BoR (22) 81

BEREC Guidelines on
the Implementation of the Open Internet
Regulation

9 June 2022
 BoR (22) 81

Contents
Background and general aspects ....................................................................................... 2
Article 1 Subject matter and scope ..................................................................................... 3
Article 2 Definitions .............................................................................................................. 4
Article 3 Safeguarding of open internet access ................................................................. 7
Article 3(1) end-users’ rights ............................................................................................ 8
Article 3(2) agreements ..................................................................................................... 9
Article 3(3) first subparagraph: equal treatment of traffic ........................................... 16
Article 3(3) second subparagraph: reasonable traffic management .......................... 19
Article 3(3) third subparagraph: beyond reasonable traffic management ................. 23
Article 3(3) (a) Union and national legislation .............................................................. 26
Article 3(3) (b) preserving the integrity of the network ................................................ 27
Article 3(3) (c) preventing impending network congestion ......................................... 28
Article 3(4) processing of personal data ....................................................................... 30
Article 3(5) first subparagraph: necessity requirement of specialised services....... 30
Article 3(5) second subparagraph: capacity requirement for specialised services . 34
Article 4 Transparency measures for ensuring open internet access ........................... 37
Article 4(1) transparency measures for ensuring open internet access .................... 37
Article 4(1) (a) transparency and traffic management measures................................ 39
Article 4(1) (b) transparency and quality of service parameters................................. 40
Article 4(1) (c) transparency on specialised services .................................................. 41
Article 4(1) (d) transparency on contractual speeds ................................................... 41
Article 4(1) (e) transparency on remedies available to consumers ............................ 44
Article 4(2) procedures to address complaints ............................................................ 44
Article 4(3) national transparency requirements .......................................................... 45
Article 4(4) certified monitoring mechanism ................................................................ 45
Article 5 Supervision and enforcement ............................................................................ 47
Article 5(1) supervision and enforcement ..................................................................... 47
Article 5(2) requesting information ................................................................................ 52
Article 5(3) issuing these Guidelines ............................................................................ 53
Article 5(4) competences ................................................................................................ 53
Article 6 Penalties ............................................................................................................... 54
Article 10 Entry into force and transitional provisions ................................................... 54
Article 10(1) entry into force of the Regulation ............................................................ 54
Article 10(2) application of the Regulation ................................................................... 54
Article 10(3) transition period ........................................................................................ 55

1
 BoR (22) 81

Background and general aspects

1. These BEREC Guidelines, drafted in accordance with Article 5(3) of the Regulation 1, are
designed to provide guidance on the implementation of the obligations of NRAs.
Specifically, this includes the obligations to closely monitor and ensure compliance with
the rules to safeguard equal and non-discriminatory treatment of traffic in the provision
of internet access services and related end-users rights as laid down in Articles 3 and 4.
These Guidelines constitute recommendations to NRAs, and NRAs should take utmost
account of the Guidelines. 2 The Guidelines should contribute to the consistent application
of the Regulation, thereby contributing to regulatory certainty for stakeholders. These
Guidelines have been reviewed in light of the European Court of Justice (ECJ) rulings 3
concerning the interpretation of the specific Articles of the Regulation.

Terminology
2. For the purpose of these Guidelines, BEREC has used the following terms throughout the
Guidelines to improve readability. 4

Application In these Guidelines, BEREC uses the term “application” as a shorthand

expression for more lengthy expressions from the Regulation, like
“applications and services”, “content, application and service”.
CAP (Content CAPs make content (e.g. web pages, blogs, video) and/or applications
and Application (e.g. search engines, VoIP applications) and/or services available on
Provider) the internet. CAPs may also make content, services and applications
available via specialised services.
ISP (Internet In these Guidelines, BEREC uses the term “ISP” to refer to providers of
Service internet access services (IAS). ISPs may also be providers of
Provider) specialised services.

1
Regulation (EU) 2015/2120 of the European Parliament and of the Council of 25 November 2015
laying down measures concerning open internet access and retail charges for regulated intra-EU
communications and amending Directive 2002/22/EC and Regulation (EU) No 531/2012, https://eur-
lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02015R2120-20181220
2
As set out in Article 4(4) of Regulation (EU) 2018/1971 of the European Parliament and of the Council
of 11 December 2018 establishing the Body of European Regulators for Electronic Communications
(BEREC) and the Agency for Support for BEREC (BEREC Office), amending Regulation (EU)
2015/2120 and repealing Regulation (EC) No 1211/2009, https://eur-lex.europa.eu/legal-
content/EN/TXT/?uri=CELEX%3A32018R1971 and recital 19 of Regulation (EU) 2015/2120
3
The ECJ rulings in question are ECJ C-807/18 and C-39/19 Telenor Magyarország of 15 September
2020, as well as ECJ C-854/19 Vodafone (roaming), C-5/20 Vodafone (tethering) and C-34/20 Telekom
Deutschland (throttling) of 2 September 2021:
• ECJ C-807/18 and C-39/19, https://curia.europa.eu/juris/documents.jsf?num=C-807/18
• ECJ C-854/19, https://curia.europa.eu/juris/documents.jsf?num=C-854/19
• ECJ C-5/20, https://curia.europa.eu/juris/documents.jsf?num=C-5/20
• ECJ C-34/20, https://curia.europa.eu/juris/documents.jsf?num=C-34/20
4
Definitions of terms used in the Regulation are provided in the relevant parts of the Guidelines.

2
 BoR (22) 81

Specialised In these Guidelines, BEREC uses the term “specialised services” as a

service shorthand expression for “services other than internet access services
which are optimised for specific content, applications or services, or a
combination thereof, where the optimisation is necessary in order to
meet requirements of the content, applications or services for a specific
level of quality” (ref. Article 3(5)).

Article 1
Subject matter and scope
This Regulation establishes common rules to safeguard equal and non-discriminatory treatment of
traffic in the provision of internet access services and related end-users’ rights.

Recital 1
This Regulation aims to establish common rules to safeguard equal and non-discriminatory treatment of traffic in
the provision of internet access services and related end-users’ rights. It aims to protect end-users and
simultaneously to guarantee the continued functioning of the internet ecosystem as an engine of innovation.

Recital 2
The measures provided for in this Regulation respect the principle of technological neutrality, that is to say they
neither impose nor discriminate in favour of the use of a particular type of technology.

Recital 3
The internet has developed over the past decades as an open platform for innovation with low access barriers for
end-users, providers of content, applications and services and providers of internet access services. The existing
regulatory framework aims to promote the ability of end-users to access and distribute information or run
applications and services of their choice. However, a significant number of end-users are affected by traffic
management practices which block or slow down specific applications or services. Those tendencies require
common rules at the Union level to ensure the openness of the internet and to avoid fragmentation of the internal
market resulting from measures adopted by individual Member States.

3. Article 1 sets out the subject matter and scope of the Regulation, which is to establish
common rules to safeguard “equal and non-discriminatory treatment of traffic in the
provision of internet access services” and “related end-users’ rights”.

4. According to the EECC 5, “end-user” means a user not providing public electronic
communications networks or publicly available electronic communications services 6. In
turn, “user” means a natural or legal person using or requesting a publicly available
electronic communications service 7. On that basis, BEREC understands “end-user” to
encompass individuals and businesses, including consumers as well as CAPs. This

5
Directive (EU) 2018/1972 of the European Parliament and the Council of 11 December 2018
establishing the European Electronic Communications Code (Recast) (EECC)
6
See Article 2(14) EECC
7
See Article 2(13) EECC

3
 BoR (22) 81

interpretation is confirmed by the ECJ in its Telenor Magyarország ruling, where the ECJ
makes direct reference to both categories of end-users 8.

5. CAPs are protected as end-users under the Regulation in so far as CAPs use an IAS to
reach other end-users. However, some CAPs may also operate their own networks and,
as part of that, have interconnection agreements with ISPs; the provision of
interconnection is a distinct service from the provision of IAS.

6. NRAs may take into account the interconnection policies and practices of ISPs in so far
as they have the effect of limiting the exercise of end-user rights under Article 3(1). For
example, this may be relevant in some cases, such as if the interconnection is
implemented in a way which seeks to circumvent the Regulation. 9

Article 2
Definitions
For the purposes of this Regulation, the definitions set out in Article 2 of Directive 2002/21/EC apply.
The following definitions also apply:

7. The Regulation makes reference to the definitions of Article 2 of Directive 2002/21/EC

which has been repealed by the EECC. These references must now be read as
references to the relevant parts of the EECC 10. This includes the terms “end-user”,
“consumer”, “electronic communications services”, “electronic communications
network” and “network termination point (NTP)”.

“Provider of electronic communications to the public”

(1) ‘provider of electronic communications to the public’ means an undertaking providing public
communications networks or publicly available electronic communications services;

8. The term “provider of electronic communications to the public” (PECP) comprises both
“public communications networks” and “electronic communications services” (ECS),
which are defined in Article 2 of the EECC. 11

8
See ECJ C-807/18 and C-39/19 Telenor Magyarország, paragraphs 36-38. Note that the ECJ here
makes reference to the Framework Directive which has since been repealed by the EECC but the
definitions have not changed in a material way.
9
Recital 7: “Such agreements, as well as any commercial practices of providers of internet access
services, should not limit the exercise of those rights and thus circumvent provisions of this Regulation
safeguarding open internet access”
10
References to Directive 2002/21/EC should be read as references to Directive (EU) 2018/1972 with
effect from 21 December 2020. See Article 125 EECC.
11
Ref. Article 2(4) and (8) EECC, formerly Article 2 (c) and (d) of the Framework Directive.

4
 BoR (22) 81

9. Conversely, the definition of PECP does not cover providers of electronic

communication services or communication networks that are not publicly available,
which are therefore out of scope of this Regulation.

10. Electronic communication services or networks that are offered not only to a
predetermined group of end-users but in principle to any customer who wants to
subscribe to the service or network should be considered to be publicly available.
Electronic communication services or networks that are offered only to a predetermined
group of end-users could be considered to be not publicly available. 12

11. Virtual private network (VPN) services are typically offered by PECPs to anyone that
wishes to enter a contract for the provision of such a service. These would be
considered to be publicly available; whereas the operation of a specific VPN would be
a private network. The term “private” in this context describes the use of such a service
which is usually limited to end points of the business entering the contract and is
secured for internal communications. VPNs are further discussed in paragraph 115.

12. The following examples could be considered as services or networks not being made
publicly available, subject to a case-by-case assessment by NRAs taking into account
national practices:

• access to the internet provided by cafés and restaurants;

• internal corporate networks;

• private M2M-networks, for example in factories and ports.

Examples of criteria which could be used to make assessments include the contractual
relationship under which the service is provided, the range of users and whether the
range is predetermined. Where the end-user contracts directly with the ISP specifically
for the service, this is more likely to be considered a publicly available service.
Enterprise services having a closed group of end-users, that are not available to the
general public, would ordinarily not be considered to be publicly available.

“Internet access service”

(2) ‘internet access service’ means a publicly available electronic communications service that provides
access to the internet, and thereby connectivity to virtually all end points of the internet, irrespective of
the network technology and terminal equipment used.

Recital 4
An internet access service provides access to the internet, and in principle to all the end-points thereof, irrespective
of the network technology and terminal equipment used by end-users. However, for reasons outside the control
of providers of internet access services, certain end points of the internet may not always be accessible. Therefore,
such providers should be deemed to have complied with their obligations related to the provision of an internet
access service within the meaning of this Regulation when that service provides connectivity to virtually all end

12
For further discussion of publicly available services, see for example case E-6/16 Fjarskipti v Icelandic
Post and Telecom Administration, judgment of 22 December 2016 in the EFTA Court.

5
 BoR (22) 81

points of the internet. Providers of internet access services should therefore not restrict connectivity to any
accessible end-points of the internet.

13. Article 2(2) defines an “internet access service” (IAS) as an ECS that provides access
to the internet, and thereby connectivity to virtually all end points of the internet,
irrespective of the network technology and terminal equipment used.

14. For the purpose of the Regulation, BEREC understands the term “internet” as referring
to a global system of interconnected networks that enables connected end-users to
connect to one another. An IAS enables such access to the internet.

15. BEREC understands the term “connectivity to virtually all end-points” as a consequence
of the fact that the internet is a distributed system where a single ISP controls a rather
limited part. Due to reasons outside the control of an individual ISP (e.g. technical
limitations, the policy of other ISPs or regulation in some countries), not all end points
might be reachable all of the time. However, such a lack of reachability should not
preclude that the service is defined as an IAS.

16. Where restrictions to reach end points stem from the use of two different internet
addressing schemes, IPv4 and IPv6, this typically does not mean the services cannot
be defined as an IAS. While it is not possible to connect two different points with different
types of addresses without any translation function, BEREC considers that the term
“virtually all end points” should, at present, not be interpreted as a requirement on ISPs
to offer connectivity with both IPv4 and IPv6.

17. BEREC understands a sub-internet service to be a service which restricts access to

services or applications (e.g. banning the use of VoIP or video streaming) or enables
access to only a pre-defined part of the internet (e.g. access only to particular websites).
NRAs should take into account the fact that an ISP could easily circumvent the
Regulation by providing such sub-internet offers. These services should therefore be
considered to be in the scope of the Regulation and the fact that they provide a limited
access to the internet should constitute an infringement of Articles 3(1), 3(2) and 3(3)
of the Regulation. BEREC refers to these service offers as ‘sub-internet services’, as
further discussed in paragraphs 38 and 55.

18. Services where the number of reachable end points is limited by the nature of the
terminal equipment used with such services (e.g. services designed for communication
with individual devices, such as e-book readers as well as machine-to-machine 13
devices like smart meters etc.) are considered to be outside the scope of the Regulation

13
However, some machine-to-machine communication services may also represent a specialised
service according to Article 3(5) of the Regulation (ref. Recital 16 and paragraph 113 of these
Guidelines). Moreover, a provider of an M2M device or M2M service (e.g. car manufacturer, provider of
energy including smart meter) typically does not seem to provide an ECS under the present regulatory
framework, whereas the connectivity service provider which provides connectivity over a public network
for remuneration is generally the provider of an ECS in the IoT value chain (ref. BEREC Report on
Enabling the Internet of Things, BoR (16) 39, pages 21-23).

6
 BoR (22) 81

unless they are used to circumvent this Regulation. They could use an IAS (but not
provide an IAS nor constitute a substitute to an IAS), use a private network or constitute
a specialised service. If these services are using an IAS or constitute a specialised
service the connectivity service will be subject to the relevant rules applicable to IAS
and specialised services in the Regulation. 14

Article 3
Safeguarding of open internet access
19. Article 3 comprises measures intended to safeguard open internet access, covering the
rights of the end-users of IAS, and obligations and permitted practices for the ISPs:

• Article 3(1) sets out the rights of end-users of IAS;

• Article 3(2) sets limits on the contractual conditions which may be applied to IAS
and the commercial practices of ISPs providing IAS, and requires that these should
not limit exercise of the end-user rights set out in paragraph 1. When assessing
agreements or commercial practices, Article 3(3) must be taken into account (see
paragraph 37 and 37a);

• Article 3(3) constrains ISPs’ traffic management practices, setting a requirement

that ISPs should treat all data traffic equally and making provision for the specific
circumstances under which ISPs may deviate from this rule;

• Article 3(4) sets out the conditions under which traffic management measures may
entail processing of personal data;

• Article 3(5) sets out the freedom of ISPs and CAPs to provide specialised services
as well as the conditions under which this freedom may be exercised.

