Examples of telecommunications activity

A service chain that provides network and communications services often consists of multiple actors with mutual agreements on implementing different parts of the chain. Service implementation is thus fragmented. In a multi-actor environment, it is necessary to determine who is responsible for the obligations related to telecommunications activity as the network or service operator referred to in the legislation.

This is straightforward when the service chain comprises a single company which offers the customer the communications service over its own network:

• For example, a mobile phone subscription in the operator’s mobile network. In this case, the company operates as both the network provider and communications service provider, i.e. as a telecommunications operator.

A situation involving two companies, where a network operator provides a communication network for a service operator, who further provides communications services to a customer over this network, is also clear cut. The network operator and the service operator are each responsible for their own roles as telecommunications operators. Responsibility towards the customer for the service as a whole is carried by the service operator.

The questions of responsibility are more ambiguous when the network operator and the service operator obtain elements of their services from other companies, or the communications service is provided as part of some other service package:

• For example, a company offers an ADSL subscription over a local loop leased from another company. In this case, it should be assessed if the actors in the service chain are, in legislative terms, telecommunications operators, subcontractors of a telecommunications operator, or resellers of the telecommunications operator's service, and who is responsible for the obligations associated with telecommunications activity. These obligations may include seeing to the technical quality and information security of the service as well as the minimum content of the user’s contractual terms, preparedness planning, managing and reporting faults, disturbances and information security threats, use of numbering and barring mechanism categories in compliance with legislation, and identification data retention.

In subcontracting, the rule of thumb is that responsibility for telecommunications activity cannot be outsourced.

In other words, the telecommunications operator is responsible for ensuring that the subcontractor fulfils their obligations. In practice, this means that when a telecommunications operator outsources such tasks as network supervision, maintenance or repairs to another company, the operator must ensure by contractual means that the outsourced service meets the statutory requirements. As an example, responsibility for subcontracting also means that a telecommunications operator is accountable to the subscriber and the user for the information security of the communications service, also on behalf of a third party fully or partly implementing the network or communications service.

A subcontractor naturally carries the contractual responsibility for their performance and any liability for damages, however only towards their contracting partner. If, for example, the Finnish Transport and Communications Agency’s National Cyber Security Centre detects shortcomings in the service, the statutory obligation to rectify the situation applies to the telecommunications operator, even if the shortcoming was caused by the subcontractor's activities.

Two aspects can be examined in order to tell telecommunications activity and resales apart: contractual relationships, or who the end user enters in a contractual relationship with regarding the communications service; and technical management of the network and service.

Contractual relationships

Pure resale of a communications service does not comprise telecommunications activity. Pure resale refers to a situation in which no contractual relationship between the vendor and the buyer remains in effect. Responsibility for fulfilling the obligations associated with telecommunications activity referred to in the Act on Electronic communications services, or the features and provision of the service, rests with the communications service or network operator, not the reseller. Naturally, the reseller may have responsibilities under the Consumer Protection Act, the Act on Residential Leases or other legislation.

• As an example of resale can be cited the sales of mobile telephones, where the contract is concluded between the actual telecommunications operator and the end user, rather than the company selling the subscription and the end user.

Resale is partly subject to statutes applicable to telecommunications activity. In fact, according to the new definition of a telecommunications operator under a 2015 amendment to the Act on Electronic Communications Services, a company providing a communications service is also a telecommunications operator. In the revoked Communications Market Act, as a telecommunications operator and a service operator were defined a party transmitting messages; in other words, the definition was more closely linked to the technical implementation of the service.

The rationale of this Act (HE 221/2013, detailed rationale of section 3) notes that the previous definition had to some extent left open for interpretation the question of who carries the telecommunications operator’s responsibility in situations where the contract on communications service provision with the user is concluded by a company which does not itself technically maintain the communications service. According to the rationale, the purpose of changing the definition was to clarify the fact that the requirements related to a communications service contract in the Act also apply to this type of service provision.

