This page is dedicated to the provisions of the Act of 13 June 2005 on electronic communications (hereafter the Telecom Act) and its implementing measures regarding the provision of data (data relating to subscribers, metadata or communication content) by the operators to the authorities (mostly the judicial authorities).
Article 2, 11°, of the Telecom Act defines an operator as a person or an undertaking providing a public electronic communications network or a publicly available electronic communications service. Operators must submit a notification to the BIPT with the exception of operators providing number-independent interpersonal communications services (usually called “OTTs”, see Article 9, § 1, of the Telecom Act).
As the non-observance of the above-mentioned provisions may be subject to criminal sanctions, the infringements of these provisions shall be in principle established by (BIPT) investigating officers and the infringement procedure will be implemented either by the Council of the BIPT or the public prosecutor (see Article 21/1 of the Act of 17 January 2003 on the status of the regulator of the Belgian postal and telecommunications sectors).
Article 9, § 7, of the Telecom Act includes delegations to the King for providers of private electronic communications networks or electronic communications services which are not publicly accessible. To this day, this Article has not been implemented.
This page does not address the obligations resulting from other acts such as the Code of Criminal Procedure or the Organisation Act of 30 November 1998 of the intelligence and security services, the observance of which is not controlled by the BIPT.
Identification of end-users
Operators must identify their subscribers (direct identification methods) or must allow the authorities to identify them (indirect identification methods).
Article 127, § 10, of the Telecom Act includes a complete list of the indirect identification methods allowed. The Telecom Act does not include a list of direct identification methods allowed but does include a list of identification data and documents. The Royal Decree of 27 November 2016 on the identification of the end-user of mobile public electronic communications services provided by means of a prepaid card includes an exhaustive list of the direct identification methods. However, that list is only applicable for the identification of prepaid card users.
Operators offering paid services may implement all identification methods (direct or indirect), except for the following indirect identification methods:
- The retention of “the IP address used to subscribe to the electronic communications service or to activate it, the IP address at the source of the connection and the data which must be retained with these addresses, pursuant to Article 126 and for the periods provided for in that Article” (Article 127, § 10, 1°);
- The collection and retention of “the subscriber’s telephone number assigned in connection with a paid electronic communications service for which an operator shall identify the subscriber in accordance with this Article” (Article 127, § 10, 2°). However, the implementation of this method is allowed for operators' Wi-Fi hotspots.
The operators offering free services may only implement indirect identification methods.
The legal framework applicable is the following:
- Article 127 of the Telecom Act;
- Royal Decree of 27 November 2016 on the identification of the end-user of mobile public electronic communications services provided by means of a prepaid card;
- Ministerial Order of 19 December 2016 authorising the identification method proposed by Telenet Group in accordance with Article 19, § 1, subparagraph 2, 2°, of the Royal Decree of 27 November 2016 on the identification of the end-user of mobile public electronic communications services provided by means of a prepaid card;
- Ministerial Order of 19 December 2016 authorising the identification method proposed by Scarlet Belgium in accordance with Article 19, § 1, subparagraph 2, 2°, of the Royal Decree of 27 November 2016 on the identification of the end-user of mobile public electronic communications services provided by means of a prepaid card;
- Royal Decree of 24 February 2017 regarding the appointment of the police service referred to in Article 19, § 1, subparagraph 2, 2°, of the Royal Decree of 27 November 2016;
- Ministerial Order of 8 May 2017 authorising the identification method proposed by Carrefour Belgium SA in accordance with Article 19, § 1, subparagraph 2, 2°, of the Royal Decree of 27 November 2016 on the identification of the end-user of mobile public electronic communications services provided by means of a prepaid card;
- Ministerial Order of 31 August 2017 appointing as public authority the Immigration Office of the FPS Internal Affairs in accordance with Article 9, subparagraph 2, of the Royal Decree of 27 November 2016 on the identification of the end-user of mobile public electronic communications services provided by means of a prepaid card;
- Ministerial Order of 22 December 2017 authorising the identification method proposed by Lycamobile SPRL in accordance with Article 19, § 1, subparagraph 2, 2°, of the Royal Decree of 27 November 2016 on the identification of the end-user of mobile public electronic communications services provided by means of a prepaid card;
- Ministerial Order of 24 June 2019 authorising the identification method proposed by Unleashed S.A. in accordance with Article 19, § 1, subparagraph 2, 2°, of the Royal Decree of 27 November 2016 on the identification of the end-user of mobile public electronic communications services provided by means of a prepaid card;
- Ministerial Order of 9 February 2023 authorising Telenet Group to use the facial comparison method “ Onfido ” to identify its subscribers;
- Ministerial Order of 13 March 2023 authorising Proximus to use a facial comparison method to identify its subscribers.
