ICI

Interception Configuration Information

Security →
Introduced in Rel-6

ICI is a standardized set of data used to configure lawful interception functions by defining the target, the content to be collected, and the delivery parameters to law enforcement.

Category
Security
Introduced
Rel-6
Where
Radio Access Network › NG-RAN (5G)
Specifications
6 specs
ICI Description Purpose Related Classification Detected Changes Specifications

Description

Interception Configuration Information (ICI) is a critical component of the 3GPP Lawful Interception (LI) architecture, defined across multiple technical specifications. It represents the structured data that an authorized entity (typically a Law Enforcement Agency via a Lawful Interception Authority) provides to the network operator's Intercepting Control Element (ICE) to activate, modify, or deactivate an interception order. The ICI is essentially the 'warrant' in machine-readable format, containing all necessary instructions for the network to execute the interception legally and correctly.

The ICI is composed of several key information elements. Primarily, it includes the Target Identifier, which uniquely specifies the subscriber (e.g., IMSI, MSISDN) or service to be monitored. It defines the Interception Scope, specifying which types of communications are to be intercepted—such as Circuit-Switched voice calls, Packet-Switched data sessions, SMS, or IMS sessions. Furthermore, it contains the Interception Action, indicating whether to activate, deactivate, or modify an existing interception. Crucially, it provides Delivery Parameters, which detail the address (IP address and port) of the Law Enforcement Monitoring Facility (LEMF) where the intercepted content (CC) and intercept-related information (IRI) must be securely delivered.

From an architectural perspective, the ICI is received by the Administration Function (ADMF) or directly by the relevant ICEs (e.g., in the Core Network or Access Network). The ADMF validates the ICI and distributes the appropriate configuration commands to the network elements involved in the interception (e.g., MSC, SGSN, PGW, PCF). These elements then use the parameters within the ICI to identify the target's traffic, duplicate the relevant packets or signaling messages, and forward them to the designated Delivery Function (DF), which formats and sends the data to the LEMF. The ICI ensures that the interception is precisely scoped, avoiding over-collection, and that the delivery mechanism meets the required security and reliability standards. Its standardized format allows for interoperability between different network vendors and law enforcement systems.

Purpose & Motivation

ICI was created to address the critical need for a standardized, secure, and reliable method to configure lawful interception across complex, multi-vendor 3GPP networks. As telecommunications became digital and mobile, law enforcement agencies required a technically robust means to execute legal interception orders. Prior to standardization, interception mechanisms were often proprietary, country-specific, and inconsistent, making it difficult for operators to comply with legal mandates efficiently and for agencies to handle intercepted data from different networks.

The primary problem ICI solves is the translation of a legal warrant (a human-readable document) into a precise set of technical instructions that automated network equipment can understand and execute. It defines a common language between the legal world and the network world. This standardization ensures that an interception request means the same thing in Sweden as it does in South Korea, provided both follow 3GPP specs. It prevents ambiguity in defining the target, the scope of interception, and the delivery method.

Its creation was driven by legal requirements for telecommunications interception in many jurisdictions, combined with the globalization of network equipment. A standardized ICI allows network vendors to build LI capabilities into their products that will work anywhere, reduces the cost and complexity for operators to comply with local laws, and provides law enforcement with a predictable and secure interface. It balances the need for effective law enforcement with the principles of privacy and data minimization by requiring explicit configuration for each interception action.

Classification

Part ofIRI
Related approachesADMFLEMF

Detected Changes Across Releases

from 3GPP Change Requests

Specific changes extracted from the „Change history“ tables of 3GPP specifications (37 CRs across 5 releases). Complements the general historical overview above with the evidence-based evolution of this function.

Studied in Rel-6, normative work from Rel-15.

Rel-15 10 changes

In Release 15, the ICI function was enhanced to include the delivery of **PTC Encryption information** and to support the reporting of **Media Bearer information** for specific handover scenarios, such as S8HR. Additionally, new configuration capabilities were introduced, allowing for the storage of **Mission Critical Services configuration data** and **5G UAC Access Identity Information** on the USIM.

