EU outlines rules for ‘high risk’ 5G suppliers
The European Commission has revealed guidelines for member states to address 5G-related security risks. Under the EU endorsed ‘toolbox’, members of the bloc can restrict or ban high risk 5G vendors from core parts of their network.
Member states commonly agreed to strengthen security requirements, assess risk profiles of suppliers and apply restrictions for high risk suppliers – such as exclusion from critical or sensitive assets.
While individual member states can ultimately control their own 5G infrastructure, it is hoped that by using the toolkit, countries will coordinate their approaches and mitigate risk.
According to a statement from the Commission, the non-binding recommendations seek to ensure EU-wide security standards. “Closely coordinated implementation of the toolbox is indispensable to ensure EU businesses and citizens can make full use of all the benefits of the new technology in a secure way.”
“Cyber security threats are on the rise and [have] become increasingly sophisticated,” it said. “As many critical services will depend on 5G, ensuring the security of networks is of highest strategic importance for the entire EU.”
Although the commission stops short of singling out any one high risk country or company, the guidelines come amid international debate between security officials and the telecoms industry over Huawei. In particular, the US has placed significant pressure on European governments to implement a ban on the Chinese company’s involvement in 5G infrastructure.
While European governments have been upping their telecoms security in recent months, their responses fall out of line with US demands. The Netherlands said it is weighing the security risks, and Poland may impose stricter security requirements. Meanwhile, the German government is split over the future of Huawei amid claims that it has evidence that Huawei cooperated with Chinese intelligence. Still, Hungary welcomed Huawei, as did Italy, while Austria said it wants to coordinate with its European partners. France said it would not exclude any one equipment maker from its 5G rollout, but has imposed geographical restrictions.
On Tuesday, after much debate, the UK government placed restrictions on Huawei. It excluded the “high risk vendor” from “critical or sensitive” parts of the network and restricted its share in the network to 35%. Huawei will continue to supply equipment for non-sensitive parts of Britain’s 5G network despite US pressure to ban the company outright.
While the toolbox sets out technical measures that would allow a member state to ban Huawei, there does not appear to be an appetite to do so. Instead, the UK’s measured approach may kickstart a trend throughout Europe.
A welcome decision
Ultimately, the guidelines were welcomed by Jijay Shen, CEO of Huawei Ireland. Commenting on the toolbox, Shen said: “Huawei Ireland welcomes Europe’s decision, which enables Huawei to continue participating in Europe’s 5G roll-out. This non-biased and fact-based approach towards 5G security allows Europe to have a more secure and faster 5G network. We will continue to work with our stakeholders here including the Department of Communications and Comreg to help Ireland take a positive, evidence-based approach to the European Commission’s recommendation.”
Speaking to TechCentral.ie, a spokesperson from Vodafone also welcomed the news: “Vodafone has consistently called for a fact-based, risk-assessed and vendor-agnostic approach to security assurance in Europe. We believe the European Commission’s Union Risk Assessment in October and the 5G Toolbox are important steps towards giving countries in the European Union the basis for a common level of security standards and assurance. We will study the Commission’s recommendations, and continue to work actively with governments, regulators and industry partners on a shared approach to security assurance.”