This page is dedicated to the provisions of the Act of 13 June 2005 on electronic communications (hereafter the Telecom Act) and its implementing measures regarding the provision of data (identification data, metadata or communication content) by the operators to the authorities (mostly the judicial authorities). The observance of these provisions is controlled by the BIPT. This page does not address the obligations resulting from other acts such as the Code of Criminal Procedure or the Organisation Act of 30 November 1998 of the intelligence and security services, the observance of which is not controlled by the BIPT.
As the non-observance of the provisions controlled by the BIPT on the matter may be subject to criminal sanctions, the infringements of these provisions shall be in principle established by (BIPT) investigating officers and the infringement procedure will be implemented either by the Council of the BIPT or the public prosecutor (see Article 21/1 of the Act of 17 January 2003 on the status of the regulator of the Belgian postal and telecommunications sectors).
Private networks and services unavailable to the public
Article 9(7) of the Telecom Act contains delegations to the King for providers of private electronic communications networks or electronic communications services which are not publicly accessible, which are not operators within the meaning of the Telecom Act. To this day, this Article has not been implemented.
Notion of operator
Article 2, 11°, of the Telecom Act defines an operator as a person or an undertaking providing a public electronic communications network or a publicly available electronic communications service.
Operators shall submit a notification to the BIPT with the exception of operators providing number-independent interpersonal communications services (usually called “OTTs”, see Article 9(1) of the Telecom Act).
Identification of end-users
Operators shall identify their subscribers (direct identification methods) or shall allow the authorities to identify them (indirect identification methods).
Article 127(10) of the Telecom Act includes an exhaustive list of the indirect identification methods allowed. The Telecom Act does not include a list of direct identification methods allowed but does include a list of identification data and documents. The Royal Decree of 27 November 2016 on the identification of the end-user of mobile public electronic communications services provided by means of a prepaid card includes an exhaustive list of the direct identification methods. However, that list is only applicable for the identification of prepaid card users.
Operators offering premium rate services may implement all identification methods (direct or indirect), except for the following indirect identification methods:
- The retention of the IP address used to subscribe to the electronic communications service or to activate it, the IP address at the source of the connection and the data which must be retained with these addresses, pursuant to Article 126 and for the periods provided for in that Article (Article 127(10), 1°);
- The collection and retention of the subscriber’s telephone number assigned in connection with a paid electronic communications service for which an operator shall identify the subscriber in accordance with this Article (Article 127(10), 1°, but the use of this method is permitted for operators’ Wi-Fi hotspots).
The operators offering free services may only implement indirect identification methods.
The legal framework applicable is the following:
- Article 127 of the Telecom Act;
- Royal Decree of 27 November 2016 on the identification of the end-user of mobile public electronic communications services provided by means of a prepaid card; Article 19 of this Royal Decree was implemented by the Royal Decree of 24 February 2017 regarding the appointment of the police service referred to in Article 19, § 1, subparagraph 2, 2°, of the Royal Decree of 27 November 2016 and by a set of Ministerial Orders (see the “legal and regulatory provisions regarding security” and “legal interception” topics on this page, in French and Dutch only).
- Opinion 20 December 2022 on Telenet’s request to use the Onfido tool to identify its customers
- Decision of 14 January 2020 regarding the non-compliance by Proximus with the rules on the identification of end-users of prepaid cards
- Decision of 14 January 2020 regarding the non-compliance by Telenet with the rules on the identification of end-users of prepaid cards
- Decision of 24 April 2019 regarding Lycamobile’s non-observance of the legislation regarding identification of end-users of prepaid cards
- Non-confidential version of the decision of 15 June 2018 imposing measures provided for in Article 21 of the Act of 17 January 2003 on the status of the regulator of the Belgian postal and telecommunications sectors on Lycamobile in the context of the identification of the end-users of prepaid cards
- Decision of 6 April 2018 regarding the extension of a temporary measure imposed upon Lycamobile by virtue of the decision of 30 march 2018 in the context of the identification of prepaid card end-users
- Decision of 30 March 2018 imposing temporary measures upon Lycamobile in the context of the identification of prepaid card end-users
- BIPT note for the attention of the operators regarding the Act of 1 September 2016 and the “prepaid cards” Royal Decree of 27 November 2016
- Consultation of 11 October 2016 on the conditions of use of IPV4/CGN
- BIPT FAQ about the operators' obligations regarding identification of end-users of public electronic communications services
Retention of identification data and electronic communications metadata
Operators shall retain identification data and metadata for the purposes of the authorities, as set out in the following provisions:
- Articles 2, 74°, 91° to 93°, 126 to 126/3 and 127/2 of the Telecom Act;
- Royal Decree of 19 September 2013 implementing Article 126 (currently being revised).
Concerning the geographically targeted retention, the NTSU (National Technical and Tactical Support Unit) department of the special units of the Federal police (hereafter the NTSU) is responsible for communicating the map of the areas to be covered to operators.
The use of cryptography
The use of cryptography was previously regulated in Article 48 of the Telecom Act.
It is currently regulated in Article 107/5 of the Telecom Act, which reads as follows (free translation):
“Art. 107/5. § 1. In order to support digital security, the use of cryptography shall be free within the limits set out in paragraphs 2 to 4.