20. The Regulation observes the fundamental rights of, and the principles recognised in,
the Charter, notably the protection of personal data, the freedom of expression and
information, the freedom to conduct a business, non-discrimination and consumer
protection (ref. Recital 33).

21. BEREC considers that the Regulation does not require an ex ante authorisation in
relation to commercial practices (Article 3(2)), traffic management practices (Article
3(3)) or specialised services (Article 3(5)). However, this should not preclude
exchanges between NRAs and market players in relation to these issues, nor does it
preclude NRAs from drawing on their obligations or powers to intervene under Article
5.

14
Notwithstanding, the provisions regarding specialised services apply – see paragraphs 99-127

7
 BoR (22) 81

Article 3(1) end-users’ rights

End-users shall have the right to access and distribute information and content, use and provide
applications and services, and use terminal equipment of their choice, irrespective of the end-user’s or
provider’s location or the location, origin or destination of the information, content, application or
service, via their internet access service.

This paragraph is without prejudice to Union law, or national law that complies with Union law, related
to the lawfulness of the content, applications or services.

Recital 5
When accessing the internet, end-users should be free to choose between various types of terminal equipment as
defined in Commission Directive 2008/63/EC (1). Providers of internet access services should not impose
restrictions on the use of terminal equipment connecting to the network in addition to those imposed by
manufacturers or distributors of terminal equipment in accordance with Union law.

Recital 6
End-users should have the right to access and distribute information and content, and to use and provide
applications and services without discrimination, via their internet access service. The exercise of this right should
be without prejudice to Union law, or national law that complies with Union law, regarding the lawfulness of
content, applications or services. This Regulation does not seek to regulate the lawfulness of the content,
applications or services, nor does it seek to regulate the procedures, requirements and safeguards related thereto.
Those matters therefore remain subject to Union law, or national law that complies with Union law.

22. Article 3(1) sets out the end-users’ rights with regard to the open internet. The notion of
end-user is explained in paragraph 4 of these Guidelines.

“Access and distribute information and content”

23. Firstly, end-users have the right to access and distribute information and content.
“Access and distribute” means that the provisions of this Regulation apply to both
sending and receiving data over the IAS. “Information and content” is intended to cover
any form of data that can be sent or received over the IAS.

“Use and provide applications and services”

24. Secondly, end-users have the right to use and provide applications and services. “Use
and provide” means that the right applies both to consumption and provision of
applications and services. “Applications and services” means both applications
(including client and server software) as well as services.

“Use terminal equipment of their choice”

25. Thirdly, end-users have the right to use terminal equipment of their choice. Directive
2008/63/EC defines “terminal equipment” as “equipment directly or indirectly connected
to the interface of a public telecommunication network”. The right to choose terminal
equipment therefore covers equipment which connects to the interface of the public

8
 BoR (22) 81

telecommunications network. This interface, the network termination point (NTP) 15, is
defined in Article 2 (9) of the EECC referring to the physical point at which an end-user
is provided with access to a public electronic communications network.

26. In considering whether end-users may use the terminal equipment of their choice, NRAs
should assess whether an ISP provides equipment for its subscribers and restricts the
end-users’ ability to replace that equipment with their own equipment, i.e. whether it
provides “obligatory equipment”.

27. Moreover, NRAs should consider whether there is an objective technological necessity
for the obligatory equipment to be considered as part of the ISP network. If there is not,
and if the choice of terminal equipment is limited, the practice would be in conflict with
the Regulation. For example, the practice of restricting tethering 16 is likely to constitute
a restriction on choice of terminal equipment because ISPs “should not impose
restrictions on the use of terminal equipment connecting to the network in addition to
those imposed by manufacturers or distributors of terminal equipment in accordance
with Union law” (Recital 5).

Legislation related to the lawfulness of the content, applications or services

28. Article 3(1) second subparagraph specifies that Union law, and national law that
complies with Union law, related to the lawfulness of content, applications or services
still applies. The Regulation does not seek to regulate the lawfulness of the content,
applications or services (ref. Recital 6).

29. Whereas Article 3(1) second subparagraph contains a clarification with regard to the
applicability of such legislation, Article 3(3) (a) provides for an exception for ISPs to
implement measures going beyond reasonable traffic management measures in order
to comply with legislation or measures as specified in that exception.

Article 3(2) agreements

Agreements between providers of internet access services and end-users on commercial and technical
conditions and the characteristics of internet access services such as price, data volumes or speed, and
any commercial practices conducted by providers of internet access services, shall not limit the exercise
of the rights of end-users laid down in paragraph 1.

Recital 7
In order to exercise their rights to access and distribute information and content and to use and provide applications
and services of their choice, end-users should be free to agree with providers of internet access services on tariffs
for specific data volumes and speeds of the internet access service. Such agreements, as well as any commercial
practices of providers of internet access services, should not limit the exercise of those rights and thus circumvent
provisions of this Regulation safeguarding open internet access. National regulatory and other competent
authorities should be empowered to intervene against agreements or commercial practices which, by reason of

15
For further information please refer to BoR (20) 46, BEREC Guidelines on Common Approaches to
the Identification of the Network Termination Point in different Network Topologies, 5 March 2020.
16
Tethering allows an end-user to share the internet connection of a phone or tablet with other devices
such as laptops.

9
 BoR (22) 81

their scale, lead to situations where end-users’ choice is materially reduced in practice. To this end, the assessment
of agreements and commercial practices should, inter alia, take into account the respective market positions of
those providers of internet access services, and of the providers of content, applications and services, that are
involved. National regulatory and other competent authorities should be required, as part of their monitoring and
enforcement function, to intervene when agreements or commercial practices would result in the undermining of
the essence of the end-users’ rights.

30. Article 3(2) clarifies that agreements between ISPs and end-users on commercial and
technical conditions and the characteristics of IAS such as price, data volumes or
speed, and any commercial practices conducted by ISPs are allowed, but shall not limit
the exercise of the rights of end-users laid down in Article 3(1).

31. To BEREC’s understanding, Article 3(2) contains two relevant aspects:

• the freedom to conclude agreements between ISPs and end-users relating to

commercial and technical conditions as well as characteristics of IAS;

• the provision that such agreements and commercial practices shall not limit the
exercise of the end-users’ rights laid down in Article 3(1).

Agreements on commercial and technical conditions and the characteristics of internet

access services

32. Agreements refer to contractual relationships between ISPs and end-users that may
include, as stated in the Regulation, commercial conditions (such as pricing), technical
conditions (such as data volumes and speed) and any characteristics of the IAS. It
should be noted that it will often be the case that commercial and technical conditions
can be intertwined.

32a. Where an ISP provides additional end point-based services (refer to the definition in
paragraph 78) alongside and related to the IAS (whether the services are subscribed to
at the same time as the IAS subscription or at a later stage), these additional services
can be assessed by the NRA. ISPs can offer additional services in the same way as
third party CAPs can. If such additional end point-based services are part of the
agreement or are offered in addition to the agreement between the ISP and the end-
user, such services should be assessed under Article 3(2).

32b. When assessing whether restrictions in such end point-based services provided in
addition to the IAS by the ISP limit the exercise of the end-users’ rights laid down in
Article 3(1) or establish a possible circumvention of Article 3(3), the NRA may, among
other factors, take into account the following:

• whether end-users remain in full control of the IAS, and may on the basis of
informed consent, activate and deactivate end point-based blocking by changing
the setting on the end-user computer, e.g. by configuring the client application
software.

• whether the default configuration that the ISP activates for each end-user when
providing the IAS fully complies with Article 3(1) and 3(3).

10
 BoR (22) 81

• whether the IAS remains application-agnostic and whether the commercial and
technical conditions of the IAS remain constant, independent of any choice of end
point-based blocking, for example by reducing the price or affecting the QoS of the
IAS.

If either of these conditions are not met, an ISP should be deemed to be infringing the
Regulation. Any end point-based blocking should also conform to any national
provisions on filtering practices, if existing. For more details on assessing these
practices see paragraphs 78-78b.

Commercial practices

33. Commercial practices may consist of all relevant aspects of ISPs’ commercial
behaviour, including unilateral practices, of the ISP. 17

Shall not limit the exercise of end-users’ rights

34. With regard to characteristics of IAS, agreeing on tariffs for specific data volumes and
speeds of the IAS would not represent a limitation of the exercise of the end-users’
rights (ref. Recital 7). Moreover, BEREC considers that end-users’ rights are likely to
be unaffected, at least in the case that data volume, speed characteristics and pricing
are applied in an application-agnostic way (refer to paragraphs 34a and 35). The same
assumption applies to offering different speeds for different IAS subscriptions, including
in the case of mobile IAS subscriptions.

34a. In these Guidelines, “application-agnostic” means that the commercial and technical
treatment of traffic is independent of application. Under Article 3(2), where the ISP
provides more than one level of QoS, application-agnostic implies that any application
may populate any QoS level as selected by the end-user. Under Article 3(3), where the
ISP provides more than one “category of traffic”, application-agnostic implies that the
treatment of traffic within each category is independent of application.

34b. Different levels for QoS parameters other than data volumes and speeds, such as
latency, jitter and packet loss, can also be agreed upon under Article 3(2). Such QoS
levels must not be confused with “categories of traffic” under the second subparagraph
of Article 3(3) (refer to paragraphs 57-75). When assessing cases in which ISPs provide
different IAS subscriptions, each with a different level of QoS, NRAs should ensure that
the implementation of the different QoS levels is application-agnostic and transparent

17
NRAs should also consider whether the definition of “commercial practices” in Article 2(d) of the Unfair
Commercial Practices Directive (UCPD) could also provide guidance in understanding the term, ref.
“any acts, omission, course of conduct or representation, commercial communication, including
advertising and marketing, by a trader, directly connected with a promotion, sale or supply of a product”,
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2005:149:0022:0039:EN:PDF. However,
it should also be noted that the goal of the UCPD is different from the goal of Regulation 2015/2120 in
as much as the former mainly addresses commercial practices which are directly connected with a
promotion, sale or supply of a product (i.e. mainly advertising and marketing) whereas the latter
establishes common rules to safeguard equal and non-discriminatory treatment of traffic in the provision
of internet access services and related end-users’ rights.

11
 BoR (22) 81

in order to verify compliance with Article 3(3). Furthermore, the practice must not limit
the exercise of the rights of end-users laid down in Article 3(1).

34c. If IAS offers come to the market which facilitate multiple QoS levels at the same time
for a single subscription under Article 3(2), NRAs should note that this may be allowed
as long as this practice is application-agnostic and is in line with the requirements of
Articles 3(1) and 3(3). In such an assessment, the NRA may, among other factors, take
into account that end-users must have full control over which applications transmit traffic
over which QoS level (e.g. by configuring the client application software) and that the
QoS level in which specific applications are transmitted is not preselected by the ISP
(e.g. based on commercial agreements with a third party, such as the end-user at the
other end). Such assessment procedures could be fine-tuned by the NRAs if and when
new use cases are implemented by ISPs.

34d. When assessing the implementation of application-agnostic QoS levels by an ISP, the
NRA should note that it is not allowed to provide IAS subscriptions to some end-users
to such an extent that it degrades the quality of other IAS subscriptions to a quality
below the contract conditions agreed under Article 4(1). BEREC emphasises that full
transparency of the relevant traffic management measures must be provided according
to Article 4(1) of the Regulation (refer to paragraph 135). According to Article 5(1), NRAs
may also impose requirements concerning technical characteristics, minimum quality
of service requirements and other appropriate and necessary measures to prevent
degradation of the general quality of service of internet access services for end-users.

35. Examples of commercial practices which are typically admissible would include:

• application-agnostic offers where data consumption during a certain time period

(e.g. during the weekend or off-peak times or a given number of hours per month)
is not counted against the general data cap in place on the IAS tariff or is priced
differently, since all traffic is treated equally and no specific application or category
of specific application is treated favourably;

• offers based on different IAS tariffs with different application-agnostic QoS levels
(for parameters such as speed, latency, jitter and packet loss), volumes, contractual
length, bundles and with or without subsidised equipment since within one tariff all
traffic is treated equally;

• application-agnostic tariff plans for a broad public (e.g. all consumers) or a targeted
group (e.g. special tariffs for younger people, school children, students, seniors or
low-income citizens);

• offers where the speed is throttled for all traffic after the data volume has been used
up; a sufficient speed could still allow accessing the internet in an application-
agnostic manner, this would also allow access to provider’s online self-service
portal or of the application allowing end-users to purchase additional data volume.

36. An ISP may bundle the provision of the IAS with an application. For instance, a mobile
operator may offer free subscription to a music streaming application for a period of time
to all new subscribers. Where the traffic associated with this application is not subject to
any preferential traffic management practice, and is not priced differently than the

12
 BoR (22) 81

transmission of the rest of the traffic, such commercial practices are deemed not to limit
the exercise of the end-users’ rights granted under Article 3(1).

37. When assessing agreements or commercial practices, NRAs must take Article 3(3) into
account. In particular, Article 3(3), first subparagraph mandates that ISPs must treat all
traffic equally 18 (see paragraph 49). This is in line with the common rules to safeguard
equal and non-discriminatory treatment of traffic in the provision of internet access
services and related end-users’ rights as expressed in Article 1(1).

37a. Typically, infringements of Article 3(3) (e.g. blocking access to applications or types of
applications or non-application-agnostic differentiated pricing) will also limit the exercise
of end-users’ rights, and constitute an infringement of Articles 3(2) and 3(1). Neither the
rights as set out in Article 3(1) nor the requirements of Article 3(3) can be waived by an
agreement or commercial practice otherwise authorised under Article 3(2) 19. This holds
in particular because the principle of equal and non-discriminatory treatment as
expressed in Article 1(1) applies to all traffic, when providing internet access services,
and therefore also to traffic which is transmitted when the ISP carries out their obligations
under an agreement or implements a commercial practice. Details about this
assessment can be found in paragraphs 49-93.

38. If an ISP contractually (as opposed to technically) banned the use of specific content, or
one or more applications/services or categories thereof (for example, banning the use
of VoIP) this would limit the exercise of the end-user rights set out in Article 3(1). This
would be considered to be an offer of a sub-internet service (see paragraph 17).

39. (deleted)

Guidance on assessment of differentiated pricing practices

40. Among commercial practices there are differentiated pricing practices. With these offers
the price per amount of data (e.g. per GB) is not the same for all traffic across a
particular IAS tariff. Differentiated pricing practices may come in different forms. For
example, an additional data allowance within the IAS tariff does not count towards the
general data cap in place on the IAS tariff. This additional data allowance can be
unlimited or limited. Furthermore, the price for the allowance provided in addition to the

18
Article 3(3) subparagraph 1 OIR states: „Providers of internet access services shall treat all traffic
equally, when providing internet access services, without discrimination, restriction or interference, and
irrespective of the sender and receiver, the content accessed or distributed, the applications or services
used or provided, or the terminal equipment used.”.
19
See ECJ C-807/18 and C-39/19 Telenor Magyarország, paragraph 47, emphasising in its final part
“derogation is not possible in any circumstances by means of commercial practices conducted by [...]
providers of internet access services] or by agreements concluded by them with end users” from the
“general obligation of equal treatment, without discrimination, restriction or interference with traffic”, laid
down in Article 3(3), first subparagraph of the Regulation, read in the light of recital 8 of that Regulation.
See also ECJ, C-854/19 Vodafone (roaming), paragraph 24; C-5/20 Vodafone (tethering), paragraph
23, and C-34/20 Telekom Deutschland (throttling), paragraph 26.