Relevant documents
- Decision of 14 January 2020 regarding the non-compliance by Proximus with the rules on the identification of end-users of prepaid cards
- Decision of 14 January 2020 regarding the non-compliance by Telenet with the rules on the identification of end-users of prepaid cards
- Decision of 24 April 2019 regarding Lycamobile’s non-observance of the legislation regarding identification of end-users of prepaid cards
- Non-confidential version of the decision of 15 June 2018 imposing measures provided for in Article 21 of the Act of 17 January 2003 on the status of the regulator of the Belgian postal and telecommunications sectors on Lycamobile in the context of the identification of the end-users of prepaid cards
- Decision of 6 April 2018 regarding the extension of a temporary measure imposed upon Lycamobile by virtue of the decision of 30 march 2018 in the context of the identification of prepaid card end-users
- Decision of 30 March 2018 imposing temporary measures upon Lycamobile in the context of the identification of prepaid card end-users
- BIPT note for the attention of the operators regarding the Act of 1 September 2016 and the “prepaid cards” Royal Decree of 27 November 2016
- Consultation of 11 October 2016 on the conditions of use of IPV4/CGN
- BIPT FAQ about the operators' obligations regarding identification of end-users of public electronic communications services
Retention of subscriber data and metadata
Operators must retain data relating to subscribers and metadata for the purposes of the authorities, as set out in the following provisions:
- Articles 2, 74°, 91° to 93°, 126 to 126/3 and 127/2 of the Telecom Act;
- Ministerial Order of 30 March 2023 implementing Article 126/3, § 1, the Act of 13 June 2005 on electronic communications with a view to adopting the list of judicial districts and police zones subject to the obligation of retention and the period of retention;
- Royal Decree of 4 October 2023 on the data to be retained by the electronic communications operators for the authorities, pursuant to Articles 126 to 126/3 of the Act of 13 June 2005 on electronic communications, and the statistics on the communication of these data to the authorities.
Concerning the geographically targeted retention, the NTSU (National Technical and Tactical Support Unit) department of the special units of the Federal police (hereafter the NTSU) is responsible for communicating the map of the areas to be covered to operators; - Royal Decree of 16 November 2023 implementing Article 126/3, § 2, of the Act of 13 June 2005 on electronic communications, with a view to confirming the level of threat covering the entire territory;
- Ministerial Order of 28 March 2024 implementing Article 126/3, § 1, of the Act of 13 June 2005 on electronic communications for the purpose of establishing the list of judicial districts and police areas subject to data retention, together with the retention period.
Concerning the geographically targeted retention, the NTSU (National Technical and Tactical Support Unit) department of the special units of the Federal police (hereafter the NTSU) is responsible for communicating the map of the areas to be covered to operators.
The use of cryptography
The use of cryptography was previously regulated in Article 48 of the Telecom Act.
It is currently regulated in Article 107/5 of the Telecom Act, which reads as follows (free translation):
“Art. 107/5. § 1. In order to support digital security, the use of cryptography shall be free within the limits set out in paragraphs 2 to 4.
§ 2. The use of cryptography cannot prevent emergency communications, including the identification of the calling line or the provision of caller identification data.
§ 3. The use of cryptography by an operator to ensure the security of communications shall not prevent the execution of a targeted request by a competent authority, under the conditions laid down by law, for the purpose of identifying the end-user and tracing and locating communications not accessible to the public.
§ 4. The use of cryptography by a foreign operator, the end-user or the subscriber of which is located on Belgian territory, cannot prevent the execution of a request from a competent authority as referred to in paragraphs 2 and 3.
Any contractual clause taken by operators which interferes with the implementation of the first subparagraph shall be prohibited and void.”
Article 107/5 was last amended by the Act of 20 July 2022 on the collection and retention of identification data and metadata in the electronic communications sector and the provision of such data to the authorities.
Provision of data to the authorities
Article 127/1 of the Telecom Act sets out the general framework for the provision of data relating to subscribers and metadata retained by operators to the authorities. In order for an authority to obtain such data from an operator, it must not only fulfil a purpose of Article 127/1, it must also be able to rely on a formal legislative instrument of its own legislation (e.g. the Code of Criminal Procedure). This page does not address these formal legislative instruments.
Article 127/1, § 5, of the Telecom Act provides that the Minister of Telecommunication shall have a circular published in the Belgian Official Gazette, which includes a list of Belgian authorities that are entitled to obtain from an operator data retained pursuant to Articles 122, 123, 126, 126/1, 126/3 and 127 of the same Act (circular currently being drafted).
Based on Article 127/1, operators must provide the BIPT with statistics on the requests of the authorities concerning the data retained pursuant to Articles 122, 123, 126, 126/1, 126/3 and 127 of the Telecom Act. The BIPT will request these statistics from the operators as it cannot obtain them via the “TANK” exchange platform of the NTSU department.
The BIPT has no information on the number of requests from the various authorities (in particular the judicial authorities and the intelligence and security services) that an operator entering the Belgian market will receive.
Coordination Cell
Article 127/3 provides that each operator must establish a Coordination Cell, which is responsible for providing electronic communications data to the legally authorised authorities upon their request.