If the communications service is part of a more extensive service package – which often is the case in a corporate customer’s ICT services (for example an internet access and e-mail service, which are communications services, are often offered together with hardware and software as part of an ICT package, especially to corporate customers) – it is possible to either itemise the communications service separately in the contract and agree upon the telecommunications operator responsible for it, or to include the communications service in the overall contract.

Technical network and service management

The most essential criterion for assessing if a company is a reseller or an actual telecommunications operator is the service provider’s de facto right and possibility to technically manage the network and network access as well as the transmission and provision of messages based on a user ID or similar.

An actual telecommunications operator is able to influence network properties and operation and network access by technical means. The user ID may be a subscription number or an IP address. A reseller, on the other hand, can at most select the network users, and it has no possibility or right to influence the technical properties of the network or service.

In other words, the service chain may involve a telecommunications operator, which sees to the technical implementation of the communications service, and a reseller which may, of course, also play some role in technical maintenance. These companies are responsible for the communications service as telecommunications operators, each for its own part. In the light of the rationale of the Act on Electronic Communications Services, the reseller is responsible at least for the terms and conditions of the contract. Naturally, the company which concludes a contract with the customer is also accountable to the customer in other respects.

• An example of a situation where it may be necessary to assess the boundaries between a reseller and an actual telecommunications operator is the provision of a broadband subscription, i.e. an internet access service, together with either a data centre or some other hardware or software service, or with business premises or a residential property (a student, rental or owner-occupied flat may come with a broadband subscription, the fees for which are charged as part of housing costs).

In its simplest form, a hosting service consists of a server room and a server connected to the internet. The service package may additionally include different associated services, including server information security, back-up copies, supervision and maintenance as well as a domain name.

It may also include an internet access service, in other words a broadband subscription. In this case, it should be assessed if the hosting company is a reseller of the internet access service, or if some part of the communications service is provided by the hosting company itself.

If the hosting service provider administrates active devices between a telecommunications operator offering internet access (an ISP, or Internet Service Provider) and its customer's network and, for example, is able to modify and filter traffic and supervise network access, the telecommunications service (internet access) can be considered a communications service offered by the hosting service provider as a telecommunications operator.

In practice, questions related to interpreting the legislative status of hosting services have emerged especially in situations involving information security violations. As an example of the telecommunications activity related obligations of a hosting company which provides a communications service can be cited the duty to report to the National Cyber Security Centre any information security violations targeting the telecommunications services the company provides as referred to in the Act and the personal data associated with them.

Interdependencies between the elements of a communications service package can be structured using the concepts of a primary and a secondary service. In the context of secondary services, the question of whether or not they actually are communications services has sometimes come up.

• E-mail, for instance, is a primary communications service in relation to a push e-mail service, which enables users to avail themselves of their e-mail service on a mobile device.

In terms of regulation, the user's service package and the purpose of the obligations laid down in the Act play a key role. The objectives of the provisions laid down in the Act on Electronic Communications Services include safeguarding the technical quality of the service, information security and the user's rights. The Act's objectives are also relevant to a secondary service when its provider participates in message transmission (in other words, is able to influence the realisation of the legislation's aims). For this reason, a service that is secondary in terms of the objective of the Act can be regarded as a communications service on the same grounds as other services.

In the interest of ensuring a level playing field, publicly offered services must also be assessed based on the way they are implemented, regardless of who provides the service or if several parties are involved in its provision. When assessing the situation, whether the primary and secondary communications service are offered by the same provider or two different companies is thus usually not essential.

The primary or secondary nature of a communications service may, on the other hand, influence the way in which individual obligations apply to the service. For example, it is not necessarily appropriate to impose stringent requirements related to preparedness on secondary services if the user has direct access to a primary service in case of an incident.

In principle, however, the user rights and information security requirements referred to in the Act also apply to a secondary service. Whether the primary and secondary service are implemented by the same provider or two different companies may make a difference in contractual terms. If the services are offered by the same company, a secondary service may in some cases be considered a feature of the communications service. When the services are offered by different companies, they are more clearly independent communications services in contractual terms. This may have a bearing on the contract penalties.

