws such as the Code of Criminal Procedure.
The central provisions on the obligations to cooperate are:
- technical implementation of surveillance measures: § 167 TKG-draft,
- data retention of subscriber data including the obligation to check prepaid subscribers: § 169 TKG-draft,
- automated information procedure for subscriber data: § 170 TKG-draft,
- manual subscriber data enquiry procedure: § 171 TKG-draft (still unfinished in the "discussion draft"), and
- traffic data retention: Articles 173-178 TKG-draft (largely unchanged).
In some respects, the TKG-draft further extends the supervisory powers of the "authorised bodies". More specifically, the draft wants to require foreign providers to designate a domestic authorised service agent to whom information and interception requests can then be delivered directly (§ 167 (3) TKG-draft). In addition, mobile network operators are to be obliged to tolerate "authorised bodies" using their own telecommunications equipment in their networks, e.g. to determine location data of end users (§ 168 TKG-draft).
Overall, the provisions in this section of the TKG-draft appear overly complicated, if not confusing. Here, the legislator has apparently followed the credo of Federal Minister of the Interior Seehofer that security laws must be made deliberately complicated - "then it is not so conspicuous".
Concerning IT security, the TKG-draft contains a total of five very extensive sections (§§ 162-166). Compared to the version of the draft leaked on Netzpolitik.org last summer, these provisions of ICT security law have become considerably more comprehensive.
The draft contains the statement that the provisions in question as a whole would be based on the "IT Security Act 2.0", i.e. a parallel legislative initiative to amend other laws in addition to the TKG. However, the TKG amendment has now apparently overtaken the IT Security Act 2.0 in terms of timing, which is why the regulations concerned have now been officially published for the first time within the framework of the TKG amendment.
The provisions go far beyond their European legal basis (Art. 40 and 41 EECC, Art. 4 ePrivacy Directive). While these EU rules as a whole seek to leave a great deal of freedom to telecommunications providers, the German rules are quite restrictive and give the German security authorities very extensive powers. The Federal Ministry of the Interior has obviously taken the lead here.
The main novelties on ICT security in the TKG-draft are:
- The TKG-draft introduces a new category of "telecommunications networks with increased risk potential". Their operators are subject to a number of additional obligations, including the obligation to have their own ICT security externally audited every two years (§ 162 (3) TKG-draft).
- Telecommunication network operators and service providers may only use systems that have been previously tested and certified by recognised bodies as "critical components" within the meaning of § 2 (13) of the BSI-G (the reference to § 2 (13) of the BSI-G currently does not lead anywhere; the TKG-draft already anticipates the IT Security Act 2.0).
- The "catalogue of security requirements" defined by BNetzA is to become binding in future (§ 164 (2) TKG-draft). BNetzA has already almost completed version 2.0 of this security catalogue and published it on its homepage. The requirements according to this catalogue are quite strict and will have to be implemented precisely in the future.
As a result, operators of networks with high security requirements, especially 5G core networks, will be subject to significant new legal obligations.
For the rest, the existing obligations (for all providers) remain in place: Every provider of a publicly available telecommunications service or public telecommunications network must appoint a security officer and draw up a security concept with appropriate security measures (§ 163 TKG-draft). What is new, however, is that these regulations will also henceforth apply to OTT services.
The reporting obligations for security breaches have also been incorporated into the TKG-draft with comparatively few changes. In the proposed law, § 165 TKG-draft regulates an obligation to notify security breaches affecting network and operational security; § 166 TKG-draft governs the reporting obligation for personal data breaches. Although both provisions stand separately, in practice they are likely to be "triggered" simultaneously, for example by ransomware attacks. At least the reporting obligation for personal data breaches supersedes, as a lex specialis, the reporting obligations under Articles 33 and 34 GDPR, which further complicates the legal situation, especially since this issue is also regulated by Regulation (EU) 611/2013, which takes precedence over German law at the least as far as there are contradictions.
Data Protection and Telecommunications Secrecy
The provisions on data protection and telecommunications secrecy as a whole are not included in the new TKG-draft. The reason for this is that the legislator still plans to "outsource" these regulations to a new law: The Telecommunications Telemedia Data Protection Act (TTDSG).
Although this TTDSG will continue to be closely linked to the TKG in the future - among other things because both laws are based on the same definitions and are enforced by the same agencies - it is not yet included in the present "discussion draft". This is somewhat awkward, because both laws have to come into force at the same time, since the TTDSG is supposed to replace regulations from the old TKG.