§ 2. The use of cryptography cannot prevent emergency communications, including the identification of the calling line or the provision of caller identification data.
§ 3. The use of cryptography by an operator to ensure the security of communications shall not prevent the execution of a targeted request by a competent authority, under the conditions laid down by law, for the purpose of identifying the end-user and tracing and locating communications not accessible to the public.
§ 4. The use of cryptography by a foreign operator, the end-user or the subscriber of which is located on Belgian territory, cannot prevent the execution of a request from a competent authority as referred to in paragraphs 2 and 3.
Any contractual clause taken by operators which interferes with the implementation of the first subparagraph shall be prohibited and void.”
Article 107/5 was last amended by the Act of 20 July 2022 on the collection and retention of identification data and metadata in the electronic communications sector and the provision of such data to the authorities.
Cooperation with the authorities
Article 127/1 of the Telecom Act sets out the general framework for the provision of identification data and metadata retained by operators to the authorities. In order for an authority to obtain such data from an operator, it must not only fulfil a purpose of Article 127/1, it must also be able to rely on a formal legislative norm of its own legislation (e.g. the Code of Criminal Procedure). This page does not address these formal legislative norms.
Article 127/1(5) of the Telecom Act provides that the Minister of Telecommunication shall have a circular published in the Belgian Official Gazette, which includes a list of Belgian authorities that are entitled to obtain from an operator data retained pursuant to Articles 122, 123, 126, 126/1, 126/3 and 127 of the same Act (circular currently being drafted).
Based on Article 127/1, the operators must provide the BIPT with statistics on the requests of the authorities concerning the data retained pursuant to Articles 122, 123, 126, 126/1, 126/3 and 127 of the Telecom Act. The BIPT will request these statistics from the operators as it cannot obtain them via the “TANK” exchange platform of the NTSU department.
The BIPT has no information on the number of requests from the various authorities (in particular the judicial authorities and the intelligence and security services) that an operator entering the Belgian market will receive.
- Statistics data retention 2018
- Statistics about data retention in 2017
- Statistics data retention 2016
- Statistics data retention 2014-2015
- Information brochure about the duty to collaborate with the judicial authorities
Article 127/3 provides that each operator must establish a Coordination Cell, which is responsible for providing electronic communications data to the legally authorised authorities upon their request.
The Royal Decree of 9 January 2003 determining the conditions of the legal collaboration obligation in case of judicial requests on electronic communications (implementation of the Telecom Act and the Code of Criminal Procedure) provides that this cell must be established in Belgium and available 24/7.
According to Article 127/3 of the Telecom Act and the aforementioned Royal Decree of 9 January 2003, the members of the Coordination Cell must obtain a positive security advice from the National Security Authority (NSA). The same article provides that the competent administrative authority in this matter is the Minister of Justice (a task performed in practice by the State Security Service).
The operator shall submit the advice request to the State Security Service via its security officer. The operator which does not have a security officer can contact the BIPT security officers to submit such an advice request.
Each telecom operator must enter and update the contact details of its cell in the unified notification platform. That platform enables the competent authorities to access the contact details of the coordination cell.
Article 127/3 of the Telecom Act provides that the King shall determine, for operators other than those which already have a security officer due to other activities than the Coordination Cell, the operator categories that are exempted from the obligation to designate such an officer, depending on the number of requests received from the judicial authorities, as well as the rules that apply in the absence of such an officer (Royal Decree currently being drafted).
Article 13/1 of the Act of 11 December 1998 on classification and security clearances, security certificates and security advices indicates that security officers are responsible:
“a) on the one hand, for the application and the monitoring of the security policy and the protection of classified information or, on the other hand, the follow-up of security certificates and security advices;
b) the follow-up, in particular for the indication of elements concerning persons who have received a security advice, a security certificate or a security clearance and which may lead to a review of that security advice, security certificate or security clearance.” (free translation)
The NTSU department has set up an exchange platform (“TANK”) for the automation of certain requests from the judicial authorities and intelligence and security services. This platform also enables operators to send their answers. Operators that have questions about this platform can contact the NTSU at this address.
Applicable legal framework
- Act of 13 June 2005 on electronic communications (in particular Articles 127/1 and 127/3);
- Act of 11 December 1998 on classification and security clearances, security certificates and security advices;
- Royal Decree of 12 October 2010 determining the conditions of the legal collaboration obligation in case of requests on electronic communications by the intelligence and security services (implementation of the Telecom Act and the Organisation Act of 30 November 1998 of the intelligence and security services);
- Royal Decree of 9 January 2003 determining the conditions of the legal collaboration obligation in case of judicial requests on electronic communications (implementation of the Telecom Act and the Code of Criminal Procedure);
- Ministerial Order of 9 July 2020 implementing Article 6, § 3, subparagraph 2, and Article 10bis, subparagraph 2, of the Royal Decree of 9 January 2003 laying down the terms and conditions of the legal collaboration obligation in case of judicial requests regarding electronic communications;
- Ministerial Order of 16 July 2020 implementing Article 6, subparagraph 2, and Article 8, § 3, subparagraph 3, of the Royal Decree of 12 October 2010 laying down the terms and conditions of the legal collaboration obligation in case of requests on electronic communications by the intelligence and security services.