Push e-mail refers to a technology enabling a mobile device to receive e-mail messages: push technology is used to transmit the messages to the receiving device, eliminating the need to download them specifically. A precondition for using a push e-mail service is installing software on the user’s mobile device. The software works as a gateway between the mobile phone and the customer's e-mail service provider.

Basically, both incoming and outgoing messages are transmitted between the mobile device and the e-mail service provider's e-mail server using the push e-mail service provider's server. The push e-mail service provider also maintains the login and authentication server of the push e-mail service.

The push e-mail service provider may be the same as the actual e-mail service provider, or a different company. For example, the e-mail service may be provided by a broadband operator, while the push e-mail service is offered by a mobile phone operator or a device manufacturer.

When assessing if a telecommunications operator's obligations apply to a push e-mail service provider, it should be noted that of the different elements of the push e-mail service, the mere software installed on the customer's mobile device is not a communications service referred to in the Act. While the e-mail service clearly is a communications service, the push e-mail service provider is not responsible for it if it is offered by a different company. The role of a push e-mail service provider should thus be assessed from the viewpoint of whether or not its servers are used to transmit messages to the extent that this would comprise a communications service offered by it.

Publicly offered services are evaluated based on their features and implementation in the light of statutory requirements, regardless of who provides the service and whether several parties are involved in its provision. A push e-mail service should thus be assessed on similar terms, irrespective of whether the actual e-mail service and the push e-mail service are provided by the same company or two different operators. The push e-mail service provider controls the servers used to transmit the messages and is thus also involved in transferring the actual messages as referred to in the Act. If the actual e-mail service provider itself offers a push e-mail service to a mobile device through a gateway, the gateway cannot be excluded from the regulation on the information security and technical quality of communications services. Equally, a push e-mail service is a communications service when it is offered by a different operator rather than the company providing the actual e-mail service.

In terms of regulation, the user's service package and the purpose of the obligations laid down in the Act play a key role. The objective of the provisions of the Act is to also safeguard the technical quality and information security of the service and the user's rights in message transmission where the possibility of using e-mail is extended to a mobile device. On these criteria, a push e-mail service should also be regarded as a communications service, even if it is secondary in relation to the actual e-mail service. However, the primary or secondary nature of a communications service may influence the way in which individual obligations apply to the service.

Telecommunications operators and IT companies provide diverse services with a wide range of content to their customer companies for the customers’ internal communication solutions and external connections. When making distinctions, the key question is when this service comprises telecommunications activity and when the service provider only offers elements of the customer company’s communication solutions. In the following section, we examine a situation where software and other elements are offered to a set of users not subject to prior restrictions and where the service implemented through these elements transmits messages. The essential aspect in drawing this line is whether or not the service provider is responsible for message transmission.

• For example, the service provider may only supply their customer with software for a VoIP or e-mail service or additionally maintain the server and the service; or they may also transmit messages, thus providing a communications service.

The boundary between software and communications services is usually only blurred in services intended for corporations – assessing consumer solutions typically is more straightforward.

Interpretation guidelines:

• If a corporate customer is only offered limited possibilities of changing the service settings, the service can as a rule be considered a communications service offered by another party, rather than an IT service.
• If the customer has full control over the service, including its features and settings, providing the elements needed to put the service together can be considered a mere IT service, even if the service provider also carried out these changes of settings on the customer's behalf, for example against an hourly charge or as part of a maintenance contract.
• However, it is the de facto nature of the provided service that is essential in the assessment: merely giving the customer extended rights to make changes does not turn the service into an IT service if the service provider carries the de facto responsibility for message transmission and the operation and development of the service.
• Implementing the internal communications networks and systems of a company or some other organisation for its in-house use, or for a restricted set of users, is not public telecommunications activity. In other words, a company which procures and offers a communications service for its employees is not a telecommunications operator. It may be a corporate subscriber referred to in the Act.