13
 BoR (22) 81

general data allowance can be zero, positive or negative. Differentiated pricing

practices include both tariffs which are permissible as well as those which are not
permissible.

40a. Zero tariff options are a subset of differentiated pricing practices which are inadmissible.
The ECJ defines zero tariff options as “a commercial practice whereby an internet
access provider applies a ‘zero tariff’, or a tariff that is more advantageous, to all or part
of the data traffic associated with an application or category of specific applications,
offered by partners of that access provider.” 20 Those data are therefore not counted
towards the data volume purchased as part of the basic package.

40b. BEREC considers any differentiated pricing practices which are not application-
agnostic to be inadmissible for IAS offers, such as applying a zero price to ISPs’ own
applications or CAPs subsidising their own data.

40c. Different from (inadmissible) zero tariff options and similar tariff options, there are
differentiated pricing practices that are typically admissible if all elements of the tariff
are application-agnostic. Examples of such offers are mentioned above in paragraph
35.

41. A price-differentiated offer where all applications are blocked (or slowed down) once
the data cap is reached except for the application(s) for which zero price or a different
price than all other traffic is applied would infringe Article 3(3) first (and third)
subparagraph (see paragraph 55).

42. (deleted)

Guidance on regulatory assessment

43. When assessing agreements between ISPs and end-users or commercial practices in
relation to Article 3(2), the assessment should take into account the aim of the
Regulation to “safeguard equal and non-discriminatory treatment of traffic” (Article 1)
and to “guarantee the continued functioning of the internet ecosystem as an engine of
innovation” (Recital 1) as well as Recital 7, which directs intervention against
agreements or commercial practices which, “by reason of their scale, lead to situations
where end-users’ choice is materially reduced in practice”, or which would result in “the
undermining of the essence of the end-users’ rights”.

44. Recital 7 also indicates that the assessment should take into account the “respective
market positions of those providers of internet access services, and of the providers of
content, applications and services, that are involved”.

45. When assessing whether an ISP limits the exercise of rights of end-users, NRAs should
consider to what extent end-users’ choice is restricted by the agreed commercial and
technical conditions or the commercial practices of the ISP. It is not the case that every
factor affecting end-users’ choices should necessarily be considered to limit the

20
ECJ C-34/20 Telekom Deutschland (throttling), paragraph 17; ECJ C-5/20 Vodafone (tethering),
paragraph 14; ECJ 854/19 Vodafone (roaming), paragraph 15

14
 BoR (22) 81

exercise of end-users’ rights under Article 3(1). The Regulation also foresees
intervention in case such restrictions result in choice being materially reduced, but also
in other cases that could qualify as a limitation of the exercise of the end-users’ rights
under Article 3(1).

46. In light of the aforementioned considerations, BEREC considers that a comprehensive

assessment of such commercial and technical conditions may be required, taking into
account in particular:

• the goals of the Regulation and whether the relevant agreements and/or
commercial practices circumvent these general aims;

• the market positions of the ISPs and CAPs involved - a limitation of the exercise of
end-user rights is more likely to arise where an ISP or a CAP has a ‘strong’ market
position (all else being equal) compared to a situation where the ISP or CAP has
a ‘weak’ market position. The market positions should be analysed in line with
competition law principles;

• the effects on consumer and business customer end-user rights, which

encompasses an assessment of inter alia:

o whether there is an effect on the range and diversity of content and applications
which consumer end-users may use 21 and, if so, whether the range and
diversity of applications which end-users can choose from is reduced in
practice;

o whether the end-user is incentivised to use, for example, certain applications;

o whether the IAS subscription contains characteristics which materially reduce

end-user choice (see in more detail in paragraph 48).

• the effects on CAP end-user rights, which encompasses an assessment of, inter
alia:

o whether there is an effect on the range and diversity of content and applications
which CAPs provide, 22 and to what extent the range and diversity of
applications may not be effectively accessed;

o whether CAPs are materially discouraged from entering the market or forced
to leave the market, or whether there are other material harms to competition
in the market concerned;

o whether the continued functioning of the internet ecosystem as an engine of

innovation is impacted, for example, whether it is the ISP that picks winners

21
This may also concern the effect on freedom of expression and information, including media
pluralism.
22
This may also concern the effect on freedom and pluralism of media.

15
 BoR (22) 81

and losers, and on the administrative and/or technical barriers for CAPs to enter
into agreements with ISPs.

• the scale of the practice and the presence of alternatives - a practice is more likely
to limit the exercise of end-user rights in a situation where, for example, many end-
users are concerned and/or there are few alternative offers and/or competing ISPs
for the end-users to choose from.

47. Each of these factors may contribute to a material reduction in end-user choice and
hence a limitation of the exercise of end-users’ rights under Article 3(2). In any specific
case, the presence of one or more of these factors may in fact limit the exercise of end-
user rights.

48. In applying such a comprehensive assessment, the following considerations may also
be taken into account:

• Commercial practices which apply a different price to the data associated with a
specific application or class of applications are incompatible with the obligation of
equal treatment of traffic as set out in Article 3(3).

• In line with paragraph 138 on Article 4(1) (b) of the Regulation, end-users must be
informed about under which conditions the data-usage for application-agnostic
volume tariffs apply.

• Assessing limitations on end-users exercising their rights could be considered by

taking into account actual and potential effects of commercial practices in the light
of the relevant market and its economic and legal context. In order to ascertain
whether end-users’ rights are likely to be harmed in the future, NRAs could take
into account how the actual commercial practice affects the concrete possibilities
for potential competitors to enter the relevant market. Assessing the commercial
practices’ effect on potential competition would reveal potential restrictions of end-
users’ choice and would contribute “to guarantee the continued functioning of the
internet ecosystem as an engine of innovation” (recital 1). Such assessment should
be supported by evidence or an analysis of the structure of the relevant market
(e.g. barriers to entry). NRAs could build on practices from other areas of
regulation, such as competition law.

Article 3(3) first subparagraph: equal treatment of traffic

Providers of internet access services shall treat all traffic equally, when providing internet access
services, without discrimination, restriction or interference, and irrespective of the sender and receiver,
the content accessed or distributed, the applications or services used or provided, or the terminal
equipment used.

Recital 8
When providing internet access services, providers of those services should treat all traffic equally, without
discrimination, restriction or interference, independently of its sender or receiver, content, application or service,
or terminal equipment. According to general principles of Union law and settled case-law, comparable situations
should not be treated differently and different situations should not be treated in the same way unless such
treatment is objectively justified.

16
 BoR (22) 81

49. A basic principle of the Regulation relates to the obligation on ISPs to treat all traffic
equally when providing IAS. As the ECJ has established in its 2020 and 2021
judgements, Article 3(3) first subparagraph imposes on providers of internet access
services a “general obligation of equal treatment” 23 and that, in principle, “any
measure” 24 by an ISP which is discriminatory could be a violation of this general
obligation. The ECJ applies the principle of equal treatment of traffic to the practice of
zero-tariffs as such. BEREC takes from this that the general obligation to treat all traffic
equally is not limited to technical traffic management practices but also applies to
commercial practices of the ISP such as differentiated pricing. Hence, it also includes
unequal treatment by way of zero tariff options and similar offers (for more details see
paragraph 54a below). Typically, infringements of Article 3(3) first subparagraph which
are not justified according to Article 3(3) second and/or third subparagraphs would also
constitute an infringement of the end-user rights set out in Article 3(1) (see paragraphs
37 and 37a).

50. As Article 3(3) concerns the equal treatment of all traffic “when providing internet access
service”, the scope of this paragraph excludes IP interconnection practices.

51. In assessing whether an ISP complies with this principle, NRAs should apply a two-step
assessment:

• In a first step, they should assess whether all traffic is treated equally.

• In a second step, they should assess whether situations are comparable or

different and whether there are objective grounds which could justify a different
treatment of different situations (under Article 3(3) second subparagraph – see
paragraphs 57-75 below).

52. Moreover, NRAs should ensure that traffic on an IAS is managed:

23
See ECJ, C-854/19 Vodafone (roaming), paragraph 26; C-5/20 Vodafone (tethering), paragraph 25,
and C-34/20 Telekom Deutschland (throttling), paragraph 28. This case-law is based on ECJ C-807/18
and C-39/19 Telenor Magyarország, paragraph 47, which states in broad terms: “as regards Article 3(3)
of Regulation 2015/2120, it should be noted, first of all, that, as is apparent from paragraph 24 above,
the first subparagraph of that provision, read in the light of recital 8 of that regulation, imposes on
providers of internet access services a general obligation of equal treatment, without discrimination,
restriction or interference with traffic, from which derogation is not possible in any circumstances by
means of commercial practices conducted by those providers or by agreements concluded by them
with end users” (ECJ, C-807/18 and C-39/19 Telenor Magyarország, paragraph 47).
24 See ECJ, C-854/19 Vodafone (roaming), paragraph 27, third sentence; C-5/20 Vodafone (tethering),

paragraph 26, third sentence and C-34/20 Telekom Deutschland (throttling), paragraph 29, third
sentence. This case-law is based on ECJ C-807/18 and C-39/19 Telenor Magyarország, paragraph 48,
which states: “In particular, any measure of a provider of internet access services in respect of an end
user which, without being based on such objective differences, results in the content, applications or
services offered by the various content, applications or services providers not being treated equally and
without discrimination, must be regarded as being based on such ‘commercial considerations’” (ECJ,
C-807/18 and C-39/19 Telenor Magyarország, paragraph 48).

17
 BoR (22) 81

• “without discrimination, restriction or interference”;

• “irrespective of the sender and receiver, the content accessed or distributed, the
applications or services used or provided, or the terminal equipment used”.

53. NRAs should take into account that equal treatment does not necessarily imply that all
end-users will experience the same network performance or quality of service (QoS).
Thus, even though packets can experience varying transmission performance (e.g. on
parameters such as latency or jitter), packets can normally be considered to be treated
equally as long as all packets are processed agnostic to sender and receiver, to the
content accessed or distributed, and to the application or service used or provided.

54. End point-based congestion control 25 (a typical example is Transmission Control

Protocol (TCP) congestion control) does not contravene Article 3(3) first subparagraph
since, by definition, it takes place within terminal equipment and terminal equipment is
not covered by the Regulation. 26 NRAs should consider network-internal mechanisms
of ISPs which assist end point-based congestion control 27 to be in line with equal
treatment, and therefore permissible, as long as these network-internal mechanisms
are agnostic to the applications running in the end points and a circumvention of the
Regulation does not take place.

54a. The ECJ in its rulings of 2 September 2021 28 concluded that a zero tariff option violates
the general obligation to treat all traffic equally according to Article 3(3) first
subparagraph. The ECJ established that “a ‘zero tariff’ option draws a distinction within
internet traffic, on the basis of commercial considerations, by not counting towards the
basic package traffic to partner applications.” 29 (see also paragraph 40a above).
According to the ECJ, “that failure, which results from the very nature of such a tariff
option on account of the incentive arising from it, persists irrespective of whether or not
it is possible to continue freely to access the content provided by the partners of the
internet access provider after the basic package has been used up.” 30

55. In case of agreements or practices involving technical discrimination, this would

constitute unequal treatment which would not be compatible with Article 3(3). This holds
in particular for the following examples:

• A practice where an ISP blocks, slows down, restricts, interferes with, degrades or
discriminates access to specific content, one or more applications (or categories

25
This should not be confused with network-internal congestion management as described under Article
3(3) (c)). IETF, RFC 5783, Congestion Control in the RFC Series
26
See details about terminal equipment under Article 3(1)
27
Active Queue Management, see IETF, RFC 7567
28
ECJ, C-854/19 Vodafone (roaming); C-5/20 Vodafone (tethering); C-34/20 Telekom Deutschland
(throttling).
29
ECJ, C-854/19 Vodafone (roaming), paragraph 28; C-5/20 Vodafone (tethering), paragraph 27; C-
34/20 Telekom Deutschland (throttling), paragraph 30.
30
ECJ, C-854/19 Vodafone (roaming), paragraph 29; C-5/20 Vodafone (tethering), paragraph 28; C-
34/20 Telekom Deutschland (throttling), paragraph 31.

18
 BoR (22) 81

thereof), except when justified by reference to the exceptions of Article 3(3) third
subparagraph.

• IAS offers where access to the internet is restricted to a limited set of applications
or end points by the end-user’s ISP (sub-internet service offers) infringe upon
Article 3(3) first subparagraph, as such offers entail blocking of applications and /
or discrimination, restriction or interference related to the origin or destination of
the information.

• A price-differentiated offer where all applications are blocked (or slowed down)
once the data cap is reached except for the application(s) for which a zero price or
a different price than all other traffic is applied would infringe Article 3(3) first (and
third) subparagraph in a two-fold manner: There is a technical discrimination by
blocking (or slowing down) certain types of traffic above the data cap. Furthermore,
the price-differentiation involved, which is not application-agnostic, constitutes a
non-technical unequal treatment of traffic and would lead to the inadmissibility of
the offer as a whole (cf. above paragraph 40a).

56. (deleted)

Article 3(3) second subparagraph: reasonable traffic management

The first subparagraph shall not prevent providers of internet access services from implementing
reasonable traffic management measures. In order to be deemed to be reasonable, such measures shall
be transparent, non-discriminatory and proportionate, and shall not be based on commercial
considerations but on objectively different technical quality of service requirements of specific
categories of traffic. Such measures shall not monitor the specific content and shall not be maintained
for longer than necessary.

Recital 9
The objective of reasonable traffic management is to contribute to an efficient use of network resources and to an
optimisation of overall transmission quality responding to the objectively different technical quality of service
requirements of specific categories of traffic, and thus of the content, applications and services transmitted.
Reasonable traffic management measures applied by providers of internet access services should be transparent,
non-discriminatory and proportionate, and should not be based on commercial considerations. The requirement
for traffic management measures to be non-discriminatory does not preclude providers of internet access services
from implementing, in order to optimise the overall transmission quality, traffic management measures which
differentiate between objectively different categories of traffic. Any such differentiation should, in order to
optimise overall quality and user experience, be permitted only on the basis of objectively different technical
quality of service requirements (for example, in terms of latency, jitter, packet loss, and bandwidth) of the specific
categories of traffic, and not on the basis of commercial considerations. Such differentiating measures should be
proportionate in relation to the purpose of overall quality optimisation and should treat equivalent traffic equally.
Such measures should not be maintained for longer than necessary.

Recital 10
Reasonable traffic management does not require techniques which monitor the specific content of data traffic
transmitted via the internet access service.

19
 BoR (22) 81

Traffic management measures 31

57. In assessing whether an ISP complies with the principle of equal treatment set out in
Article 3(3) first subparagraph, NRAs should take into account whether a measure is a
reasonable traffic management measure. The principle of equal treatment of traffic does
not prevent ISPs from implementing reasonable traffic management measures in
compliance with Article 3(3) second subparagraph.

“Transparent, non-discriminatory and proportionate”

58. In considering whether a traffic management measure is reasonable, NRAs should in a

first step assess whether the traffic management measure is transparent, non-
discriminatory and proportionate. These terms are legal principles that are already used
in everyday regulatory practice when applying EU law and respective national law.

59. Under Article 3(3), NRAs should require ISPs to provide transparent information about
traffic management practices and the impact of these practices (see also Articles 4 and
5).