  • Configuration parameter for handover between WLAN and EPS TS 31.102CR0768
  • Introduce EFs that contain NAS full native security context from 5G Mobility Management Information. TS 31.102CR0776
  • Introduce an EF that contains 5G UAC Access Identity Information TS 31.102CR0780
  • Allow configuration of MCS (Access Identity 2) via USIM. TS 31.102CR0794
  • Mission Critical Services configuration data update to USIM TS 31.102CR0808
  • Cell Site Supplemental Information Reporting-Handover Details TS 33.108CR0395

+ 4 more changes

Rel-16 7 changes

In Release 16, the ICI function was enhanced with new USIM configuration capabilities for steering of roaming, specifically introducing configuration files for the RLOS PLMN list and the RLOS allowed MCC list. It also added configuration for PS Data Off lists for home and roaming scenarios. Furthermore, the release included updates for storing 5GMM information like the SOR counter and provided clarifications for reading procedures of existing configuration files in the USIM.

  • Support for USIM configuration of RLOS PLMN list TS 31.102CR0847
  • USIM configuration of RLOS allowed MCC list TS 31.102CR0881
  • Configuration data files for V2X in 5GS TS 31.102CR0883
  • Storage of 5GMM information; SOR counter and a UE parameter update counter TS 31.102CR0869
  • Extension of alarm-information OCTET String Size TS 33.108CR0425
  • PS Data Off list configuration in USIM for home and roaming TS 31.102CR0862

+ 1 more changes

Rel-17 8 changes

In Release 17, the ICI function was expanded to support new configuration capabilities stored on the USIM, including pre-configured CAG information lists with CAG-ID ranges, and dedicated files for 5G ProSe, NSWO configuration, warning message reception in SNPNs, and KAUSF derivation configuration for SNPNs. Additionally, it introduced support for PC5 DRX configuration policies and NR-PC5 unicast security policies specifically for V2X services. These enhancements provided the UE with a broader set of pre-configured network access and service parameters directly from the USIM file system.

  • Introduce a USIM file to store pre-configured CAG information list TS 31.102CR0904
  • 5G ProSe configuration related services and files TS 31.102CR0929
  • 5G NSWO (Non-Seamless WLAN Offload) configuration support in the USIM compromised proposal. TS 31.102CR0946
  • Addition of a USIM file for configuration of warning messages reception in SNPNs. TS 31.102CR0951
  • KAUSF derivation configuration in SNPN TS 31.102CR0963
  • Support of PC5 DRX configuration policies and NR-PC5 unicast security policies for V2X services TS 31.102CR0953

+ 2 more changes

Rel-18 10 changes

In Release 18, the ICI function was expanded to include UE pre-configuration for 5MBS (5G Multicast/Broadcast Services) and to support configuration policies for Uu-based MBS for V2X and A2X services. Furthermore, enhancements were made for NAS configuration regarding default NSSAI inclusion mode and for the storage of configuration parameters, such as an IMS Data Channel configuration EF on the USIM. These updates introduced new pre-configured parameters and policies to support a wider range of services and more robust configuration management.

  • Adding UE pre-configuration for 5MBS TS 31.102CR0981
  • NAS configuration on default NSSAI inclusion mode TS 31.102CR0991
  • Add EF of IMS Data Channel configuration to the USIM TS 31.102CR1006
  • Support of Uu MBS configuration and AS MBS configuration policies for V2X services TS 31.102CR1023
  • Addition of configuration parameter for 5GMM cause #15 extension TS 31.102CR1035
  • Support for A2X MBS and A2X AS MBS configuration policies for Uu. TS 31.102CR1036

+ 4 more changes

Rel-19 2 changes

In Release 19, the ICI function was enhanced with the addition of a configuration parameter specifically for extending EMM cause #15 procedures. Furthermore, new capabilities for storing custom Lawful Interception retry configurations within the EFNASConfig file were introduced.

  • Addition of configuration parameter for EMM cause #15 extension TS 31.102CR1052
  • Custom LL Retry configuration storage in EFNASConfig TS 31.102CR1053

Explore further

Broader topics and technologies where ICI plays a role.

Topics
Authentication (5G-AKA, EAP)IMS & Voice (VoLTE, VoNR)MEC (Edge Computing)Privacy (SUPI, SUCI)Lawful InterceptSMS & Messaging

Defining Specifications

3GPP specifications that define or reference ICI, with the latest known release. Sourced from the 3GPP document catalog — see methodology.

SpecificationTitleRelease
TR 21.905 vj00 3GPP Technical Terms and Definitions Rel-19
TS 31.102 vj40 USIM Application Specification Rel-19
TS 33.108 vj00 LI Handover Interface Specification Rel-19
TR 38.808 vh00 Study on NR above 52.6 GHz to 71 GHz Rel-17
TS 38.811 vf40 Study on NR Support for Non-Terrestrial Networks Rel-15
TR 45.914 vj00 MUROS Feasibility Study for Voice Capacity Rel-19