The move follows on the heels of expressions of support from heads of state or government for a concerted approach to 5G network security, which were made at the European Council on 22 March and remarks made by Mariya Gabriel, the European commissioner for digital economy and society at Mobile World Congress Barcelona. Gabriel said that her organisation recognised the need for a common approach to 5G cybersecurity – remarks that were widely perceived as being a response to the controversy around Huawei, given the national security concerns that have been voiced by the US government (Huawei announced that it was suing it over these allegations on 7 March).
Further reading:
MWC Barcelona 2019: the quality question
Huawei flexes its R&D muscles at pre-MWC briefing
Huawei pledges to address national security concerns
The Commission’s recommendations are a combination of legislative and policy instruments. The Commission states that each member state should complete a national risk assessment of 5G network infrastructures by the end of June 2019 and use this to update their existing security requirements for network providers and include conditions for ensuring the security of public networks, especially when granting rights of use for radio frequencies in 5G bands.
The Commission states that these measures should include reinforced obligations on suppliers and operators to ensure the security of the networks, and that the national risk assessments and measures should consider various risk factors, such as technical risks and risks linked to the behaviour of suppliers or operators, including those from third countries. It notes that EU member states have the right to exclude companies from their markets for national security reasons, if they do not comply with the country's standards and legal framework.
The national risk assessments will used to help build a coordinated EU risk assessment, which will be completed by 1 October 2019, with the support of the Commission and the European Agency for Cybersecurity (ENISA).
Vice-president Andrus Ansip, in charge of the Digital Single Market, said:”5G technology will transform our economy and society and open massive opportunities for people and businesses. But we cannot accept this happening without full security built in. It is therefore essential that 5G infrastructures in the EU are resilient and fully secure from technical or legal backdoors.”
Gabriel, added:"Protecting 5G networks aims at protecting the infrastructure that will support vital societal and economic functions – such as energy, transport, banking, and health, as well as the much more automated factories of the future. It also means protecting our democratic processes, such as elections, against interference and the spread of disinformation.”