60. When considering whether a traffic management measure is non-discriminatory, NRAs

should consider the following:

• The requirement for traffic management measures to be non-discriminatory does

not preclude ISPs from implementing - in order to optimise the overall transmission
quality and user experience - traffic management measures which differentiate
between objectively different categories of traffic (ref. Recital 9 and paragraphs 62-
67 below);

• Similar situations in terms of similar technical QoS requirements should receive

similar treatment;

• Different situations in terms of objectively different technical QoS requirements can

be treated in different ways if such treatment is objectively justified;

• In particular, the mere fact that network traffic is encrypted should not be deemed
by NRAs to be an objective justification for different treatment by ISPs.

61. When considering whether a traffic management measure is proportionate, NRAs

should consider the following:

• There has to be a legitimate aim for this measure, as specified in the first sentence
of Recital 9, namely contributing to an efficient use of network resources and to an
optimisation of overall transmission quality;

31
A definition of traffic management measures can be found on page 18 of the BEREC 2011 Net
Neutrality QoS Framework (BoR (11) 53).

20
 BoR (22) 81

• The traffic management measure has to be suitable to achieve this aim (with a
requirement of evidence to show it has that effect and that it is not manifestly
inappropriate);

• The traffic management measure has to be necessary to achieve this aim;

• There is not a less interfering and equally effective alternative way of managing
traffic to achieve this aim (e.g. equal treatment without categories of traffic) with
the available network resources;

• The traffic management measure has to be appropriate, e.g. to balance the

competing requirements of different traffic categories or competing interests of
different groups.

“Objectively different technical QoS requirements of traffic categories”

62. In assessing whether a traffic management measure is reasonable, NRAs should

assess the justification put forward by the ISP. In order to be considered to be
reasonable, a traffic management measure has to be based on objectively different
technical QoS requirements of specific categories of traffic. Examples for technical QoS
requirements are latency, jitter, packet loss, and bandwidth.

63. Traffic categories should typically be defined based on QoS requirements, whereby a
traffic category will contain a flow of packets from applications with similar requirements.
Therefore, if ISPs implement different technical QoS requirements of specific categories
of traffic, this should be done objectively by basing them on the sensitivity to QoS
requirements of the applications (e.g. latency, jitter, packet loss, and bandwidth). For
example, such a category may consist of real-time applications requiring a short time
delay between sender and receiver. 32

64. Furthermore, as explained in Recital 9, ISPs’ traffic management measures are

“responding to” the QoS requirements of the categories of traffic in order to optimise
the overall transmission quality and enhance the user-experience. In order to identify
categories of traffic, the ISP relies on the information provided by the application when
packets are sent into the network. (See also paragraph 70 regarding which information
can legitimately be considered by ISPs). Encrypted traffic should not be treated less
favourably by reason of its encryption.

65. When NRAs consider network-internal mechanisms of ISPs which assist end point-
based congestion control (see paragraph 54) in the context of Article 3(3) second
subparagraph, the queue management of the different traffic categories 33 should be
assessed under the same criteria as described in general for Article 3(3) second
subparagraph.

66. Based on this, reasonable traffic management may be applied to differentiate between
objectively different “categories of traffic”, for example by reference to an application

32
IETF, RFC 7657, Differentiated Services and Real-Time Communication
33
See section 2.1 “AQM and Multiple Queues” in IETF RFC 7567

21
 BoR (22) 81

layer protocol or generic application types (such as file sharing, VoIP or instant
messaging), only in so far as:

• the application layer protocol or generic application types require objectively

different technical QoS;

• applications with equivalent QoS requirements are handled agnostically in the

same traffic category; and

• justifications are specific to the objectives that are pursued by implementing traffic
management measures based on different categories of traffic.

67. ISPs may prioritise network management and control traffic over the rest of their traffic.
Such traffic management practices should be considered as reasonable, provided that
they are transparent and are aimed at properly configuring and securing the network
and its equipment by efficiently balancing load, e.g. by reacting as fast as possible in
case of congestion, failures, outages, etc.

“Not based on commercial considerations”

68. In the event that traffic management measures are based on commercial grounds, the
traffic management measure is not reasonable. An obvious example of this could be
where an ISP charges for usage of different traffic categories or where the traffic
management measure reflects the commercial interests of an ISP that offers certain
applications or partners with a provider of certain applications. However, NRAs do not
need to prove that a traffic management measure is based on commercial grounds; it
is sufficient to establish that the traffic management measure is not based on objectively
different technical QoS requirements.

“Shall not monitor the specific content”

69. In assessing traffic management measures, NRAs should ensure that such measures
do not monitor the specific content (i.e. transport layer protocol payload).

70. Conversely, traffic management measures that monitor aspects other than the specific
content, i.e. the generic content, should be deemed to be allowed. Monitoring
techniques used by ISPs which rely on the information contained in the IP packet
header, and transport layer protocol header (e.g. TCP) may be deemed to be generic
content, as opposed to the specific content provided by end-users themselves (such as
text, pictures and video).

“Shall not be maintained longer than necessary”

71. In assessing traffic management measures, NRAs should take into account that such
measures shall not be maintained longer than necessary.

72. BEREC understands this term as relating to the proportionality of reasonable traffic
management measures in terms of duration, in parallel to the explicit precondition “shall
be proportionate” which relates to their proportionality in terms of scope (type and
proportion of traffic affected, impact on the rest of traffic, equal treatment of comparable
situations etc.).

22
 BoR (22) 81

73. Some traffic management measures such as packet forwarding rules and respective
protocols, are implemented on a permanent basis in network nodes like a queuing
function running continuously. However, in packet switched networks such measures
have an effect and impact the technical quality of service of traffic only when necessary,
typically in situations of network congestion. For the assessment of the admissibility of
traffic management measures, only those situations when the measures have an impact
on the traffic need to be evaluated. Therefore, Article 3(3) third subparagraph does not
prevent, per se, a function being implemented and in place (but with the traffic
management measure not yet effective) on an ongoing basis inasmuch as the traffic
management measure only becomes effective in times of necessity. Necessity can
materialise several times, or even regularly, over a given period of time. However,
where traffic management measures are in effect on a permanent or recurring basis,
NRAs should consider whether the traffic management measures can still be qualified
as reasonable within the meaning of Article 3(3) second subparagraph.

Distinction from exceptional traffic management measures

74. Article 3(3) third subparagraph clarifies that, under Article 3(3) second subparagraph,
inter alia, the following traffic management measures are prohibited: blocking, slowing
down, alteration, restriction, interference with, degradation, and discrimination between
specific content, applications or services, or specific categories thereof.

Distinction from specialised services

75. BEREC understands that “categories of traffic” should be clearly distinguished from
specialised services referred to in Guidelines 99 to 115. Article 3(5) clarifies that
specialised services may be provided for optimisation reasons in order to meet
requirements for a specific level of quality. On the other hand, the use of “categories of
traffic” under Article 3(3) second subparagraph is permitted to contribute to the
optimisation of the overall transmission quality (ref. Recital 9).

Article 3(3) third subparagraph: beyond reasonable traffic management

Providers of internet access services shall not engage in traffic management measures going beyond
those set out in the second subparagraph, and in particular shall not block, slow down, alter, restrict,
interfere with, degrade or discriminate between specific content, applications or services, or specific
categories thereof, except as necessary, and only for as long as necessary, in order to:

Recital 11
Any traffic management practices which go beyond such reasonable traffic management measures, by blocking,
slowing down, altering, restricting, interfering with, degrading or discriminating between specific content,
applications or services, or specific categories of content, applications or services, should be prohibited, subject
to the justified and defined exceptions laid down in this Regulation. Those exceptions should be subject to strict
interpretation and to proportionality requirements. Specific content, applications and services, as well as specific
categories thereof, should be protected because of the negative impact on end-user choice and innovation of
blocking, or of other restrictive measures not falling within the justified exceptions. Rules against altering content,
applications or services refer to a modification of the content of the communication, but do not ban non-
discriminatory data compression techniques which reduce the size of a data file without any modification of the
content. Such compression enables a more efficient use of scarce resources and serves the end-users’ interests by

23
 BoR (22) 81

reducing data volumes, increasing speed and enhancing the experience of using the content, applications or
services concerned.

Recital 12
Traffic management measures that go beyond such reasonable traffic management measures may only be applied
as necessary and for as long as necessary to comply with the three justified exceptions laid down in this
Regulation.

76. Article 3(3), third subparagraph contains two aspects:

• a prohibition for ISPs to apply traffic management measures going beyond

reasonable traffic management measures; as well as

• an exhaustive list of three exceptions in which traffic management measures that

go beyond such reasonable traffic management are permissible.

77. In order to safeguard the open internet, Article 3(3) third subparagraph describes traffic
management practices that are prohibited, unless under specific exception. These are
practices that, inter alia, are banned in that regard, and can be described by these
seven basic principles which should be used by NRAs when assessing ISPs’ practices:

• no blocking;

• no slowing down;

• no alteration;

• no restriction;

• no interference with;

• no degradation; and

• no discrimination

between specific content, applications or services, or specific categories thereof. This

is a non-exhaustive list of traffic management measures that are prohibited, and any
other measure going beyond reasonable traffic management is also prohibited.
Practices not complying with the seven basic principles, or that otherwise go beyond
reasonable traffic management, may be used by ISPs only based on the three specific
exceptions elaborated below under Article 3(3) (a), (b) and (c).

77a. ISPs may use non-discriminatory data compression techniques in their networks as
long as the content originally sent by an end point reaches its destination end point(s)
unmodified, i.e. lossless compression. The use of application-specific throttling e.g. to
force a CAP to supply video content in a lower resolution by the use of adaptive bitrate
coding does not represent data compression according to Recital 11.

78. Rules against blocking, slowing down, altering, restricting, interfering with, degrading or
discriminating between traffic refer to measures put in place by the ISP in the network
when providing an IAS. This means that the measures applied to the IP packet in the
network of the ISP and before the IP packet has reached the destination IP address

24
 BoR (22) 81

provided by the end-user’s terminal equipment are considered to fall within the scope
of Article 3(3). These rules apply for example when the processing of application layer
protocol elements takes place before the IP packets have been received at the
destination IP address. Functionality that on the other hand takes place at the
destination of the IP address provided by the end-user computer, is referred to as “end
point-based” in these guidelines and is out of scope of the Regulation. 34

78a. The default DNS resolvers provided by the ISP when providing the IAS 35 are effectively
part of the IAS, since these DNS resolvers are automatically installed when the
connection is activated and without one the IAS would be practically unusable for the
average end-user. Therefore, they are considered part of the IAS and the measures
implemented by them must comply with Article 3(3). Article 3(3) is also applied to any
filtering functions provided in the modem and the access router, in circumstances where
these, according to national law and practice, are considered part of the network over
which the IAS is provided 36.

78b. In contrast to measures applied within the network over which the IAS is provided,
terminal equipment or client application software-based restriction, put in place by the
end-user do not fall within the scope of the Regulation because these measures are
executed in the end points, i.e. outside the IAS. Such measures may also be applied in
the access router where this is considered outside the network according to national
law and practice, even though an access router is not an end point-based function.

78c. However, as described in paragraph 32a, ISPs can also offer these end point-based
services (e.g. to provide parental control or filtering functions alongside the IAS) in the
same way that they are offered by third party CAPs. Additional DNS resolvers and
HTTP proxy servers addressed by the end-user computer are also examples of such
end point-based services. On a case-by-case basis, end point-based traffic restrictions,
such as blocking, should be evaluated under Article 3(2) as described in paragraph 32a
and further.

79. The three exceptions set out in Article 3(3) third subparagraph (a) – (c) have as common
preconditions that the traffic management measure has to be necessary for the
achievement of the respective exception (“except as necessary”) and that it may be
applied “only for as long as necessary”. These requirements follow from the principle of

34
Where the ISP implements network address translation in the network, the IP address provided from
the end-user computer may be mapped to a different IP address of the intended end point.
35
For example by the DHCP protocol.
36
In that case the modem and access router are not considered as terminal equipment in the sense of
Article 3(1). The question whether the modem and access router are terminal equipment or part of the
network, is considered to be out of scope of these Guidelines.

25
 BoR (22) 81

proportionality. 37 Moreover, as exceptions, they should be interpreted in a strict

manner. 38

80. The prohibition of monitoring of specific content does not apply to traffic management
going beyond reasonable traffic management (i.e. traffic management complying with
the exceptions in (a), (b), or (c)). It should be noted that, according to Article 3(4), any
processing of personal data has to be carried out in line with Directive 95/46/EC 39 and
Directive 2002/58/EC.

Article 3(3) (a) Union and national legislation

(a) comply with Union legislative acts, or national legislation that complies with Union law, to which
the provider of internet access services is subject, or with measures that comply with Union law giving
effect to such Union legislative acts or national legislation, including with orders by courts or public
authorities vested with relevant powers;

Recital 13
First, situations may arise in which providers of internet access services are subject to Union legislative acts, or
national legislation that complies with Union law (for example, related to the lawfulness of content, applications
or services, or to public safety), including criminal law, requiring, for example, blocking of specific content,
applications or services. In addition, situations may arise in which those providers are subject to measures that
comply with Union law, implementing or applying Union legislative acts or national legislation, such as measures
of general application, court orders, decisions of public authorities vested with relevant powers, or other measures
ensuring compliance with such Union legislative acts or national legislation (for example, obligations to comply
with court orders or orders by public authorities requiring to block unlawful content). The requirement to comply
with Union law relates, inter alia, to the compliance with the requirements of the Charter of Fundamental Rights
of the European Union (‘the Charter’) in relation to limitations on the exercise of fundamental rights and freedoms.
As provided in Directive 2002/21/EC of the European Parliament and of the Council ( 1 ), any measures liable to
restrict those fundamental rights or freedoms are only to be imposed if they are appropriate, proportionate and
necessary within a democratic society, and if their implementation is subject to adequate procedural safeguards in
conformity with the European Convention for the Protection of Human Rights and Fundamental Freedoms,
including its provisions on effective judicial protection and due process.

81. If an ISP applies traffic management measures which cannot be regarded as

reasonable or if an ISP provides a price differentiation which is not application-agnostic
for example access to a certain application free-of-charge 40, NRAs should assess
whether an ISP does so because it has to do so for legal reasons, namely to comply
with the legislation 41 or measures by public authorities specified in that exception.

37
See Recital 11
38
See Recital 11
39
References to Directive 95/46/EC should be read as references to Regulation (EU) 2016/679 on the
protection of natural persons with regard to the processing of personal data and on the free movement
of such data, and repealing Directive 95/46/EC. See Article 94 of Regulation (EU) 2016/679.
40
Article 3(3) subparagraph 3 lit. a OIR, in BEREC's opinion might apply to discriminatory measures
which are of non-technical nature such as making services and applications accessible for free if this is
provided by law.
41
For example, this exemption might apply for national implementations of Article 109 paragraph 1 on
emergency communication and Article 110 on Public Warning systems of Directive (EU) 2018/1972, as
well as for Article 14 of the Roaming Regulation (EU) 2022/612.

26
 BoR (22) 81

82. As explained in Recital 13, such legislation or measures must comply with the
requirements of the Charter of Fundamental Rights, and notably Article 52 which states
in particular that any limitation of the rights and freedoms recognised by the Charter
must be provided for by law and respect the essence of those rights and freedoms.

Article 3(3) (b) preserving the integrity of the network

(b) preserve the integrity and security of the network, of services provided via that network, and of the
terminal equipment of end-users;

Recital 14
Second, traffic management measures going beyond such reasonable traffic management measures might be
necessary to protect the integrity and security of the network, for example by preventing cyber-attacks that occur
through the spread of malicious software or identity theft of end-users that occurs as a result of spyware.