Nevertheless, an early draft of the TTDSG had already been leaked in summer 2020.
Enforcement powers of BNetzA
The TKG-draft further extends the regulatory agency’s enforcement powers, e.g. BNetzA can request and evaluate even more information in the future. However, as far as we can tell, there are no fundamental changes.
The framework for penalty fines in § 225 TKG-draft also largely corresponds to the current § 149 TKG. In some areas, the draft introduces new provisions on fines or raises the possible level of fines. It is noteworthy that the draft specifically seeks to increase the level of fines for breaches of net neutrality and roaming obligations, because practical experience is said to have shown that the current maximum fine of 500,000 euros is not high enough to discourage persistent infringements.
What happens next?
The draft submitted to the Länder and trade associations is expressly designated a "discussion draft" and has not yet been finally agreed between the federal ministries. This is consistent with the course of the legislative process so far: it had stalled due to disagreement between the responsible ministries and had been delayed by several months.
In theory, things should now move faster: The comment period for the hearing on the "discussion draft" is only two weeks and is scheduled to end on 20th November 2020.
As soon as the ministries have settled their differences, the Federal Cabinet will adopt the draft and thus officially start the legislative process. It will certainly take several more months before the new TKG has gone through the entire legislative process in the Bundestag and Bundesrat, the two chambers of the federal parliament. The deadline for implementation of the EECC (21st December 2020) can therefore by no means be met and will be missed by at least a quarter, if not half a year or more.
Aggravating (and delaying) this is the fact that the legislative procedure of the TKModG is very closely linked to two other legislative procedures, namely the procedures relating to the TTDSG and the "IT Security Act 2.0". However, these two laws have not even been published as "discussion drafts" yet, but only leaked. If these two procedures do not also make timely progress, this will probably delay the new TKG even more.
The main concern for the federal ministries is now to find a solution to the (apparently massive) controversies that have been pending for months and have not yet been resolved. This concerns in particular the following points:
- Future of the so-called "ancillary cost privilege" for cable TV installations - vigorously opposed by consumer associations as so-called "forced cabling”.
- The question of the speed of internet access, which shall form part of the universal service in the future.
- The question of how number-independent interpersonal communications services (in particular messenger services) should be required to participate in interception measures in the future.
- Design of the rules on fines.
- The demand of the Federal Ministry of Justice and Consumer Protection to limit the maximum duration of contracts to 12 months instead of the 24 months provided for by the Code and currently in force.
Some of the issues should be solvable politically. However, there are other points where huge strides still need to be taken, such as the question of the cooperation obligations of messenger services with respect to interception. In particular, there is the question of how to deal with the end-to-end encryption often used in these services.
The first TKG of 1996 opened the telecommunications market to competition. The monopoly of Deutsche Telekom AG, the successor to the federal postal department, was abolished. However, new entrants to the market, both providers of telecommunications services and operators of telecommunications networks, required a licence to enter the market, so that a (preventive) prohibition subject to authorisation still existed. Obtaining the licence was not an easy task, especially at the beginning, and it was associated with seven-figure licence fees which in retrospect seem even more outrageous than at the time and, quite rightly, did not hold up to judicial review. The TKG-1996 needed one hundred paragraphs to accomplish this, however, it also contained several of powers of regulation by ordinance.
After eight years, the next step in market opening was taken with the TKG-2004. The licence requirement was dropped and replaced by a notification requirement. In the categories of economic administrative law, the telecommunications business was thus downgraded from an activity requiring special supervision to a simple business. This was a step towards liberalisation which should not be underestimated. Other liberalisation measures taken at that time include facilitating the regulation of the incumbent; for example, many fees, and especially those for retail customers, were removed from tariff regulation. However, this liberalisation was not accompanied by a reduction of the regulatory framework. On the contrary: the TKG increased to a good 150 paragraphs.
The next TKG with about 225 paragraphs promises to maintain the growth rate of 50% more legal text per major reform. However, it does not contain radical liberalisation steps or reforms as in the two previous laws. Not least because the big steps have already been taken. The next TKG will therefore serve more to readjust the regulatory framework. The reason why the law is becoming longer is that these adjustments are often made in the details and also because the EECC to be implemented is itself not a piece of legislation that could be blamed of undue taciturnity.