The distinction between a software service and a communications service was also dealt with in the Finnish Communications Regulatory Authority's decision concerning Skype, according to which offering only peer network software, for example, does not comprise providing a communications service.
Skype statement of 2005 (in Finnish)

In addition to offering internet access, the management of services provided over the internet, including e-mail services, can be divided into two parts:

• managing the server/application updates
• managing the actual service.

This section discusses the criteria for deciding when a package of e-mail service elements is a communications service. The interpretation does not depend on who provides the internet connection over which e-mail is used.

The provision of a server room or software only cannot be considered a communications service, as they do not comprise message transmission. When the service also includes the maintenance of software and a server, for instance, it is closer to communications service provision. As message transmission, which is part of the definition for a communications service, has been regarded managing e-mail server settings that enable and control message transmission.

To determine whether a communications service is provided by an external party or maintained by the customer themselves, it is vital to begin by establishing who carries the de facto responsibility for the operation and features of the service, and to what extent the customer has been given possibilities of controlling the service:

• if the customer is only offered limited possibilities of changing the service settings, the service can as a rule be considered a communications service offered by another party. Limited possibilities of controlling an e-mail service may, for example, mean that the customer can only change the e-mail addresses used in the service, e-mail redirection, e-mail filtering settings and other parameters mainly associated with e-mail accounts, which typically can be controlled by a consumer customer. In this case, the service provider may still be regarded as being responsible for the operation of the entire service, and in terms of legislation, it is a communications service.
• If the customer has full control over the service, including its features and settings, providing the elements needed to put the e-mail functionality together can be considered a mere IT service, even if the service provider also carried out these changes of settings on the customer's behalf, for example against an hourly charge or as part of a maintenance contract.

However, it is the de facto nature of the provided service that is essential in the assessment: merely giving the customer extended rights to make changes does not turn the service into an IT service if the service provider carries the de facto responsibility for the functioning and development of the service.

An IP exchange (IP-PBX) here means an exchange implemented using IP technology by the customer company itself, an operator (a telecommunications operator offering a telephone service) or a third party. The exchange may be connected to the public telephone network through conventional circuit switching (PSTN, GSM) or operate over a packet-switched IP network. What all these implementations have in common, however, is that the telephones connected to the exchange are IP telephones, and IP technology is used to connect them to the exchange.

In the case of conventional exchanges based on circuit switching, the division between communications services on the one hand, and hardware and software services on the other, has been relatively clear: providing the exchange and maintaining it have been regarded as hardware and software services, whereas providing a telephone subscription and routing calls to and from the public telephone network are a communications service.

In an IP exchange, the situation is not as simple as this; the exchange solution can be implemented in many different ways, and the actors’ roles in the implementation vary. An IP exchange service provider may offer the customer:

• a software solution only,
• also service and server maintenance services,
• and even message transmission. Message transmission, on the other hand, may include voice services implemented in different ways, text message transmission and instant messaging, or e-mail services.

Implementing the internal communication networks and systems of a company or some other organisation for its in-house use, or for a restricted set of users, is not public telecommunications activity. Rather than being a telecommunications operator, a company which procures and maintains a communications service for its own employees thus usually is a corporate subscriber referred to in the Act on Electronic Communications Services.

The company may also have outsourced the implementation and maintenance of the IP exchange.

• If the exchange service provider only offers a software solution, this is not a communications service. In this case, the service implementer operates as the corporate subscriber’s subcontractor.
• If the exchange service provider supplies not only the software solution but also server maintenance services, for example, it often participates in the transmission of at least call signalling and, in some cases, even the transmission of the actual voice or data traffic. In that case, the exchange service provider can basically be regarded as offering a communications service, and when assessing its role, the crucial question is whether its activities can be considered public telecommunications activity, or whether the service is regarded as being offered to a restricted set of users.
• If the exchange service provider transmits signalling and voice or data traffic as part of the customer company’s internal communication only, the service can be regarded as one offered to a restricted set of users, and the service provider can further be considered a subcontractor to the corporate subscriber.
• If the exchange service provider also offers access to a public telephone network using E.164 numbers through the exchange or, for the part of data traffic, some other public communication network, the service is considered to comprise public telecommunications activity.