83. Typical attacks and threats that will trigger integrity and security measures include:

• flooding network components or terminal equipment with traffic to destabilise them

(e.g. Denial of Service attack);

• spoofing IP addresses in order to mimic network devices or allow for unauthorised

communication;

• hacking attacks against network components or terminal equipment;

• distribution of malicious software, viruses etc.

84. Conducting traffic management measures in order to preserve integrity and security of
the network could basically consist of restricting connectivity or blocking of traffic to and
from specific end points. Typical examples of such traffic management measures
include:

• blocking of IP addresses, or ranges of them, because they are well-known sources

of attacks;

• blocking of IP addresses from which an actual attack is originating;

• blocking of IP addresses/IAS showing suspicious behaviour (e.g. unauthorised

communication with network components, address spoofing);

• blocking of IP addresses where there are clear indications that they are part of a
bot network;

• blocking of specific port numbers which constitute a threat to security and integrity.

85. NRAs should consider that, in order to identify attacks and activate security measures,
the use of security monitoring systems by ISPs is often justified. Such traffic
management systems consist of two separate components: one component that
executes the traffic management itself and one component that monitors traffic on an
ongoing basis and triggers the traffic management. Monitoring of traffic to detect
security threats may be implemented in the background on a continuous basis. Traffic

27
 BoR (22) 81

management measures (such as those listed in paragraph 84) preserving integrity and
security are only triggered when concrete security threats are detected. Therefore, the
precondition “only for as long as necessary” does not preclude implementation of such
monitoring of the integrity and security of the network.

86. Besides monitoring of traffic in order to preserve the integrity and security of the
network, possible security threats may also be identified on the basis of
reports/complaints from end-users or blocking lists from recognised security
organisations.

87. This exception could be used as a basis for circumvention of the Regulation because
security is a broad concept. NRAs should therefore carefully assess whether the
requirements of this exception are met and to request that ISPs provide adequate
justifications 42 when necessary. In order to assess security measures NRAs may take
into account the ENISA “Guideline on assessing security measures in the context of
Article 3(3) of the Open Internet regulation” 43.

Article 3(3) (c) preventing impending network congestion

(c) prevent impending network congestion and mitigate the effects of exceptional or temporary network
congestion, provided that equivalent categories of traffic are treated equally.

Recital 15
Third, measures going beyond such reasonable traffic management measures might also be necessary to prevent
impending network congestion, that is, situations where congestion is about to materialise, and to mitigate the
effects of network congestion, where such congestion occurs only temporarily or in exceptional circumstances.
The principle of proportionality requires that traffic management measures based on that exception treat
equivalent categories of traffic equally. Temporary congestion should be understood as referring to specific
situations of short duration, where a sudden increase in the number of users in addition to the regular users, or a
sudden increase in demand for specific content, applications or services, may overflow the transmission capacity
of some elements of the network and make the rest of the network less reactive. Temporary congestion might
occur especially in mobile networks, which are subject to more variable conditions, such as physical obstructions,
lower indoor coverage, or a variable number of active users with changing location. While it may be predictable
that such temporary congestion might occur from time to time at certain points in the network – such that it cannot
be regarded as exceptional – it might not recur so often or for such extensive periods that a capacity expansion
would be economically justified. Exceptional congestion should be understood as referring to unpredictable and
unavoidable situations of congestion, both in mobile and fixed networks. Possible causes of those situations
include a technical failure such as a service outage due to broken cables or other infrastructure elements,
unexpected changes in routing of traffic or large increases in network traffic due to emergency or other situations
beyond the control of providers of internet access services. Such congestion problems are likely to be infrequent
but may be severe, and are not necessarily of short duration. The need to apply traffic management measures
going beyond the reasonable traffic management measures in order to prevent or mitigate the effects of temporary
or exceptional network congestion should not give providers of internet access services the possibility to

42
Such justifications should also be in line with Articles 40 and 41 EECC.
43
The ENISA “Guideline on assessing security measures in the context of Article 3(3) of the Open
Internet regulation” proposes an evaluation process in order to help NRAs assessing security measures
under Article 3. It does not anticipate any NRA's decision regarding which traffic management measures
are permissible according to the net neutrality exception for security reasons (cf. art. 3(3) 3rd sub-para
lit. b).

28
 BoR (22) 81

circumvent the general prohibition on blocking, slowing down, altering, restricting, interfering with, degrading or
discriminating between specific content, applications or services, or specific categories thereof. Recurrent and
more long-lasting network congestion which is neither exceptional nor temporary should not benefit from that
exception but should rather be tackled through expansion of network capacity.

88. In exceptional cases, and for no longer than necessary, ISPs may engage in traffic
management beyond the limits of Article 3(3) second subparagraph to manage certain
types of network congestion, namely impending network congestions (which may be
prevented) and exceptional or temporary network congestions (the effects of which may
be mitigated). Recital 15 provides detailed information on identifying situations where
exceptional and temporary congestion occurs. Impending network congestion is
defined as situations where congestion is about to materialise, i.e. it is imminent.

89. Recital 15 focuses on exceptional and temporary network congestion; thus, actions for
preventing impending network congestion only apply to cases of such congestion.

90. When assessing congestion management exceptions under (c), NRAs should refer to
the general criteria of strict interpretation and proportionality set out in Article 3(3) third
subparagraph. Furthermore, NRAs should check that congestion management is not
used to circumvent the ban on blocking, throttling and discrimination (ref. Recital 15).

91. Due to the requirement that exceptional traffic management can only be applied as
necessary, and only for as long as necessary, NRAs should consider that in cases when
application-agnostic congestion management (i.e. congestion management which is
not targeting specific applications or categories thereof) is not sufficient, congestion can
be dealt with according to Article 3(3) (c). Furthermore, in such cases, equivalent
categories of traffic must be treated equally. Any throttling action should be limited to
the section of the network where congestion occurs, if feasible.

92. Congestion management can be done on a general basis, independent of

applications. 44 NRAs should consider whether such types of congestion management
would be sufficient and equally effective to manage congestion, in light of the principle
of proportionality. For the same reason, NRAs should consider whether throttling of
traffic, as opposed to blocking of traffic, would be sufficient and equally effective to
manage congestion.

93. As part of their scrutiny of congestion management practices, NRAs may monitor that
ISPs properly dimension their network, and take into account the following:

• if there is recurrent and more long-lasting network congestion in an ISP's network,

the ISP cannot invoke the exception of congestion management (ref. Recital 15);

• application-specific congestion management should not be applied or accepted as

a substitute for more structural solutions, such as expansion of network capacity.

44
IETF, RFC 6057, Comcast’s Protocol-Agnostic Congestion Management and IETF, RFC 6789,
Congestion Exposure (Conex) Concepts and Use Cases

29
 BoR (22) 81

Article 3(4) processing of personal data

Any traffic management measure may entail processing of personal data only if such processing is
necessary and proportionate to achieve the objectives set out in paragraph 3. Such processing shall be
carried out in accordance with Directive 95/46/EC of the European Parliament and of the Council.
Traffic management measures shall also comply with Directive 2002/58/EC of the European Parliament
and of the Council.

94. In the course of traffic management, personal data may be processed. Article 3(4)
provides that such measures may only process personal data if certain requirements
are met, and only under certain conditions.

95. Article 3(3) distinguishes between reasonable traffic management measures and traffic
management measures going beyond reasonable traffic management measures.
Article 3(4) applies to both of these traffic management forms (“any traffic management
measure”). With regard to reasonable traffic management measures, these
requirements are further specified by Article 3(3) second subparagraph which states
that “such measures shall not monitor the specific content”.

96. The objectives referred to in Article 3(4) are those set out in Article 3(3).

“Necessary and proportionate”

97. The processing of personal data within the course of traffic management is also subject
to the proportionality requirement. NRAs should assess whether the processing of
personal data undertaken by ISPs is necessary and proportionate to achieve the
objectives set out in Article 3(3).

“Compliance with Union law on data protection”

98. The competent national authority should assess whether the processing of personal
data complies with Union law on data protection. 45

Article 3(5) first subparagraph: necessity requirement of specialised services

Providers of electronic communications to the public, including providers of internet access services,
and providers of content, applications and services shall be free to offer services other than internet
access services which are optimised for specific content, applications or services, or a combination
thereof, where the optimisation is necessary in order to meet requirements of the content, applications
or services for a specific level of quality.

45
Whereas NRAs are not competent to enforce the GDPR (Regulation (EU) 2016/679 of the
European Parliament and of the Council of 27 April 2016 on the protection of natural persons with
regard to the processing of personal data and on the free movement of such data, and repealing
Directive 95/46/EC (General Data Protection Regulation),
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02016R0679-20160504, they are in
many countries empowered to enforce the ePrivacy Directive (Directive 2002/58/EC, as amended by
Directive 2006/24/EC and Directive 2009/136/EC,
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A02002L0058-20091219

30
 BoR (22) 81

Recital 16
There is demand on the part of providers of content, applications and services to be able to provide electronic
communication services other than internet access services, for which specific levels of quality, that are not
assured by internet access services, are necessary. Such specific levels of quality are, for instance, required by
some services responding to a public interest or by some new machine-to-machine communications services.
Providers of electronic communications to the public, including providers of internet access services, and
providers of content, applications and services should therefore be free to offer services which are not internet
access services and which are optimised for specific content, applications or services, or a combination thereof,
where the optimisation is necessary in order to meet the requirements of the content, applications or services for
a specific level of quality. National regulatory authorities should verify whether and to what extent such
optimisation is objectively necessary to ensure one or more specific and key features of the content, applications
or services and to enable a corresponding quality assurance to be given to end-users, rather than simply granting
general priority over comparable content, applications or services available via the internet access service and
thereby circumventing the provisions regarding traffic management measures applicable to the internet access
services.

99. Beyond the delivery of applications through the IAS, there can be demand for services
that need to be carried at a specific level of quality that cannot be assured by the
standard best effort delivery.

100. Such services can be offered by providers of electronic communications to the public
(PECPs), including providers of internet access services (ISPs), and providers of
content, applications and services (CAPs).

101. These providers are free to offer services referred to in Article 3(5), which BEREC refers
to as specialised services, only when various requirements are met. Article 3(5)
provides the safeguards for the provisioning of specialised services which are
characterised by the following features in Article 3(5) first subparagraph:

• they are services other than IAS services;

• they are optimised for specific content, applications or services, or a combination

thereof;

• the optimisation is objectively necessary in order to meet requirements for a

specific level of quality.

102. Their provision is subject to a number of conditions in Article 3(5) second subparagraph,
namely that:

• the network capacity is sufficient to provide the specialised service in addition to

any IAS provided;

• specialised services are not usable or offered as a replacement for IAS;

• specialised services are not to the detriment of the availability or general quality of
the IAS for end-users.

103. According to Recital 16, the service shall not be used to circumvent the provisions
regarding traffic management measures applicable to IAS.

31
 BoR (22) 81

104. All these safeguards aim to ensure the continued availability and general quality of best
effort IAS.

105. NRAs should verify whether the application could be provided over IAS at the specific
levels of quality which are objectively necessary in relation to the application, or whether
they are instead set up in order to circumvent the provisions regarding traffic
management measures applicable to IAS, which would not be allowed.

Assessment according to Article 3(5) first subparagraph

106. Initially, the requirement of an application can be specified by the provider of the
specialised service, although requirements may also be inherent to the application
itself. For example, a video application could use standard definition with a low bitrate
or ultra-high definition with high bitrate, and these will obviously have different QoS
requirements. A typical example of inherent requirements is low latency for real-time
applications.

107. When assessing whether the practices used to provide specialised services comply
with Article 3(5) first subparagraph, NRAs should apply the approach set out in
paragraphs 108-115).

108. NRAs could request from the provider relevant information about their specialised
services, using powers conferred by Article 5(2). In their responses, the provider should
give information about their specialised services, including what the relevant levels of
quality are, that are not assured by IAS (e.g. latency, jitter and packet loss) but also
other requirements for resource management as explained in the paragraph 108a
below, and any contractual requirements. Furthermore, the “specific level of quality”
should be specified, and it should be demonstrable that this specific level of quality
cannot be assured over the IAS and that the quality requirements are objectively
necessary to ensure one or more key features of the service.

108a. Requirements for a specific level of quality may not only refer to standard parameters
such as speed, latency and jitter, but may, for example, also apply to other quality
parameters in novel networking paradigms such as machine-to-machine services
(M2M). In such cases the devices may be resource-constrained (e.g. limited processing
power, battery lifetime and memory capacity) and the provisioning of services in the
network may have to deal with issues such as energy exhaustion, interference and
security to maintain a specific level of quality. Addressing these issues is essential in
order to assure the specific level of quality of the services, and specialized services
could be justified in cases where the requirements cannot be fulfilled by the IAS for
resource-constrained devices.

109. Based on this information, the NRA should assess the requirements mentioned in the
first subparagraph of Article 3(5).

32
 BoR (22) 81

110. If assurance of a specific level of quality is objectively necessary, this cannot be

provided by simply granting general priority over comparable content. 46 Specialised
services do not provide general connectivity to the internet (see also paragraph 115
regarding VPN services for further clarification) and they can be offered, for example,
through a connection that is logically separated from the traffic of the IAS in order to
assure these levels of quality.

110a. Regarding connectivity to the internet, dedicated connectivity between servers at the
application layer (for example the possibility for VoLTE subscribers to call over the top
VoIP users) would not provide general connectivity between end points of the internet,
i.e. the service would not be usable or offered as a replacement for IAS. Therefore, a
specialised service may rely on such connectivity.

110b. Regarding the example of logical separation of traffic between specialised services and
IAS, typically when the two service categories are provided over a common
infrastructure, it should be noted that logical separation could be provided with fixed or
dynamic or without reservation of capacity for IAS vs. specialised services. However,
the ISP is obliged to provide the IAS quality as specified according to the transparency
requirements in Article 4. Furthermore, the Regulation requires that specialised
services are not provided to the detriment of the general quality of IAS for end-users.

111. NRAs should verify whether, and to what extent, optimised delivery is objectively
necessary to ensure that the requirements of one or more specific and key features of
the content, applications and services are met, and to enable a corresponding quality
assurance to be given to end-users. To do this, the NRA should assess whether an
electronic communication service, other than IAS, requires a level of quality that cannot
be assured over an IAS. If not, these electronic communication services are likely to
circumvent the provisions of the Regulation and are therefore not allowed. In the
assessment NRAs should take into account that different network technologies might
provide different levels of performance.

112. The internet and the nature of IAS will evolve over time. A service that is deemed to be
a specialised service today may not necessarily qualify as a specialised service in the
future due to the fact that the optimisation of the service may not be objectively
necessary, as the general standard of IAS may have improved. On the other hand,
additional services might emerge that need to be optimised, even as the standard of
IAS improves. NRAs should assess whether a service qualifies as a specialised service
on a case-by-case basis. In case of reassessment, this would be expected to take place
over a larger timescale. NRAs are not expected to keep specialised services under
constant review. When an NRA assesses that a service no longer qualifies as a
specialised service due to the improved quality of IAS, the ISP should be allowed a

46
As explained in Recital 16, NRAs “should verify whether and to what extent such optimisation is
objectively necessary to ensure one or more specific and key features of the content, applications or
services and to enable a corresponding quality assurance to be given to end-users, rather than simply
granting general priority over comparable content, applications or services available via the internet
access service and thereby circumventing the provisions regarding traffic management measures
applicable to the internet access services”

33
 BoR (22) 81

reasonable transitional phase for phasing out of the specialised service. In these
circumstances, national administrative and procedural laws apply, including observing
the principle of proportionality.

