Risk area
Regulatory obligations resulting from legislation changes and administrative decisions.
Main business objective / Strategy reference
Acting in effective and responsible manner.
Risk exposure (year-on-year change)
Key risks, issues or areas of uncertainty
- Risks related to acquisition of new spectrum for high-tech telecommunications services (including 5G)
- Potential consequences of US – China Dispute
- Legislative process of Electronic Communications Law (will replace the current Telecommunications Law)
- Proceedings by UOKiK and European Commission related to network sharing
- Financial corrections or compensation for delays in POPC investments
- Increased tax burden and fiscal pressure resulting from changes in legislation
- Increase in remuneration for the use of third parties’ land for the purpose of development and maintenance of Orange Polska’s infrastructure
- Reputational and financial losses resulting from involvement of Orange Polska’s employees in corruption schemes
Potential impact
Orange Polska must comply with various regulatory obligations governing the provision of services and products, particularly related to obtaining and renewing licences. The regulatory obligations result from legislation changes and administrative decisions. Regulatory decisions and changes in the regulatory environment may have an adverse effect on Orange Polska.
Adjustments of operations to the provisions of the new Electronic Communications Law will be required in 2021. The new law (currently in the legislative process) will replace Telecommunications Law and will constitute new legal framework for the telecommunications operators.
There are on-going legislative works at the government level on the draft law on national cybersecurity system. This draft law includes inter alia the assessment scheme of the so called high-risk supplier. Among the assessment criteria there is control over a given supplier by a non-EU, non-NATO state.
If a vendor is recognized as a high-risk supplier through immediately enforceable administrative decision, then telecommunications operators (and other entities subject to regulations) will be obliged to:
- not put into use ICT services/ products/processes indicated in the decision and provided by the high-risk vendor
- withdraw the indicated ICT services/ products/processes no later than within 7 years (general regulation) or 5 years (applies to telecommunication operators if the decision covers critical functions of the network)
For telecom operators, such as Orange Polska, imposition of such regulations could affect the range of telecommunications equipment suppliers available on the market which may bring delays or increase in costs of implementation of the 5G network. New regulations could also entail other costs related to obligation of withdrawal of products/services/processes provided by a high-risk vendor.
There is a risk of failure to achieve the expected return on investment due to decrease of co-financing or obligation to extend the scope of investment with regard to POPC.
Despite Orange Polska’s drive to strengthen its anti-corruption policy, corruption cases could occur due to the number of partners engaged and complex processes performed. This could have an adverse impact, particularly on Orange Polska’s reputation.
Management approach and mitigation measures
In 2020, there were a number of changes in the legal environment with respect to both general law and provisions specific to the telecom sector. Legislative process of the Electronic Communication Law began in 2020 and work continues, the new act should come into force probably in 3Q2021. The legal and regulatory environment requires constant and diligent monitoring, as well as allocating resources to implement new regulations and prevent any noncompliance.
At the European level, in 2019 the European Union commenced work to develop a concerted approach to 5G network security, particularly carrying out a risk assessment and identifying the key risks affecting 5G networks. As a result general approach to the 5G network security was presented in the „Cybersecurity of 5G networks – EU Toolbox of risk mitigating measures.” published in Jan. 2020. This document does not explicitly exclude or prohibit any supplier. However the dependence on one supplier, as well as risk associated with the supply chain, including the activities of other countries, were considered a significant risk. It is also foreseen for Member States to carry out risk profile analysis and depending on their result introduce appropriate restrictions and exclusions especially for key resources. This is also done at the national level, as reflected in signing of the U.S.-Poland Joint Declaration on 5G in 2019 and commencement (2020) of a legislative process regarding new requirements for the security and integrity of telecommunications networks, including 5G. Orange Polska keeps track of this area of possible regulation and will act to comply with any new obligations if they will be put in force.
Orange Polska has implemented an Anti-Corruption Policy and Guidelines. These regulations contain detailed rules and standards as well as references to specific conditions and circumstances relating to the identification and mitigation of corruption risks. In addition, we have carried out a number of trainings and information campaigns to raise awareness of anti-corruption laws and rules among employees. In 2019 new anti-corruption training program „Zero tolerance for corruption” was implemented in OPL. Trainings were profiled according to the risk’s exposure of particular groups of employees.