TCCA
14 Blandford Square
Newcastle upon Tyne
NE1 4HZ UK
+44 191 231 4328
[email protected]
TEA2 Licensing rules
Frequently Asked Questions (FAQs)
Produced by the TCCA Security and Fraud Prevention Group (SFPG) and
published in January 2017
Registered Office,
6, High Street,
Ely, Cambridgeshire, CB7 4JU, UK
TEA2No.4155039
FAQs in UK
Registration
VAT Registration Number GB 755 4236 24
www.tandcca.com
1
Introduction
ETSI document ETSI TS 101 053-2 v2.3.1 details the process that needs to be
followed to obtain licences in respect of the TEA2 algorithm. This process
evolves over time, and as a consequence a number of requests for clarification
of certain points have been received by the Custodian. This document has
been produced as a method to assist interested parties. It is a living document
and will be updated as appropriate.
TEA2 licences issued by the TEA2 Custodian
Q: Do ETSI licences issued by previous TEA2 Custodians remain valid when the
custodian changes?
A: ETSI licences issued by previous TEA2 Custodians remain valid.
Q: What is the process for changing a company name on a licence?
A: Application for name change on an existing TEA2 licence must be made by
letter to the SFPG secretariat for consideration by the TEA2 custodian.
Sub-licensing
Q: What are TEA2 sub-licenses?
A: Primary User sub-licences are managed by the governmental department
responsible for Public Safety and are valid only in the area of jurisdiction of
that Primary User. They are intended to allow the Primary User to identify the
Public Safety user groups that are permitted to use the TEA2 network(s) being
operated under that Primary licence.
Sub-licensing is intended to only include categories:
 User sub-licences;  In exceptional cases sub-licences to cover the destruction of equipment
where the National Security Authorities may have specific
requirements i.e. Destruction Sub-Licences.
All other categories of licensing are undertaken by the TEA2 Custodian.
TEA2 FAQs
2
Interoperability and roaming Q: Does an existing TEA2 Primary licence permit the connecting of two or
more TEA2 networks and the roaming of related users across the
connected networks?
A: It is the belief and intention of the Custodian that the current Primary
User licences do not preclude the connection of a TEA2 network to
another TEA2 network in a permitted state or territory, as defined, or
the roaming of users across networks unless either is specifically
excluded by one of the relevant Primary licence holders. Therefore any
network interconnect and user roaming issues are matters for bilateral
or multilateral agreement(s) between the primary users concerned to:
 allow a specific user, specific groups, or all users and groups from either
party ‘home’ network to operate on the other party ‘visited’ network,
 and
to permit interconnection of the networks confident in the
knowledge that neither of the parties' operational or security policies
are compromised and that the relevant procedures are in place, by the
parties to the agreement, to support this.
Supplier licences
Q: What are Supplier licences?
A: There are two types of supplier licences both issued by the TEA2 Custodian:
(a) for provision of hardware containing the TEA2 algorithm;
(b) for provision
of network services using the TEA2 algorithm.
In the case of (a):
 All applications for a supplier licence must be supported by a sponsoring
organisation.  Supplier licences issued by the TEA2 custodian in the future will show
the sponsoring organisation(s). Licences issued before 2016 that do not
show the name of the sponsoring organisation will remain valid. Any
sponsoring organisation must be in possession of its own ETSI
manufacturer/ supplier/primary or secondary user licence. In the case
of (b):  the provider of network services may either obtain a licence from a
primary user or it shall obtain its ETSI supplier licence from the TEA2
TEA2 FAQs
3
custodian. The provider does not require sponsorship from another
licence holder.
Q: In the case of a group of companies, does each company require its own
supplier licence or are they all covered by the licence held by the parent
company?
A: In the case of a group of companies it is permissible for the parent company
to hold a single ETSI supplier licence or nominate one of its subsidiary
companies to hold a supplier licence to cover the supply activities of the
subsidiary companies. This is conditional upon the parent company owning
and enforcing the security policies connected with the storage, handling,
distribution and audit and accounting of equipment containing the TEA2
algorithm and the licence includes details of all subsidiary companies covered
by the licence. The custodian and the sponsoring organisation must be kept
informed of any changes.
All companies detailed in the ETSI licence issued by the TEA2 Custodian can
then operate as suppliers within all states and territories detailed in the rules
of management of the TEA2 algorithm subject to any local or export control
legislation.
Acting as an agent
Q: The holder of an installer/repairer/destruction licence or the holder of a
supplier licence could act as an agent for the sponsoring manufacturer, where
the manufacturer holds the contract with the organization to whom equipment
containing TEA2 is supplied. Who should verify that this organization has a
valid licence to receive equipment containing TEA2?
A: If the manufacturer is the contracted party and holds the legal contract to
supply the organization with equipment containing TEA2, then either the
manufacturer or the installer/repairer/destruction entity or supplier shall
verify that the receiving organization holds a valid licence to receive equipment
containing TEA2. If the manufacturer has verified the TEA2 licence of the
receiving organization and explicitly confirms to the
installer/repairer/destruction or supplier entity that the manufacturer has
verified the licence of the organization that will receive the equipment
containing TEA2, the installer/repairer/destruction or supplier licensee does
not need to have sight of this.
TEA2 FAQs
4