113. Typical examples of specialised services provided to end-users are VoLTE and linear
broadcasting IPTV services with specific QoS requirements, subject to them meeting
the requirements of the Regulation, in particular Article 3(5) first subparagraph. Under
the same preconditions, other examples would include real-time health services (e.g.
remote surgery) or “some services responding to a public interest or by some new
machine-to-machine communications services” (Recital 16).

114. QoS might be especially important to corporate customers and these customers might
be in need of specialised services which – as they are addressing businesses – are
often referred to as “business services”. Such "business services" cover a wide array
of services and have to be assessed on a case-by-case basis.

115. VPNs could qualify as specialised services in accordance with Article 3(5) of the
Regulation. However, in accordance with Recital 17, to the extent that corporate
services such as VPNs also provide access to the internet, the provision of such access
to the internet by a provider of electronic communications to the public should be
analysed under Article 3(1) to (4) of the Regulation. For example, such specialised
services may not be used to replace an IAS by a service that prioritises specific
applications while giving access to the internet.

Article 3(5) second subparagraph: capacity requirement for specialised services

Providers of electronic communications to the public, including providers of internet access services,
may offer or facilitate such services only if the network capacity is sufficient to provide them in addition
to any internet access services provided. Such services shall not be usable or offered as a replacement
for internet access services, and shall not be to the detriment of the availability or general quality of
internet access services for end-users.

Recital 17
In order to avoid the provision of such other services having a negative impact on the availability or general
quality of internet access services for end-users, sufficient capacity needs to be ensured. Providers of electronic
communications to the public, including providers of internet access services, should, therefore, offer such other
services, or conclude corresponding agreements with providers of content, applications or services facilitating
such other services, only if the network capacity is sufficient for their provision in addition to any internet access
services provided. The provisions of this Regulation on the safeguarding of open internet access should not be
circumvented by means of other services usable or offered as a replacement for internet access services. However,
the mere fact that corporate services such as virtual private networks might also give access to the internet should
not result in them being considered to be a replacement of the internet access services, provided that the provision
of such access to the internet by a provider of electronic communications to the public complies with Article 3(1)
to (4) of this Regulation, and therefore cannot be considered to be a circumvention of those provisions. The
provision of such services other than internet access services should not be to the detriment of the availability and
general quality of internet access services for end-users. In mobile networks, traffic volumes in a given radio cell
are more difficult to anticipate due to the varying number of active end-users, and for this reason an impact on the
quality of internet access services for end-users might occur in unforeseeable circumstances. In mobile networks,
the general quality of internet access services for end-users should not be deemed to incur a detriment where the
aggregate negative impact of services other than internet access services is unavoidable, minimal and limited to a
short duration. National regulatory authorities should ensure that providers of electronic communications to the

34
 BoR (22) 81

public comply with that requirement. In this respect, national regulatory authorities should assess the impact on
the availability and general quality of internet access services by analysing, inter alia, quality of service parameters
(such as latency, jitter, packet loss), the levels and effects of congestion in the network, actual versus advertised
speeds, the performance of internet access services as compared with services other than internet access services,
and quality as perceived by end-users.

Sufficient network capacity for specialised services in addition to IAS

116. Specialised services shall only be offered when the network capacity is sufficient such
that the IAS is not degraded (e.g. due to increased latency or jitter or lack of bandwidth)
by the addition of specialised services. Both in the short and in the long term,
specialised services shall not lead to a deterioration of the general IAS quality for end-
users. This can, for example, be achieved by additional investments in infrastructure
which allow for additional capacity so that there is no negative impact on IAS quality.

117. In a network with limited capacity, IAS and specialised services could compete for
overall network resources. In order to safeguard the availability of general quality of
IAS, the Regulation does not allow specialised services if the network capacity is not
sufficient to provide them in addition to any IAS provided, because this would lead to
degradation of the IAS and thereby circumvent the Regulation. It is the general quality
of the IAS which is protected from degradation by the Regulation, rather than
specialised services.

118. NRAs should assess whether, in order to ensure the quality of specialised services,
ISPs have ensured sufficient network capacity for both any IAS offers provided over the
infrastructure and for specialised services. If not, provision of specialised services would
not be allowed under the Regulation.

119. NRAs could request information from ISPs regarding how sufficient capacity is ensured,
and at which scale the service is offered (e.g. networks, coverage and end-users).
NRAs could then assess how ISPs have estimated the additional capacity required for
their specialised services and how they have ensured that network elements and
connections have sufficient capacity available to provide specialised services in
addition to any IAS provided.

120. NRAs should assess whether or not there is sufficient capacity for IAS when specialised
services are provided, for example, by performing measurements of IAS. 47
Methodologies for such measurements have been relatively well developed during
BEREC’s Net Neutrality QoS workstreams in recent years and will continue to be
improved.

“Not to the detriment of the availability or general quality of IAS for end-users”

121. Specialised services are not permissible if they are to the detriment of the availability
and general quality of the IAS. There is a correlation between the performance of the
IAS offer(s) (i.e. its availability and general quality) and whether there is sufficient
capacity to provide specialised services in addition to IAS. NRAs may consider that IAS

47
See paragraphs 174-176

35
 BoR (22) 81

quality measurements could be performed with and without specialised services, both
in the short term and in the long term, which may include measurements before the
specialised services are introduced in the market as well as after.

121a. BEREC is in the process of developing a net neutrality measurement tool and will seek
to leverage that work to further develop the measurement methodology regarding
measuring of the general quality of IAS. NRAs are invited to participate in this
collaboration and to consider the results of this work when available. NRAs could also
collect information from ISPs in order to assess and measure the impact on general IAS
quality. As Recital 17 clarifies, NRAs should “assess the impact on the availability and
general quality of IAS by analysing, inter alia, QoS parameters (such as latency, jitter
and packet loss), the levels and effects of congestion in the network, actual versus
advertised speeds and the performance of IAS as compared with services other than
IAS”.

122. While IAS and specialised services directly compete for the dedicated part of an end-
user’s capacity, the end-user himself may determine how to use it. When it is technically
impossible to provide the specialised service in parallel to IAS without detriment to the
end-user’s IAS quality, NRAs should not consider this competition for capacity to be an
infringement of Article 3(5) second subparagraph, as long as the end-user is informed
pursuant to Article 4(1) (c) of the impact on his IAS and can obtain the contractually-
agreed speeds 48 for any IAS subscribed to in parallel. NRAs should not consider it to
be to the detriment of the general quality of IAS when activation of the specialised
service by the individual end-user only affects his own IAS. However, detrimental effects
should not occur in those parts of the network where capacity is shared between
different end-users.

123. Furthermore, as stated in Recital 17, in mobile networks - where the number of active
users in a given cell, and consequently traffic volumes, are more difficult to anticipate
than in fixed networks - the general quality of IAS for end-users should not be deemed
to incur a detriment where the aggregate negative impact of specialised services is
unavoidable, minimal and limited to a short duration. By contrast, such unforeseeable
circumstances related to the number of users and traffic volumes should not normally
occur in fixed networks.

124. NRAs could assess whether the provision of specialised services reduces general IAS
quality, for example, by assessing the extent to which measured download or upload
speeds are lowered or delay, delay variation or packet loss are increased. Normal
small-scale temporal fluctuation or normal small-scale variation across the network
should not be considered to be to the detriment of the general quality. Network outages
and other temporary problems caused by network faults, for example, should be treated
separately.

125. NRAs should intervene if persistent perceptible decreases in performance are detected
for IAS. This could be detected if the measured performance is consistently above (for
metrics such as latency, jitter or packet loss) or below (for metrics such as speed) a

48
As discussed in Article 4(1)(d)

36
 BoR (22) 81

previously detected average level for a relatively long period of time such as hours or
days), or if the difference between measurement results before and after the specialised
service is introduced is statistically significant. In the case of short-term assessments,
the difference between measurement results with and without the specialised service
should be assessed similarly.

“Not be usable or offered as a replacement for IAS”

126. It is of utmost importance that the provisions regarding specialised services do not serve
as a potential circumvention of the Regulation. Therefore, NRAs should assess whether
a specialised service is a potential substitute for the IAS, and if the capacity needed for
their provision is to the detriment of the capacity available for IAS.

127. In deciding whether a specialised service is considered as a replacement for an IAS,

one important aspect that NRAs should assess is whether the service is actually
providing access to the internet but in a restricted way, at a higher quality, or with
differentiated traffic management. If so, this would be considered a circumvention of the
Regulation.

Article 4
Transparency measures for ensuring open internet access

Article 4(1) transparency measures for ensuring open internet access

Providers of internet access services shall ensure that any contract which includes internet access
services specifies at least the following:

[…letters (a) – (b) – (c) – (d) – (e)…]

Providers of internet access services shall publish the information referred to in the first subparagraph.

Recital 18
The provisions on safeguarding of open internet access should be complemented by effective end-user provisions
which address issues particularly linked to internet access services and enable end-users to make informed choices.
Those provisions should apply in addition to the applicable provisions of Directive 2002/22/EC of the European
Parliament and of the Council (1) and Member States should have the possibility to maintain or adopt more far-
reaching measures. Providers of internet access services should inform end-users in a clear manner how traffic
management practices deployed might have an impact on the quality of internet access services, end-users’ privacy
and the protection of personal data as well as about the possible impact of services other than internet access
services to which they subscribe, on the quality and availability of their respective internet access services. In
order to empower end-users in such situations, providers of internet access services should therefore inform end-
users in the contract of the speed which they are able realistically to deliver. The normally available speed is
understood to be the speed that an end-user could expect to receive most of the time when accessing the service.
Providers of internet access services should also inform consumers of available remedies in accordance with
national law in the event of non-compliance of performance. Any significant and continuous or regularly recurring
difference, where established by a monitoring mechanism certified by the national regulatory authority, between
the actual performance of the service and the performance indicated in the contract should be deemed to constitute
non- conformity of performance for the purposes of determining the remedies available to the consumer in
accordance with national law. The methodology should be established in the guidelines of the Body of European

37
 BoR (22) 81

Regulators for Electronic Communications (BEREC) and reviewed and updated as necessary to reflect technology
and infrastructure evolution. National regulatory authorities should enforce compliance with the rules in this
Regulation on transparency measures for ensuring open internet access.

128. NRAs should ensure that ISPs providing IAS to all end-users (e.g. consumer and
business customer end-users) include relevant information referred to in Article 4(1) (a)
to (e) in a clear, comprehensible and comprehensive manner in contracts that include
IAS, and publish that information, for example on an ISP’s website 49.

129. NRAs should also note that the transparency requirements laid down in Articles 4(1)
and 4(2) are in addition to the measures provided in directive 2002/22/EC (the Universal
Service Directive) 50, particularly in Chapter IV thereof. National law may also lay down
additional monitoring, information and transparency requirements, including those
concerning the content, form and manner of the information to be published.

130. NRAs should look to ensure that ISPs adhere to the following practices in order to
ensure that information is clear and comprehensible:

• it should be easily accessible and identifiable for what it is;

• it should be accurate and up to date;

• it should be meaningful to end-users, i.e. relevant, unambiguous and presented in

a useful manner;

• it should not create an incorrect perception of the service provided to the end-user;

• it should be comparable at least between different offers, but preferably also

between different ISPs, so that end-users are able to compare the offers (including
the contractual terms used by different ISPs) and ISPs in such a way that the
comparison can show differences and similarities.

131. NRAs should ensure that ISPs include in the contract and publish the information
referred to in Article 4(1) (a) to (e). This could be presented in two parts (levels of
detail): 51

49
IAS providers are reminded of the imminent obligations under Directive (EU) 2018/1972 establishing
the European Electronic Communications Code, in particular Article 102 which relates to information
requirements for contracts and Article 103 (3) which addresses the comparison tool. These obligations
will be binding on service providers following transposition by Member States.
50
With effect from 21 December 2020, references to Directive 2002/22/EC should be read as references
to Directive (EU) 2018/1972: see Article 125 of Directive (EU) 2018/1972.
51
NRAs should note that ISPs are also under an obligation to provide information to consumers
before being bound by the contract under other EU instruments: the Consumer Rights Directive
(http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32011L0083&rid=1),
the Unfair Commercial Practices Directive
(http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2005:149:0022:0039:EN:PDF)

38
 BoR (22) 81

• The first part could provide high-level (general) information. The information about
the IAS provided should include, for example, an explanation of speeds, examples
of popular applications that can be used with a sufficient quality, and an explanation
of how such applications are influenced by the limitations of the provided IAS. This
part should include reference to the second part where the information required by
Article 4(1) of the Regulation is provided in more detail.

• The second part could consist of more detailed technical parameters and their
values and other relevant information required by Article 4(1) of the Regulation and
in these Guidelines.

132. Examples of how information could be disclosed in a transparent way can be found in
BEREC’s 2011 Net Neutrality Transparency Guidelines. 52

133. Contract terms that would inappropriately exclude or limit the exercise of the legal rights
of the end-user vis-à-vis the ISP in the event of total or partial non-performance or
inadequate performance by the ISP of any of the contractual obligations might be
deemed unfair under national legislation, including the implementation of Directive
93/13/EEC on unfair terms in consumer contracts. 53

134. Articles 4(1), 4(2) and 4(3) apply to all contracts regardless of the date the contract is
concluded or renewed. Article 4(4) applies only to contracts concluded or renewed from
29 November 2015. Modifications to contracts are subject to national legislation
implementing Article 20(2) of the Universal Service Directive 54.

Article 4(1) (a) transparency and traffic management measures

(a) information on how traffic management measures applied by that provider could impact on the
quality of the internet access services, on the privacy of end-users and on the protection of their personal
data;

135. NRAs should ensure that ISPs include in the contract and publish a clear and
comprehensive explanation of traffic management measures applied in accordance
with the second and third subparagraphs of Article 3(3), including the following
information:

and the e-Commerce Directive

(http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32000L0031&from=EN)
52
BEREC Guidelines on Transparency in the scope of Net Neutrality, BoR (11) 67),
http://berec.europa.eu/doc/berec/bor/bor11_67_transparencyguide.pdf
53
See Annex, paragraph 1(b) of Council Directive 93/13/EEC on unfair terms in consumer contracts,
(http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31993L0013:en:HTML). NRAs may or
may not be empowered to monitor compliance with said directive.
54
With effect from 21 December 2020, references to Directive 2002/22/EC should be read as references
to Directive (EU) 2018/1972: see Article 105(3) and Article 125 of Directive (EU) 2018/1972.

39
 BoR (22) 81

• how the measures might affect the end-user experience in general and with regard
to specific applications (e.g. where specific categories of traffic are treated
differently in accordance with Article 3). Practical examples should be used for this
purpose. In particular the following information should be provided by the ISP:

o the download and upload limits that apply to the IAS selected by the end-user,
the traffic management used to manage compliance with download limits, and
the circumstances under which these apply.

• the circumstances and manner under which traffic management measures possibly
having an impact as foreseen in Article 4(1) (a) are applied; 55

• how the measures might affect QoS of the IAS, particularly in cases of network
congestion and also in relation to other internet access services with different QoS
parameters where multiple internet access services with different QoS parameters
are offered by the ISP;

• any measures applied when managing traffic which uses personal data, the types
of personal data used, and how ISPs ensure the privacy of end-users and protect
their personal data when managing traffic.

