12. Providers to notify users of particular and significant threat of security incident
(1) In the case of a particular and significant threat of a security incident in public electronic communications networks or publicly available electronic communications services, a provider of such networks or services shall -
(a) inform its users potentially affected by such a threat of any possible protective measures or remedies which can be taken by the users, and
(b) where appropriate, inform its users of the threat itself.
(2) Subsection (1) is a regulatory provision.
(3) A provider who fails to inform its users in accordance with subsection (1)(a) commits an offence and is liable on summary conviction to a class A fine.