Ofcom Investigates BT and Three Over 999 Call Failures

Ofcom has opened formal investigations into BT and Three following separate UK-wide mobile network failures this summer that left some customers unable to connect 999 emergency calls.

Two Major Outages

The investigations centre on two major outages, one affecting Three customers in June and another impacting BT and EE customers in July, both of which disrupted basic voice services across large parts of the country. Ofcom said it is examining whether the companies took sufficient steps to prevent the incidents and to protect access to emergency services, which are treated as a critical national function under UK telecoms regulation.

What Happened During The Summer Outages?

The first incident occurred on 25 June, when thousands of customers on the Three network reported being unable to make or receive voice calls. The outage was nationwide and affected not only Three customers but also users on virtual operators that rely on its infrastructure, including ID Mobile. While mobile data services largely remained available, voice calls failed to connect, including calls to emergency services.

Three later said the problem was triggered by “an exceptional spike in network traffic” caused by a third-party software configuration change. The company acknowledged that the disruption affected access to 999 services and informed Ofcom at the time.

A second incident followed on 24 and 25 July, when customers on BT and its mobile network operator EE reported similar problems. In this case, BT attributed the disruption to a software issue that affected call interconnection between networks. As a result, some customers were unable to make or receive calls, including calls to emergency services, despite having signal on their devices.

Ofcom said both incidents caused UK-wide disruption and affected millions of mobile users across the two networks.

Why 999 Call Failures Raise Regulatory Stakes

While mobile outages are not uncommon, failures that prevent access to emergency services significantly increase regulatory scrutiny. For example, under UK law, telecoms providers have specific obligations to ensure that 999 and 112 calls can be made reliably, even during periods of network stress or partial failure.

Ofcom said providers must take “appropriate and proportionate” measures to identify risks to their networks and to plan for scenarios that could compromise availability, performance or functionality. These duties extend beyond preventing outages altogether and include effective monitoring, rapid response and mitigation when failures occur.

In announcing the investigations, Ofcom said it would assess “whether there are reasonable grounds to believe that BT and Three have failed to comply with their regulatory obligations”.

The regulator has not suggested that enforcement action is inevitable, but it does have the power to impose financial penalties, require remedial changes to network design or processes, or issue formal directions if breaches are found.

Network Resilience

Ofcom has placed increasing emphasis on network resilience in recent years, particularly as the UK becomes more reliant on mobile connectivity for essential services. For example, its Network and Service Resilience Guidance sets out expectations for how providers should design and operate networks to reduce single points of failure and limit the impact of incidents.

The guidance states that firms are expected to “identify and reduce the risks of disruption” and to take steps to prevent “adverse effects arising from any such compromises”. Where outages do occur, providers are expected to respond quickly, communicate clearly with customers and learn lessons to reduce the likelihood of recurrence.

Commenting on the investigations, Ofcom said: “The importance of connectivity cannot be underestimated. People rely on their mobile phones to stay in touch, to work, and to contact the emergency services.”

The regulator has made clear that customer impact, including the duration and scale of disruption, will be a central factor in assessing whether obligations were met.

Industry Reaction And Company Responses

Both companies have said they are cooperating fully with the investigation. A spokesperson for BT Group said the company apologised to customers affected by the July incident and would “co-operate fully with Ofcom throughout the investigation”. BT has previously said the outage was caused by a software issue rather than a hardware failure, and that services were restored once the fault was identified.

Three UK said it had engaged openly with Ofcom since the June outage and would continue to do so. The company said the disruption followed a third-party software configuration change that led to unexpected traffic levels on its voice network.

Ofcom has previously made clear that outages can still occur even where networks are designed with resilience in mind, but that providers are expected to have robust processes in place to detect faults quickly, limit their impact, and identify lessons that reduce the risk of similar incidents in future.

The regulator’s guidance stresses that compliance is not limited to preventing failures outright. It also includes effective planning, monitoring and response when services are disrupted, particularly where access to emergency calls is affected.

Previous Enforcement Action

The investigations also take place against a backdrop of previous enforcement action in the sector. For example, back in July 2024, BT was fined £17.5 million after Ofcom found a “catastrophic failure” in its emergency call handling service had prevented around 14,000 999 calls from connecting during a ten-hour outage in June 2023.

Three has also previously been fined by Ofcom. In 2017, the company was ordered to pay £1.9 million after a network failure in 2016 left customers without service. Ofcom concluded at the time that the disruption could have been prevented with better planning and safeguards.

More recently, Three’s UK operations merged with Vodafone to form VodafoneThree, creating the UK’s largest mobile network with around 27 million customers. While the summer outage occurred before the merger was completed, the investigation comes at a sensitive time as the combined business works to integrate networks and systems.

Why The Issue Matters More Now

The timing of the outages has heightened concern because mobile networks are increasingly treated as critical infrastructure. As the UK progresses with the digital landline switchover, many households and vulnerable users are becoming more dependent on mobile connectivity for emergency communication.

Ofcom has repeatedly warned that resilience expectations apply not just to traditional landlines but to all networks that support access to emergency services. The regulator has also highlighted the need for additional safeguards for users who rely on telecare systems, personal alarms or medical monitoring that may depend on voice connectivity.

Government guidance has echoed these concerns, with ministers previously stating that communications providers have statutory obligations to ensure networks are “appropriately resilient”.

What Ofcom Will Examine Next

Ofcom said its investigations will focus on the facts surrounding each incident, including how the faults arose, how quickly they were detected, and what steps were taken to restore services and protect emergency calling. It will also examine whether risk assessments, change management processes and contingency planning were adequate.

The regulator has not set a public timetable for completing the investigations and outcomes could range from no further action if compliance is found, through to enforcement measures if breaches are identified.

What Does This Mean For Your Business?

The investigations place renewed focus on how mobile networks are operated, governed and tested in practice, particularly where basic voice services are relied on for public safety rather than convenience. For Ofcom, the outcome will help clarify how existing resilience rules are being applied in real incidents and whether further intervention is needed to ensure emergency access is protected as networks become more complex and software-driven.

For telecoms providers, the cases highlight how resilience is being judged across the full lifecycle of network management, from configuration changes and third-party dependencies through to detection, response and communication. The fact that both incidents involved software-related failures rather than physical damage is likely to be closely examined, especially as automation and network virtualisation play a growing role in UK mobile infrastructure.

There are also wider implications for UK businesses that depend on mobile voice services for operational continuity, safety procedures and customer contact. For example, prolonged or widespread loss of calling capability, even where data services remain available, can disrupt frontline operations, lone worker safety and emergency escalation processes. The investigations may prompt organisations to recheck how resilient their own communications arrangements are, particularly where mobile phones are the primary or sole method of contact.

For consumers, emergency services and vulnerable users, the cases reinforce why mobile networks are now treated as critical infrastructure rather than optional utilities. As the digital landline switchover continues and reliance on mobile connectivity deepens, the tolerance for failures affecting 999 access appears to be narrowing. How Ofcom responds, and what it requires of operators as a result, is likely to shape expectations around network reliability and accountability well beyond these two incidents.