136. The information should be clear and comprehensive. The information should not simply
consist of a general condition stating possible impacts of traffic management measures
that could be applied in accordance with the Regulation. Information should also
include, at least, a description of the possible impacts of traffic management practices
which are in place on the IAS.

Article 4(1) (b) transparency and quality of service parameters

(b) a clear and comprehensible explanation as to how any volume limitation, speed and other quality of
service parameters may in practice have an impact on internet access services, and in particular on the
use of content, applications and services;

137. Besides speed, the most important QoS parameters are delay, delay variation (jitter)
and packet loss. These other QoS parameters should be described if they might, in
practice, have an impact on the IAS and use of applications. NRAs should ensure that
ISPs provide end-users with information which is effects-based. End-users should be
able to understand the implications of these parameters to the usage of applications
and whether certain applications (e.g. interactive speech/video or 4K video streaming)
cannot in fact be used due to the long delay or slow speed of the IAS. Categories of
applications or popular examples of these affected applications could be provided.

138. Regarding volume limitations, contracts should specify the ‘size’ of the cap (in
quantitative terms, e.g. GB), what that means in practice and the consequences of

55
The Universal Service Directive (Directive 2002/22/EC, Article 20(1)(b) 2nd and 4th indents) and the
EECC (Directive (EU) 2018/1972, Article 102) may also require such information to be specified in
contracts.

40
 BoR (22) 81

exceeding it (e.g. additional charges, speed restrictions, blocking of all traffic etc.) as
well as, in the case of price differentiation, a clear explanation on which data is counted
under which cap or for which price. For example, if the user gets uncapped access to
the internet during a limited period of time there must be a clear explanation as to the
different time periods and which price applies to data during the different time periods.
If the speed will decrease after a data cap has been reached, that should be taken into
account when specifying speeds in a contract and publishing the information.
Information and examples could also be provided about what kind of data usage would
lead to a situation where the data cap is reached (e.g. indicative amount of time using
popular applications, such as SD video, HD video and music streaming).

Article 4(1) (c) transparency on specialised services

(c) a clear and comprehensible explanation of how any services referred to in Article 3(5) to which the
end-user subscribes might in practice have an impact on the internet access services provided to that
end-user;

139. NRAs should ensure that ISPs include in the contract and publish clear and
comprehensible information about how specialised services included in the end-user’s
subscription might impact the IAS. This is further discussed in paragraph 122.

Article 4(1) (d) transparency on contractual speeds

(d) a clear and comprehensible explanation of the minimum, normally available, maximum and
advertised download and upload speed of the internet access services in the case of fixed networks, or
of the estimated maximum and advertised download and upload speed of the internet access services
in the case of mobile networks, and how significant deviations from the respective advertised download
and upload speeds could impact the exercise of the end-users’ rights laid down in Article 3(1);

140. In order to empower end-users, speed values required by Article 4(1) (d) should be
specified in the contract and published in such a manner that they can be verified and
used to determine any discrepancy between the actual performance and what has been
agreed in contract. Upload and download speeds should be provided as single
numerical values in bits/second (e.g. kbit/s or Mbit/s). Speeds should be specified on
the basis of the transport layer protocol payload, and not based on a lower layer
protocol.

141. In recent years products have been introduced to the market which involve a
combination of different types of technologies, and in some cases a mix of fixed and
mobile technologies. BEREC welcomes innovative forms of connectivity as long as the
end user remains informed as to what service level they can expect. When introducing
a new product to the market, ISPs may implement their offer using their choice of
technologies, as long as they are transparent about the actual performance of the IAS.
In order for the contractual speed values to be understandable, contracts should specify
factors that may have an effect on the speed, both within and outside the ISP's control.
This also applies for FWA (Fixed Wireless Access) and services that use a combination
of technologies such as hybrid IAS, where unpredictable influences (for example
environmental conditions) can impact on the provision of the service to a certain degree.

41
 BoR (22) 81

141a. BEREC considers certain types of FWA as fixed network services for the purpose of
transparency requirements in the Regulation. This is the case for example where a
network using wireless technology (including mobile) is used for IAS provisioning at a
fixed location with dedicated equipment and either capacity reservation or usage of a
specified frequency spectrum band is applied. In this instance it should be compliant
with the transparency requirements for fixed networks. When considering a specific
case NRAs may take the specific product implementation and conditions into account.

141b. BEREC considers hybrid access as fixed network access for the purpose of
transparency requirements in the Regulation when it consists of a combination of fixed
and mobile technologies as a single subscription, it is provided at a fixed location, and
it is marketed as a fixed service. Therefore, it should be compliant with the transparency
requirements for fixed networks. If this is not the case, the fixed part of the service must
meet the fixed network transparency requirements and the mobile part of the service
must meet the mobile network transparency requirements. For example, with regards
to the mobile component of the hybrid IAS when marketed separately from the fixed
component, NRAs may impose requirements concerning minimum quality of service
requirements and other appropriate and necessary measures under Article 5(1).

142. BEREC understands that the requirement on ISPs to include in the contract and publish
information about advertised speeds does not entail a requirement to advertise speeds;
rather, it is limited to including in the contract and publishing information about speeds
which are advertised by the ISP. The requirement to specify the advertised speed
requires an ISP to explain the advertised speed of the particular IAS offer included in
the contract, if its speed has been advertised. An ISP may naturally also advertise other
IAS offers of higher or lower speeds that are not included in the contract to which the
subscriber is party (whether by choice or due to unavailability of the service at their
location), in accordance with laws governing marketing.

Specifying speeds for an IAS in case of fixed networks

Minimum speed

143. The minimum speed is the lowest speed that the ISP undertakes to deliver to the end-
user, according to the contract which includes the IAS. In principle, the actual speed
should not be lower than the minimum speed, except in cases of interruption of the IAS.
If the actual speed of an IAS is significantly, and continuously or regularly, lower than
the minimum speed, it would indicate non-conformity of performance regarding the
agreed minimum speed.

144. NRAs could set requirements on defining minimum speed under Article 5(1), for
example that the minimum speed could be in reasonable proportion to the maximum
speed.

Maximum speed

145. The maximum speed is the speed that an end-user could expect to receive at least
some of the time (e.g. at least once a day). An ISP is not required to technically limit
the speed to the maximum speed defined in the contract.

42
 BoR (22) 81

146. NRAs could set requirements on defining maximum speeds under Article 5(1), for
example that they are achievable a specified number of times during a specified period.

Normally available speed

147. The normally available speed is the speed that an end-user could expect to receive
most of the time when accessing the service. BEREC considers that the normally
available speed has two dimensions: the numerical value of the speed and the
availability (as a percentage) of the speed during a specified period, such as peak hours
or the whole day.

148. The normally available speed should be available during the specified daily period.
NRAs could set requirements on defining normally available speeds under Article 5(1).
Examples include:

• specifying that normally available speeds should be available at least during off-
peak hours and 90% of time over peak hours, or 95% over the whole day;

• requiring that the normally available speed should be in reasonable proportion to

the maximum speed.

149. In order to be meaningful, it should be possible for the end-user to evaluate the value
of the normally available speed vis-à-vis the actual performance of the IAS on the basis
of the information provided.

Advertised speed

150. Advertised speed is the speed an ISP uses in its commercial communications, including
advertising and marketing, in connection with the promotion of IAS offers. In the event
that speeds are included in an ISP’s marketing of an offer (see also paragraph 142),
the advertised speed should be specified in the published information and in the
contract for each IAS offer.

151. NRAs could set requirements in accordance with Article 5(1) on how speeds defined in
the contract relate to advertised speeds, for example that the advertised speed should
not exceed the maximum speed defined in the contract.

Specifying speeds of an IAS in mobile networks

152. Estimated maximum and advertised download and upload speeds should be described
in contracts according to paragraphs 153-157.

Estimated maximum speed

153. The estimated maximum speed for a mobile IAS should be specified so that the end-
user can understand the realistically achievable maximum speed for their subscription
in different locations in realistic usage conditions. The estimated maximum speed could
be specified separately for different network technologies that affect the maximum
speed available for an end-user. End-users should be able to understand that they may
not be able to reach the maximum speed if their mobile terminal does not support the
speed.

43
 BoR (22) 81

154. NRAs could set requirements on defining estimated maximum speeds under Article
5(1).

155. Estimated maximum download and upload speeds could be made available in a
geographical manner providing mobile IAS coverage maps with estimated/measured
speed values of network coverage in all locations.

Advertised speed

156. The advertised speed for a mobile IAS offer should reflect the speed which the ISP is
realistically able to deliver to end-users. Although the transparency requirements
regarding IAS speed are less detailed for mobile IAS than for fixed IAS, the advertised
speed should enable end-users to make informed choices, for example, so they are
able to evaluate the value of the advertised speed vis-à-vis the actual performance of
the IAS. Significant factors that limit the speeds achieved by end-users should be
specified.

157. NRAs could set requirements in accordance with Article 5(1) on how speeds defined in
the contract relate to advertised speeds, for example that the advertised speed for an
IAS as specified in a contract should not exceed the estimated maximum speed as
defined in the same contract. See also paragraph 142.

Article 4(1) (e) transparency on remedies available to consumers

(e) a clear and comprehensible explanation of the remedies available to the consumer in accordance
with national law in the event of any continuous or regularly recurring discrepancy between the actual
performance of the internet access service regarding speed or other quality of service parameters and
the performance indicated in accordance with points (a) to (d).

158. Remedies available to consumers as described in Article 4(1) (e) are defined in national
law. Examples of possible remedies for a discrepancy are price reduction, early
termination of the contract, damages, or rectification of the non-conformity of
performance, or a combination thereof. NRAs should ensure that ISPs provide
consumers with information specifying such remedies.

Article 4(2) procedures to address complaints

Providers of internet access services shall put in place transparent, simple and efficient procedures to
address complaints of end-users relating to the rights and obligations laid down in Article 3 and
paragraph 1 of this Article.

159. NRAs should ensure that ISPs adhere to certain good practices regarding procedures
for addressing complaints, such as:

• informing end-users in the contract as well as on their website, in a clear manner,

about the procedures put in place, including the usual or maximum time it takes to
handle a complaint;

44
 BoR (22) 81

• providing a description of how the complaint will be handled, including what steps
the ISP will take to investigate the complaint and how the end-user will be notified
of the progress or resolution of the complaint;

• enabling end-users to easily file a complaint using different means, at least online
(e.g. a web-form or email) and at the point of sale, but possibly also using other
means such as post or telephone;

• providing a single point of contact for all complaints related to the provisions set
out in Article 3 and Article 4(1), regardless of the topic of the complaint;

• enabling an end-user to be able to enquire about the status of their complaint in

the same manner in which the complaint was raised;

• informing end-users of the result of the complaint in a relatively short time, taking
into account the complexity of the issue;

• informing the end-user of the means to settle unresolved disputes according to

national law if the end-user believes a complaint has not been successfully handled
by the ISP (depending upon the cause of the complaint, the competent authority or
authorities under national law may be the NRA, a court or an alternative dispute
resolution entity etc.).

Article 4(3) national transparency requirements

The requirements laid down in paragraphs 1 and 2 are in addition to those provided for in Directive
2002/22/EC and shall not prevent Member States from maintaining or introducing additional
monitoring, information and transparency requirements, including those concerning the content, form
and manner of the information to be published. Those requirements shall comply with this Regulation
and the relevant provisions of Directives 2002/21/EC and 2002/22/EC.

160. This provision is aimed at Member States and no guidance to NRAs is required.

Article 4(4) certified monitoring mechanism

Any significant discrepancy, continuous or regularly recurring, between the actual performance of the
internet access service regarding speed or other quality of service parameters and the performance
indicated by the provider of internet access services in accordance with points (a) to (d) of paragraph 1
shall, where the relevant facts are established by a monitoring mechanism certified by the national
regulatory authority, be deemed to constitute non-conformity of performance for the purposes of
triggering the remedies available to the consumer in accordance with national law.

This paragraph shall apply only to contracts concluded or renewed from 29 November 2015.

161. The relevant facts proving a significant discrepancy may be established by any
monitoring mechanism certified by the NRA, whether operated by the NRA or by a third
party. The Regulation does not require Member States or an NRA to establish or certify
a monitoring mechanism. The Regulation does not define how the certification must be
done. If the NRA provides a monitoring mechanism implemented for this purpose it
should be considered as a certified monitoring mechanism according to Article 4(4).

45
 BoR (22) 81

162. It would help make the rights enshrined in the Regulation more effective if NRAs were
to establish or certify one or more monitoring mechanisms that allow end-users to
determine whether there is non-conformity of performance and to obtain related
measurement results for use in proving non-conformity of performance of their IAS. The
use of any certified mechanism should not be subject to additional costs to the end-
user and should be accessible also to disabled end-users.

163. The methodologies that could be used by certified monitoring mechanisms are further
discussed in the next section on Methodology for monitoring IAS performance. The
purpose of this guidance regarding methodologies is to contribute to the consistent
application of the Regulation. However, NRAs should be able to use their existing
measurement tools and these Guidelines do not require NRAs to change them.

Methodology for monitoring IAS performance

164. NRAs should consider BoR (14) 117 56 and take account of BoR (17) 178 57 when
implementing a measurement methodology, as well as when considering factors such
as privacy, user environment, and cross-traffic amongst others.

165. When implementing measurement methodologies, NRAs should take account of and
consider guidance on methodologies developed during BEREC’s work on QoS in the
context of Net Neutrality, especially those found in:

• the 2014 Monitoring quality of Internet access services in the context of net
neutrality BEREC report; 58

• Net neutrality measurement tool specification 59;

• BoR (18) 32 Annex 1 60

• The Open Source implementation of the BEREC Net Neutrality measurement tool.

166. Following this existing guidance, the speed is calculated by the amount of data divided
by the time period. These speed measurements should be done in both download and
upload directions. Furthermore, speed should be calculated based on transport layer
protocol payload. Measurements should be performed beyond the ISP leg. The details
of the measurement methodology should be made transparent.

56
See Chapter 4.8 Conclusions and recommendations of BoR (14) 117 “Monitoring quality of Internet
access services in the context of net neutrality”
57
BoR (17) 178, BEREC Net Neutrality Regulatory Assessment Methodology,
https://berec.europa.eu/eng/document_register/subject_matter/berec/regulatory_best_practices/meth
odologies/7295-berec-net-neutrality-regulatory-assessment-methodology
58
BoR (14) 117, http://berec.europa.eu/eng/document_register/subject_matter/berec/reports/4602-
monitoring-quality-of-internet-access-services-in-the-context-of-net-neutrality-berec-report
59
BoR (17) 179, Net neutrality measurement tool specification,
https://berec.europa.eu/eng/document_register/subject_matter/berec/reports/7296-net-neutrality-
measurement-tool-specification
60
BoR (18) 32 Annex 1: https://etendering.ted.europa.eu/cft/cft-documents.html?cftId=3097

46
 BoR (22) 81

Article 5
Supervision and enforcement

Article 5(1) supervision and enforcement

National regulatory authorities shall closely monitor and ensure compliance with Articles 3 and 4, and
shall promote the continued availability of non-discriminatory internet access services at levels of
quality that reflect advances in technology. For those purposes, national regulatory authorities may
impose requirements concerning technical characteristics, minimum quality of service requirements and
other appropriate and necessary measures on one or more providers of electronic communications to
the public, including providers of internet access services.

National regulatory authorities shall publish reports on an annual basis regarding their monitoring and
findings, and provide those reports to the Commission and to BEREC.

