The publication of ETSI TS 103 221 marks a step forward in Lawful Interception. It brings standardized X1, X2 and X3 interfaces and replaces proprietary interfaces.


X1 is the interface that allows the Lawful Interception system to provision tasks on an Network Function (NF).

A task represents an intercept on a target. As long as the task is provisioned, the NF is instructed to intercept communication. The intercepted communication is delivered using the X2 and X3 interfaces.

The X1 interface:

  • Uses HTTPS as the application layer
  • Mandates use of TLS client authentication
  • Provides an XSD schema to describe the provisioning objects
  • Provides XML examples to simplify adoption by network vendors
  • Allows the LI system to dynamically configure the destination of the X2 and X3 packets. This is especially useful to support dynamic network topologies.

The latest version of the ETSI TS 103 221-1 can be downloaded from the ETSI portal. Download the ZIP file to grab a copy of the XSD schema and XML samples.

X2 and X3

X2 is the interface that is used to transmit intercepted signalling, X3 is used for transmission of intercepted content.

An NF initiates one or more X2/X3 connections towards the LI system to deliver packets.

The volume of packets on these interfaces may be high, especially on the X3 interface. As such, the format is optimized for performance. It uses a fixed length TLV format to allow fast inspection and is also used for X2.

The X2 and X3 interfaces:

  • Use TLS for the encryption of communication
  • Use a single approach for correlation of communication
  • Support the most commonly intercepted protocols (IP, SIP, RTP)
  • Allow for standardized and proprietary extension.
    For example: the 3GPP SA3-LI group uses this mechanism to define 5G related extensions to the X2/X3 interfaces.

Both X2 and X3 are specified in ETSI TS 103 221-2.