The Royal Decree of 9 January 2003 determining the conditions of the legal collaboration obligation in case of judicial requests on electronic communications (implementation of the Telecom Act and the Code of Criminal Procedure) provides that this cell must be established in Belgium and available 24/7.
According to Article 127/3 of the Telecom Act and the aforementioned Royal Decree of 9 January 2003, the members of the Coordination Cell must obtain a positive security advice from the National Security Authority (NSA). The same article provides that the competent administrative authority in this matter is the Minister of Justice (a task performed in practice by the State Security Service).
The operator must submit the security advice request to the State Security Service via its security officer. The operator which does not have a security officer can contact the BIPT security officers to submit such an advice request.
Each telecom operator must enter and update the contact details of its cell in the unified notification platform. That platform enables the competent authorities to access the contact details of the coordination cell.
Security officer
Article 127/3 of the Telecom Act provides that the King shall determine, for operators other than those which already have a security officer due to other activities than the Coordination Cell, the operator categories that are exempted from the obligation to designate such an officer, depending on the number of requests received from the judicial authorities, as well as the rules that apply in the absence of such an officer.
Article 13/1 of the Act of 11 December 1998 on classification and security clearances, security certificates and security advices indicates that security officers are responsible:
“a)the application and monitoring of the security policy and the protection of classified information or the follow-up of security certificates and security advices;
b) the follow-up, in particular for the indication of elements concerning persons who have received a security advice, a security certificate or a security clearance and which may lead to a review of that security advice, security certificate or security clearance.”
Technical means
The NTSU department has set up an exchange platform (“TANK”) for the automation of certain requests from the judicial authorities and intelligence and security services. This platform also enables operators to send their answers. Operators that have questions about this platform can contact the NTSU at contact the NTSU via e-mail.
Circular of the Minister of Telecommunications and information sheets of the authorities
By clicking on this link you can access the circular of the Minister of Telecommunications of 1/03/2024 on the provision by the operators to the competent Belgian authorities of data retained pursuant to Articles 122, 123, 126, 126/1 and 127 of the Act of 13 June 2005 on electronic communications.
The annex to this circular lists the Belgian authorities which declared that they are lawfully entitled to obtain data retained pursuant to one of the aforementioned articles from an operator.
Information complementary to this appendix can be found in the sheets of the following authorities:
- The judicial authorities;
- The Missing Persons Unit of the Federal police;
- The intelligence and security services (the Belgian State Security Service (VSSE) and the General Intelligence and Security Service);
- The Belgian Competition Authority (BCA);
- The Financial Services and Markets Authority (FSMA);
- The FPS Public Health, Food Chain Security and Environment;
- The Office of the Ombudsman for Telecommunications;
- The inspection services of the FPS Economy;
- The Belgian Institute for Postal Services and Telecommunications (BIPT);
- The Centre for Cyber Security Belgium (CCB);
- Statistics Belgium (under the FPS Economy, SMEs, Self-Employed and Energy (Statbel)).
These sheets have been established by these authorities. The BIPT has therefore no responsibility for their content (except regarding its own sheet).
The sheets indicate the type of company to which the authority can address its request. If these sheets refer to the notion of operator, then they refer to the notion as defined in Article 2, 11°, of the Act of 13 June 2005 on electronic communications (“a person or an undertaking providing a public electronic communications network or a publicly available electronic communications service”).
Certain sheets refer to the notion of electronic communications network operator and electronic communications service provider, which are broader notions than the notion of operator within the meaning of the aforementioned act.
Applicable legal framework
- Act of 13 June 2005 on electronic communications (in particular Articles 127/1 and 127/3);
- Act of 11 December 1998 on classification and security clearances, security certificates and security advices;
- Royal Decree of 12 October 2010 determining the conditions of the legal collaboration obligation in case of requests on electronic communications by the intelligence and security services (implementation of the Telecom Act and the Organisation Act of 30 November 1998 of the intelligence and security services);
- Royal Decree of 9 January 2003 determining the conditions of the legal collaboration obligation in case of judicial requests on electronic communications (implementation of the Telecom Act and the Code of Criminal Procedure);
- Ministerial Order of 9 July 2020 implementing Article 6, § 3, subparagraph 2, and Article 10bis, subparagraph 2, of the Royal Decree of 9 January 2003 laying down the terms and conditions of the legal collaboration obligation in case of judicial requests regarding electronic communications;
- Ministerial Order of 16 July 2020 implementing Article 6, subparagraph 2, and Article 8, § 3, subparagraph 3, of the Royal Decree of 12 October 2010 laying down the terms and conditions of the legal collaboration obligation in case of requests on electronic communications by the intelligence and security services.
Relevant documents
- Communication from the NTSU to the operators
- Statistics data retention 2018
- Statistics about data retention in 2017
- Statistics data retention 2016
- Statistics data retention 2014-2015
- Information brochure about the duty to collaborate with the judicial authorities