Why the Telecoms Security Act Needs a New Kind of Visibility

In the UK, the Telecoms Security Act (TSA) has quietly reset what “good security” looks like for network operators.

It’s no longer enough to keep infrastructure patched and hope monitoring picks up the rest. The Act expects operators to see their networks - continuously, accurately, and across supplier boundaries.

But here’s the challenge nobody talks about:

most operators don’t have visibility problems; they have meaning problems.

They’re drowning in telemetry, logs, traps, optical power readings, Y.1731 packets and SNMP counters - yet still struggle to answer the simplest regulatory question:

“What is happening in your network right now, and how do you know?”

The problem isn’t data. It’s structure.

TSA and the associated Cyber Security Code of Practice emphasise active monitoring, anomaly detection, supply-chain awareness and evidence-based response. All sensible. But these duties assume operators possess a shared, trustworthy understanding of network state.

In reality, every tool speaks a different dialect. Wholesale and retail partners see different halves of the truth. And during an outage, no one has time to reconcile log files into something defensible.

Data products: turning telemetry into something the TSA can actually use

A growing idea - borrowed from software engineering and now reaching telecoms - is the data product:
a small, signed, contextual object that answers a specific operational question.

Is the Layer 2 path healthy?
Is this ONT reachable?
Is this transceiver drifting?
Has this issue appeared in neighbouring postcodes?

Instead of sharing raw logs, operators exchange these tiny, meaning-rich artefacts. They’re standardised, audit-able, privacy-minimal, and designed to be dropped straight into a monitoring system or AI agent.

Crucially, they provide provenance - exactly what regulators want when asking why an operator took (or didn’t take) an action.

Shared Awareness: collaboration without exposure

The TSA pushes operators to manage supply-chain risk and coordinate with partners.
But true multi-party visibility has always been hamstrung by privacy concerns and inconsistent tooling.

“Shared awareness” flips the model.
Rather than sharing sensitive data, operators share abstracted signals: green/amber/red service status, timestamps, locality, degradation scores. Enough to spot a systemic issue; not enough to expose customer data.

It works like a safety beacon - simple, trusted, and universal.

AI thrives when the inputs are clean

Everyone wants AI-enhanced diagnostics, but models trained on inconsistent logs and ambiguous metrics produce inconsistent outcomes. TSA’s expectations around anomaly detection and continuous improvement require more.

Data products give AI the clean substrate it’s been missing:
normalised, contextual, semantically meaningful signals that allow models to identify patterns, explain behaviour, and support operational decisions.

It’s the difference between feeding a model raw packet captures vs. giving it a structured description of what the packets mean.

A path to resilience the sector can actually adopt

The TSA provides the UK telecoms sector with a pragmatic security framework.
What the sector is now looking for are practical ways to operationalise TSA’s intentions:

• trustworthy monitoring inputs

• collaborative incident response

• robust, explainable diagnostics

• evidence with provenance

• minimisation and privacy-by-design baked in

Data products + shared awareness achieve this with minimal friction.

They sit on top of existing telemetry.
They don’t require ripping out tooling.
They create clarity where operators currently see noise.

And perhaps most importantly, they give the sector a foundation for the kind of cross-operator resilience the TSA was written to encourage.