Regulations last checked for updates: Jul 16, 2026

Title 47 - Telecommunication last revised: Jul 13, 2026
§ 1.70024 - One-time cybersecurity and physical security certification.

(a) Existing licensees. Each licensee whose cable landing license was granted before [effective date of amendatory instruction 19], must:

(1) Implement a cybersecurity and physical security risk management plan consistent with the requirements in § 1.70006(c) within one year of [effective date of amendatory instruction 19]. To the extent the licensee does not commence service on the submarine cable by this timeframe, the licensee must implement a cybersecurity and physical security risk management plan as of the date the submarine cable is placed into service.

(2) Submit a certification to the Commission within thirty (30) days of [effective date of amendatory instruction 19], that it will implement a cybersecurity and physical security risk management plan consistent with the requirements in § 1.70006(c).

(3) The licensee shall submit cybersecurity and physical security risk management plans to the Commission upon request. The Office of International Affairs, in coordination with the Public Safety and Homeland Security Bureau, may request, at its discretion, submission of such cybersecurity and physical security risk management plans and evaluate them for compliance with the Commission's rules in this subpart. The cybersecurity and physical security risk management plans provided under this subsection shall be treated as presumptively confidential.

(4) The licensee shall preserve data and records related to its cybersecurity and physical security risk management plans, including documentation necessary to demonstrate how those plans are implemented, for a period of two years from the date the related risk management plan certification is submitted to the Commission.

(b) Pending application for cable landing license. If an application for a cable landing license is filed prior to [effective date of amendatory instruction 19], and remains pending on or after [effective date of amendatory instruction 19], the applicant(s) must submit a certification, within thirty (30) days of [effective date of amendatory instruction 19], attesting that it will create and implement a cybersecurity and physical security risk management plan as of the date the submarine cable is placed into service.

[90 FR 48703, Oct. 27, 2025]
authority: 47 U.S.C. chs. 2, 5, 9, 13; 28 U.S.C. 2461 note; 47 U.S.C. 1754,unless
cite as: 47 CFR 1.70024