The physical implementation of the connection has little or no significance for the interpretation; the connection can either be implemented conventionally through the telecommunication operator's trunk line from the customer’s exchange to the company’s telephone centre or as a service provided along with an Internet access service.

In this context, services specific to a community or an application mean possibilities for electronic communication provided on the open internet either within an online community or between the users of an application. A service may also be specific to both a community and an application. Internal communications services may be a key part of an online community’s activities. Many applications and services are also available that only enable communication between the users of the application or service in question.

• Examples of social networks which enable targeted communication include Facebook, Suomi24 dating services or Habbo Hotel.
• Examples of application-bound services are Skype Classic or Windows Live Messenger.
• Examples of terminal device bound services are the instant messaging services of Apple and other device manufacturers.

To assess if the provisions on telecommunications activities in the Act on Electronic Communications Services apply to these services to some extent, two basic questions must be asked:

• Is the service a communications service (does it transmit messages)?
• Does the service comprise public telecommunications activity (is the service provided to a set of users without prior restriction)?

In terms of applying the legislation, it is essential to note that the obligations may also be relevant to a part of the service package.

If the service is not regarded as telecommunications activity it may, however, comprise other transmission of communications, which is subject to the information security and data protection obligations contained in the Act on Electronic communications services as from the beginning of 2015

When considering services offered on the internet, it must often also be assessed if the activity is carried out in Finland, in which case Finnish legislation applies to it. The application of national legislation to cross-border electronic communications services is fundamentally a question of EU law and compatibility of directives, and exhaustive interpretation guidelines for these situations cannot be given. Regarding information security and data protection obligations, section 2 of the Act lays down a provision on situations where the requirements also apply to cross-border communications services or other transmission of communications.

Rather than on established interpretation practices, the assessment criteria given below are based on a general analysis of legislation and services. These criteria have been applied in general advice provision but not in written statements or decisions. The possibility of a service comprising telecommunications activity should always be assessed as a whole and on a case-by-case basis. The Finnish Transport and Communications Agency finds that the following aspects may have a bearing on the case-by-case overall assessment:

• Lack of restrictions to joining the community and the size of the community. These criteria can be used to assess if the set of users is subject to prior restriction. The communities are typically large and they can be joined without restrictions; even if this is an essential criterion, on its own it is usually not sufficient for distinguishing between public telecommunications activity and other activities.
• Interconnection or interoperability of the service with other communication networks and services. These aspects support the assessment of whether the set of users is subject to prior restriction and the network is a public communication network. The more extensively the service is interconnected – in other words, the more extensively it is possible to send and receive message between the community or application and other communication networks and services – the more likely it is that it should be regarded as public telecommunications activity.
  • As a comparison, we may note that voice services controlled by telephone numbers, for example, are globally interconnected, and in practice users of e-mail services operating over the open Internet can access other similar services thanks to the interoperability of applications, address systems and protocols.
  • On the other hand, access to communications services specific to a certain community or application described here may typically be restricted to the relevant community or application, or to selected partners.
• Customer relationship with a communications service, or a possibility of using electronic communications? From the user's perspective, is the service about being a customer of a communications service; or is it about some other customer relationship that comes with a possibility of communicating with other customers? This criterion can mainly be used to complement the criterion of a set of users subject to prior restriction. There are major differences between services where the social community itself plays an essential role (a typical example of which could be Facebook) and where the communication tool is at centre stage (Windows Live Messenger or a wlan community network based on sharing the members’ internet access, including SparNet/OpenSpark). The closer the service is to the latter option, the more likely it is that it should be regarded as public telecommunications activity.
• Diversity, nature or functionality of the communications service. These difficult-to-define factors can be used to support the overall assessment when making the distinction between communications services and services that closely resemble them, such as payment systems used by banks. In this respect we may, for instance, examine the types of messaging that are offered, or whether the users can freely create the content of their communication.
• In practice, the degree to which the services are open and can be connected to other services varies greatly and may also depend on their level of development. Text message and multimedia message services, for example, were not interconnected between telecommunications operators when they were first launched. It is likely that similar development will emerge even more strongly in IP-based services.
• As an example of applying the aforementioned criteria outside the internet environment, we can examine an e-mail service offered by a newspaper for its subscribers which, as is typical of e-mail, interconnects with other services. By its nature, it clearly is a communications service (transmission of messages), and it is interconnected with other services (public DNS system). This comprises a communications service and public telecommunications activity referred to in the Act, even if the e-mail service offered along with the newspaper probably is a secondary reason for joining the ‘community’.

