TRC Introduces Mandatory Network Resilience Measures
Mandatory resilience measures for mobile networks addressed backup power at sites, transmission diversity, core network redundancy and continuity of critical services during major incidents.
Development
In 2025 the Cambodian authorities introduced mandatory network resilience measures for licensed telecommunications operators. The measures respond to increasing dependence on telecommunications for essential services, to lessons from major incidents in the region and to expectations that critical infrastructure be able to withstand a wider range of stresses, including natural disasters, cyberattacks, prolonged power outages and supply-chain disruptions.
The measures apply to mobile network operators, fixed and broadband providers, data centre operators serving telecommunications functions and, in a proportionate way, to other providers of essential digital services that rely on telecommunications infrastructure.
Objectives and scope
The measures aim to reduce the frequency, duration and impact of service disruptions affecting telecommunications users, particularly disruptions that could compromise safety, emergency response or the operation of dependent essential services. They articulate expected standards for the design, operation and management of networks so that services degrade gracefully rather than fail catastrophically under stress.
The scope covers physical resilience of network sites, backup arrangements for power and transmission, protection against cyber threats, arrangements for cooperation between operators and with public authorities, and communication with the public during incidents.
Physical and power resilience
Network sites, including core sites, aggregation sites and access sites, are expected to be designed and maintained so that they can withstand the environmental conditions typical of their location, including flooding, storms and prolonged heat. Physical security measures should be adequate to protect equipment from unauthorised access, theft and deliberate interference.
Backup power arrangements are a central element of the measures. Core sites are expected to have redundant power supplies capable of sustaining operation for defined periods, and access sites are expected to have appropriate arrangements calibrated to their importance and to the local risk profile. Fuel supply, generator maintenance and periodic testing are important operational elements.
Transmission and routing resilience
Reliable telecommunications services depend on transmission networks that can withstand the failure of individual links or nodes. Operators are expected to design their transmission networks with appropriate redundancy, to avoid unnecessary single points of failure and to be able to reroute traffic automatically or through operational procedures when individual elements are unavailable.
Inter-operator arrangements, including interconnection, transit and access to shared infrastructure, should be designed with resilience in mind. Coordination with owners of tower, duct and fibre infrastructure supports the objective of a resilient national network.
Cybersecurity and operational technology
The measures reinforce that resilience against cyber threats is inseparable from physical resilience. Networks that are technically robust but that can be brought down by cyber intrusion do not deliver the intended level of service. Operators are expected to align their cybersecurity measures with the applicable framework, to protect operational technology in particular and to have incident response arrangements that can address combined cyber and physical scenarios.
Third-party arrangements, including managed services, cloud services and vendor support, should be evaluated with a view to overall resilience, including the ability of the operator to continue essential operations if a critical supplier becomes unavailable.
Incident management and public communication
Operators are expected to have mature incident management arrangements that provide for clear roles, escalation, coordination with the authorities and communication with customers and the public. Major incidents should be notified promptly to the regulator, and post-incident reviews should identify lessons and drive improvements.
Communication with customers and the public during incidents is important both for operational reasons and for maintaining trust. Clear, timely and accurate updates on the nature of the incident, the expected duration and any actions customers can take help mitigate the impact of disruptions and support broader confidence in telecommunications services.
Cooperation between operators and with authorities
Resilience is a shared responsibility. The measures encourage cooperation between operators on matters such as mutual assistance during incidents, coordinated planning for high-risk periods and information sharing about threats and vulnerabilities. Cooperation with public authorities, including civil protection and cybersecurity authorities, is also expected, particularly in scenarios that affect multiple operators or that have wider societal implications.
Formal frameworks for cooperation, including memoranda of understanding, joint exercises and shared operational procedures, can support effective cooperation when it is most needed. Operators are encouraged to invest in these arrangements as part of their broader resilience programmes.
Monitoring, testing and reporting
Operators are expected to monitor the performance of their networks continuously, to test their resilience arrangements periodically and to report to the regulator on the state of their resilience programmes. Reports may cover technical measures, operational procedures, incidents and improvements planned or completed. Aggregate information may inform future policy and may be shared appropriately with stakeholders.
Independent audits or assessments may be required in specific cases, particularly where concerns have been identified or where the operator's role is especially critical. Operators are expected to cooperate constructively with such assessments and to implement recommended improvements.
Practical implications and next steps
For operators, the 2025 measures call for a comprehensive review of network design, operational procedures, cybersecurity arrangements and cooperation frameworks. Investment plans should reflect the need to maintain and, where necessary, upgrade resilience. Governance arrangements should ensure that resilience receives appropriate attention at senior level and that operational teams have the tools and authority to act.
For enterprise customers and public sector organisations, the measures support the design of resilient services built on telecommunications infrastructure. Contractual arrangements with operators, business continuity plans and internal preparation for incidents should reflect a realistic view of the resilience of the underlying infrastructure.
Lex Civora advises operators, enterprise customers and public sector bodies on the interpretation and application of the network resilience measures, on the design and negotiation of resilient service arrangements and on the response to major incidents affecting telecommunications infrastructure in Cambodia.
This article is provided for general information only and does not constitute legal advice. Regulatory positions may change; readers should verify obligations against the current official publication or seek professional advice before acting.