Recital 19
National regulatory authorities play an essential role in ensuring that end-users are able to exercise effectively
their rights under this Regulation and that the rules on the safeguarding of open internet access are complied with.
To that end, national regulatory authorities should have monitoring and reporting obligations, and should ensure
that providers of electronic communications to the public, including providers of internet access services, comply
with their obligations concerning the safeguarding of open internet access. Those include the obligation to ensure
sufficient network capacity for the provision of high quality non-discriminatory internet access services, the
general quality of which should not incur a detriment by reason of the provision of services other than internet
access services, with a specific level of quality. National regulatory authorities should also have powers to impose
requirements concerning technical characteristics, minimum quality of service requirements and other appropriate
measures on all or individual providers of electronic communications to the public if this is necessary to ensure
compliance with the provisions of this Regulation on the safeguarding of open internet access or to prevent
degradation of the general quality of service of internet access services for end-users. In doing so, national
regulatory authorities should take utmost account of relevant guidelines from BEREC.

The general approach for supervision

167. With regard to the duties and powers of NRAs set out in Article 5, there are three types
of NRA actions to monitor and ensure compliance with Articles 3 and 4.

• Supervision, which encompasses monitoring by the NRA as set out in Article 5(1),
and facilitated by the powers to gather information from ISPs in Article 5(2), on:

o Monitoring of restrictions of end-user rights (Article 3(1));

o Monitoring of contractual conditions and commercial practices (Article 3(2));

o Monitoring of traffic management (Article 3(3));

o Monitoring and assessment of IAS performance and impact of specialised

services on the general quality of IAS (Article 3(5) and Article 4);

o Monitoring of transparency requirements on ISPs (Article 4);

• Enforcement, which can include a variety of interventions and measurements as

set out in Article 5(1);

47
 BoR (22) 81

• Reporting by NRAs on the findings from their monitoring, as set out in Article 5(1).

168. BEREC should foster the exchange of experiences by NRAs, on an ongoing basis, on
their implementation of the Regulation.

169. To monitor compliance, NRAs may request that ISPs and end-users provide relevant
information. Information that can be requested from ISPs is discussed under Article 5(2)
and NRAs may collect end-user complaints and ask end-users to complete surveys and
questionnaires.

170. Further guidance for specific Articles of the Regulation is described in paragraphs 171-
183, and under Articles 3(2) and 3(5).

Monitoring traffic management practices

171. NRAs have the power to collect traffic management information, for instance by:

• evaluating traffic management practices applied by ISPs, including exceptions

(allowed by Article 3(3) third subparagraph);

• requesting more comprehensive information from ISPs about implemented traffic

management practices, including:

o a description of, and technical details about, affected networks, applications or

services;

o how they are affected and any other specific differentiation with regards to the
application of the practice (such as if the practice is applied only for specific
time of day, or in a specific area);

o in the case of exceptional traffic management practices going beyond those set
out in the second subparagraph (Article 3(3)), a detailed justification of why the
practice is applied and the time period for which it is applied;

• requesting records on traffic management measures/practices applied;

• requesting information from ISPs relevant to following up on complaints received

by NRAs;

• conducting national investigations similar to BEREC’s 2012 Traffic Management

Investigation; 61

61
A view of traffic management and other practices resulting in restrictions to the open Internet in
Europe (BoR (12) 30)
http://berec.europa.eu/eng/document_register/subject_matter/berec/download/0/45-berec-findings-on-
traffic-management-pra_0.pdf

48
 BoR (22) 81

• collecting information and complaints received directly from end-users or other

information sources such as news, blogs, forums and other discussion groups.

172. NRA actions could include conducting technical traffic management measurements,
e.g. for detecting infringements such as the blocking or throttling the traffic. NRAs can
build on available tools, 62 but need to adapt measurement schedules and technical set-
ups to specific measurement cases. Measurement results have to be evaluated
carefully.

173. NRAs should develop appropriate monitoring policies for detecting infringements of the
Regulation and determining necessary actions for guaranteeing that the rights and
obligations set out in the Regulation are fulfilled.

Monitoring and assessment of IAS performance

174. IAS performance assessment can be performed at the user or market level:

• User-level assessment: end-user measurements of the performance of IAS offers

can be performed to check whether the ISP is fulfilling its contract. Measurement
results are compared to the contracted performance of the IAS offer.

• Market-level assessment: user-level measurement results are summarised into

aggregated values for different categories such as IAS offers, ISPs, access
technologies (DSL, cable, fibre etc.), geographical area etc. Aggregated
measurement results can be used for market-level assessments.

175. NRAs can use market-level assessment for the regulatory supervision envisaged by
Article 5(1) to:

• cross-check that the published information is consistent with monitoring results

(see paragraph 177);

• check that specialised services are not provided at the expense of IAS;

• check that the performance of IAS is developing sufficiently over time to reflect
advances in technology.

176. Market-level assessment data can also be used for:

• transparency purposes, by publishing statistics as well as interactive maps

showing mobile network coverage or average performance in a geographic area
for fixed access networks;

• considering the availability of different IAS offers or offer ranges provided by ISPs,
as well as their penetration among end-users;

62
There are multiple tools available in the market

49
 BoR (22) 81

• assessing the quality for a specific type of IAS, e.g. based on an access technology
(such as DSL, cable or fibre);

• comparison of IAS offers in the market;

• investigating possible degradation caused by specialised services.

Monitoring of transparency requirements on ISPs

177. NRAs should monitor transparency requirements on ISPs and could do this by:

• monitoring that ISPs have specified and published the required information
according to Article 4(1);

• checking that such information is clear, accurate, relevant and comprehensible;

• cross-checking that the published information is consistent with monitoring results

regarding Article 3, such as traffic management practices, IAS performance and
specialised services;

• monitoring that ISPs put in place transparent, simple and efficient procedures to
address complaints as required by Article 4(2);

• collecting information on complaints related to infringements of the Regulation.

Enforcement

178. In order to ensure compliance with the Regulation, and to promote the continued
availability of non-discriminatory IAS at levels of quality that reflect advances in
technology, NRAs could decide to:

• require an ISP to take measures to eliminate or remove the factor that is causing
the degradation;

• set requirements for technical characteristics to address infringements of the

Regulation, for example, to mandate the removal or revision of certain traffic
management practices;

• impose minimum QoS requirements;

• impose other appropriate and necessary measures, for example, regarding the
ISPs’ obligation to ensure sufficient network capacity for the provision of high-
quality non-discriminatory IAS (Recital 19);

• issue cease and desist orders in case of infringements, possibly combined with
periodical (daily/weekly) penalties, in accordance with national law;

• impose cease orders for specific specialised services unless sufficient capacity is
made available for IAS within a reasonable and effective timeframe set by the NRA,
possibly combined with periodical (daily/weekly) penalties, in accordance with
national law;

50
 BoR (22) 81

• impose fines for infringements, in accordance with national law.

179. In the case of blocking and/or throttling, discrimination etc. of single applications or
categories of applications, NRAs could prohibit restrictions of the relevant ports or
limitations of application(s) if no valid justification is provided for non-compliance with
the Regulation, especially Article 3(3) third subparagraph. Measures under Article 5(1)
could be particularly useful to prohibit practices that clearly infringe the Regulation.
Measures could include:

• prohibiting the blocking and/or throttling of specific applications;

• prohibiting a congestion management practice which is specific to individual

applications;

• requiring access performance, such as minimum or normally available speeds, to

be comparable to advertised/maximum speeds;

• placing qualitative requirements on the performance of application-specific traffic.

180. Requirements and measures could be imposed on one or more ISPs, and it may also,
in exceptional cases, be reasonable to impose such requirements in general to all ISPs
in the market.

181. The imposition of any of these requirements and measures should be assessed based
on their effectiveness, necessity and proportionality:

• Effectiveness requires that the requirements can be implemented by undertakings

and are likely to swiftly prevent or remove degradation of IAS offer available to end-
users or other infringements of the Regulation.

• Necessity requires that, among the effective requirements or measures, the least
burdensome is chosen, i.e. other regulatory tools should be considered and
deemed insufficient, ineffective or not able to be used fast enough to remedy the
situation.

• Proportionality implies limiting the requirements to the adequate scope, and that
the obligation imposed by the requirement is in pursuit of a legitimate aim,
appropriate to the pursued aim and there is no less interfering and equally effective
alternative way of achieving this aim. For example, if specific ISPs offer degraded
IAS services or infringe the traffic management rules of the Regulation, then the
proportionate requirements may focus on these ISPs in particular.

Annual reporting of NRAs

182. The reports must be published on an annual basis, and NRAs should publish their
annual reports by 30th June for the periods starting from 1st May to 30th April. The first
report is to be provided by 30th June 2017, covering the period from 30th April 2016 to
30th April 2017 (the first 12 months following application of the provisions).

183. As well as being published, the reports should be provided to the Commission and to
BEREC. To enable the Commission and BEREC to more easily compare the reports,

51
 BoR (22) 81

BEREC recommends that NRAs include at least the following sections in their annual
reports:

• overall description of the national situation regarding compliance with the

Regulation;

• description of the monitoring activities carried out by the NRA;

• the number and types of complaints and infringements related to the Regulation;

• main results of surveys conducted in relation to supervising and enforcing the

Regulation;

• main results and values retrieved from technical measurements and evaluations
conducted in relation to supervising and enforcing the Regulation;

• an assessment of the continued availability of non-discriminatory IAS at levels of

quality that reflect advances in technology;

• measures adopted/applied by NRAs pursuant to Article 5(1).

In addition to the information that NRAs wish to report to BEREC concerning the
reporting period, NRAS can report the actions or products of earlier years if these
continue to be relevant. In order to provide a structured overview of information, BEREC
may present such information separated from information related to the reporting
period.

Article 5(2) requesting information

At the request of the national regulatory authority, providers of electronic communications to the public,
including providers of internet access services, shall make available to that national regulatory authority
information relevant to the obligations set out in Articles 3 and 4, in particular information concerning
the management of their network capacity and traffic, as well as justifications for any traffic
management measures applied. Those providers shall provide the requested information in accordance
with the time-limits and the level of detail required by the national regulatory authority.

184. NRAs may request from ISPs information relevant to the obligations set out in Articles
3 and 4 in addition to the information provided in contracts or made publicly available.
The requested information may include, but is not limited to:

• more details and clarifications about when, how and to which end-users a traffic
management practice is applied;

• justifications of any traffic management practice applied, including whether such

practices adhere to the exceptions of Article 3(3) (a)-(c). In particular,

o regarding Article 3(3) (a), the exact legislative act, law, or order based on which
it is applied;

o regarding Article 3(3) (b), an assessment of the risk to the security and integrity
of the network;

52
 BoR (22) 81

o regarding Article 3(3) (c), a justification of why congestion is characterised as

impending, exceptional or temporary, along with past data regarding
congestion that confirms this characterisation, and why less intrusive and
equally effective congestion management does not suffice.

• requirements for specific services or applications that are necessary in order to run
an application with a specific level of quality;

• information allowing NRAs to verify whether, and to what extent, optimisation of

specialised services is objectively necessary;

• information about the capacity requirements of specialised services and other

information that is necessary to determine whether or not sufficient capacity is
available for specialised services in addition to any IAS provided, and the steps
taken by an ISP to ensure that;

• information demonstrating that the provision of one or all specialised services

provided or facilitated by an ISP is not to the detriment of the availability or general
quality of IAS for end-users;

• details about the methodology by which the speeds or other QoS parameters
defined in contracts or published by the ISP are derived;

• details about any commercial agreements and practices that may limit the exercise
of the rights of end-users according to Article 3(1), including details of commercial
agreements between CAPs and ISPs;

• details about the processing of personal data by ISPs;

• details about the type of information provided to the end-users from ISPs in
customer centres, helpdesks or websites regarding their IAS;

• the number and type of end-user complaints received for a specific period;

• details about the complaints received from a specific end-user and the steps taken
to address them.

Article 5(3) issuing these Guidelines

By 30 August 2016, in order to contribute to the consistent application of this Regulation, BEREC shall,
after consulting stakeholders and in close cooperation with the Commission, issue guidelines for the
implementation of the obligations of national regulatory authorities under this Article.

185. These Guidelines constitute compliance with this provision. BEREC will review and
update the Guidelines as and when it considers it to be appropriate.

Article 5(4) competences

This Article is without prejudice to the tasks assigned by Member States to the national regulatory
authorities or to other competent authorities in compliance with Union law.

53
 BoR (22) 81

186. NRAs and other competent authorities may also have other supervision and
enforcement tasks assigned to them by Member States in compliance with Union law.
Such duties may arise out of, for example, consumer and competition law, in addition
to the regulatory framework for electronic communications. Article 5 does not affect the
tasks of NRAs or other competent national or European authorities arising from such
laws, regardless of the fact that such tasks may overlap with the duties of NRAs (or
other competent authorities) as set out in the Article. The Regulation does not affect
NRAs' or other national authorities' competences to supervise and enforce Directive
95/46/EC 63 or Directive 2002/58/EC referred to in Article 3(4), as such tasks continue
to be assigned by national law.

Article 6
Penalties
Member States shall lay down the rules on penalties applicable to infringements of Articles 3, 4 and 5
and shall take all measures necessary to ensure that they are implemented. The penalties provided for
must be effective, proportionate and dissuasive. Member States shall notify the Commission of those
rules and measures by 30 April 2016 and shall notify the Commission without delay of any subsequent
amendment affecting them.

187. This provision is aimed at Member States and no guidance to NRAs is required.

Article 10
Entry into force and transitional provisions

Article 10(1) entry into force of the Regulation

This Regulation shall enter into force on the third day following that of its publication in the Official
Journal of the European Union.

188. The Regulation entered into force on 29 November 2015.

Article 10(2) application of the Regulation

It shall apply from 30 April 2016, except for the following:

[…]

(c) Article 5(3) shall apply from 29 November 2015;

63
References to Directive 95/46/EC should be read as references to Regulation (EU) 2016/679 on the
protection of natural persons with regard to the processing of personal data and on the free movement
of such data, and repealing Directive 95/46/EC. See Article 94 of Regulation (EU) 2016/679

54
 BoR (22) 81

[…]

189. The Regulation applies from 30 April 2016, except for Article 5(3) which obliges BEREC
to issue these Guidelines and which applies from 29 November 2015.

190. When monitoring and ensuring compliance with Articles 3 and 4, NRAs should take into
account that the provisions of the Regulation apply to all existing and new contracts
with the exception of Article 4(4), which applies only to contracts concluded or renewed
from 29 November 2015. 64 In turn, this means that, for a transitional period, Article 4(4)
is not applicable to a certain amount of contracts. However, Article 4(4) will become
applicable to more and more contracts over time once they are renewed or newly
concluded.

Article 10(3) transition period

Member States may maintain until 31 December 2016 national measures, including self-regulatory
schemes, in place before 29 November 2015 that do not comply with Article 3(2) or (3). Member States
concerned shall notify those measures to the Commission by 30 April 2016.

191. Article 10(3) is addressed to Member States. However, when assessing compliance
with Article 3(2) and (3), NRAs should take into account that national measures,
including self-regulatory schemes, might benefit from a transitional period until 31
December 2016 when they may be maintained, provided that they were in place before
29 November 2015 and have been notified by the respective Member State to the
Commission by 30 April 2016. In that event, no breach of Article 3(2) and Article 3(3)
would be found during this transitional period.

64
See paragraph 134 of these Guidelines

55