The criteria listed above mainly point to a set of users not subject to prior restrictions. The assessment of the service's nature as a communications service is discussed in detail under other headings.

Instant messaging differs from e-mail in that it enables real-time chats. The participants to the chat can see the text the others type, either as soon as it is entered, row by row, or message by message. Messages can be sent to one or more users simultaneously. In addition to text-based messaging, the applications may also have other features, including transmitting video image and audio, file sharing and a presence service.

Typically, registration is required to use the service, and depending on the software, it may also be necessary to install an IM application on the terminal device used. Internet browser based IM applications are also available. Communication is only possible with a user who has also joined and is connected to the service (cf. criterion of interconnection in section 4.2).

A single common standard or protocol is not used in instant messaging, which is why different services are not automatically interoperable, unlike e-mail services based on an internet domain name service (DNS). As a rule, an instant messaging service only works between the users of the same application. Some services are striving to combine different protocols in a single customer application.

Over the years, examples of instant messaging services on the open Internet have included Windows Live Messenger, Jabber, ICQ, AOL Instant Messenger and Yahoo! Messenger, IRC, KIK Messenger and WhatsApp.

The basic premise of the Act on Electronic Communications Services is technology neutrality. This is why all services provided via Internet access (OTT services) should be assessed as consistently as possible.

When assessing instant messaging services, the same criteria as those applied to VoIP telephone services can be applied to a great extent (of course, excluding the criterion of the service being connected to public telephone network numbers for outgoing and/or incoming calls). When a VoIP service provider or an e-mail service provider participates in transmitting voice data or e-mail messages through their own servers, they are providing a communications service.

• An IM service provider also provides a communications service when it participates in transmitting messages through its own server. The messages may contain text, audio or video.

On the other hand, the provision of software and presence services only, such as a directory service, has not been regarded as a communications service.

• For example, an application and a search service installed on a computer or other device which provides an IP address for routing a call or a message to the recipient is not a communications service.
• This type of pure peer network architecture does not have centralised servers that would participate in message transmission.

Unlike an e-mail service, for example, an instant messaging service is usually not connected to similar services offered by other providers, or other communications services. Typically, the possibility of communicating may be limited to the users of a specific technical application and/or the members of a certain social network. In this case, it is necessary to assess if the service is provided for a set of users subject to prior restriction, in which case it does not comprise public telecommunications activity.

• As a rule, the possibility of communicating within a community cannot be interpreted as public telecommunications activity.
• The fact that the service is bound to a certain application or mobile device does not provide grounds for considering the set of users restricted, as the software and devices are offered to an unrestricted set of users. The extent of such a set of users and the absence of restrictions to joining it are indications of public telecommunications activity rather than an internal service for a community.
• While the possibility of interconnections between an IM service with other IM services or other communications services supports the interpretation of a service as public telecommunications activity, it is not a decisive criterion.
• The assessment must always be carried out as a whole, and in terms of assessing public telecommunications activity, the key role is played by the scope and unrestricted nature of the potential set of users as well as the provision of, and possibility of using, the service as an independent communications service.