Commission presses member states to take action on high-risk 5G vendors


EU nations must make urgent progress on mitigating the risks to 5G telecommunications networks posed by certain high-risk suppliers, the European Commission said in a progress report published on Friday (24 July).

The call comes at a time when Washington continues to ramp up pressure on the EU to ban Chinese telecoms provider Huawei, following recent moves in the UK and France to limit the company’s involvement in their 5G infrastructure.

“Most member states have not yet established or communicated clear plans to effectively address existing situations of dependency on high-risk suppliers and prevent future dependencies,” said Friday’s progress report on 5G security in the EU.

“Progress is urgently needed to mitigate this important risk, also with a view to reducing dependencies at Union level,” it added.

As part of a series of measures unveiled by the Commission in January’s 5G Toolbox, member states were tasked with assessing the risk profile of telecom providers, with a view to applying restrictions for those vendors considered to be high-risk.

A Commission official revealed on Friday that two-thirds of member states had progressed in the implementation of the 5G toolbox to the extent that they have identified a list of high-risk suppliers, but that only a third of this number had put forward plans to restrict the involvement of such high-risk suppliers.

US-China trade war

The delineation of high-risk 5G suppliers has been a debate fraught with geopolitical sensitivities, as the EU finds itself sandwiched between the US and China, in an ongoing trade war between the two global powers.

The Trump administration says China’s Huawei cannot be trusted to be involved in Europe’s 5G network infrastructure, due to concerns over the protection of data, cybersecurity, and espionage campaigns. The Chinese company denies all the claims.

The spat has been long in the making with gradually increasing success for the US, following the UK’s recent decision to limit Huawei involvement in the county’s future 5G network, and France’s decision to put a hold on the renewal of licenses for French companies to purchase Huawei 5G equipment.

In Friday’s progress report, the Commission recommends that EU member states should duly consider the “international trade context” when assessing a supplier’s risk.

Meanwhile, for telecoms operators working in the EU, a Commission official said on Friday that such firms were starting to take note of member state restrictions, and are looking at diversification strategies in their supply chains accordingly.

“Operators across the Union are already taking measures themselves in anticipation of restrictions that could come from the national authorities,” the official added, also highlighting the need for member states to work towards more concrete diversification strategies, to avoid dependencies on the provision of 5G equipment from high-risk vendors.

5G toolbox

As part of the Commission’s ‘5G toolbox,’ which was published in January and had contracted the unanimous backing of all EU member states, the executive outlined a series of non-binding recommendations that include improving security standards.

These included establishing risk profiles of suppliers based on an agreed set of criteria, in addition to adopting a multi-vendor approach.

However, the report also highlighted that “a particular threat stems from cyber offensive initiatives of non-EU countries,” in a veiled reference to Huawei.

“Several member states have identified that certain non-EU countries represent a particular cyber threat to their national interests based on previous modus operandi of attacks by certain entities or on the existence of an offensive cyber programme of a given third state against them,” the toolbox adds.

Across the EU

In the UK, as part of a set of new rules presented by the UK’s Digital Secretary Oliver Dowden in mid-July, the purchase of Huawei 5G equipment will be banned from the end of the year and all equipment provided by the firm will have to be removed from 5G networks by the end of 2027.

French authorities have told telecoms operators seeking to work with Huawei’s 5G equipment that they will be barred from renewing licences for the components once they expire.

However, Germany is treading more cautiously – well aware of the extent to which Deutsche Telekom relies on Huawei. The Germans are also aware that new opportunities for innovation may emerge as a result of a quicker rollout of 5G in Europe.

“The 5G network rollout will provide completely new opportunities for business and society. Due to the importance of 5G as a central critical infrastructure for future technologies, it is important that the rollout of 5G infrastructure can proceed quickly and safely,” German Economy Minister Peter Altmaier said on Friday.

However, the opposition Social Democrats in Germany are calling for tougher measures in the country, including bolstered security checks for vendors.

Harmony the best medicine

Amid the divergent approaches to high-risk vendors being adopted by member states, for the Commission, it is important to take a harmonized approach.

“Collective work and coordinated implementation of appropriate measures is fundamental to ensure EU businesses and citizens can make full use of all the benefits of the new technology,” the executive said on Friday.

The Commission’s stance here in terms of a coordinated approach is not least in part due to several objectives that could be in jeopardy as a result of delays to 5G rollouts in the EU.

Current goals in the field include a launch of 5G services in all EU member states by the end of 2020 at the latest, as well as a ‘rapid build-up’ that will ensure “uninterrupted 5G coverage in urban areas and along main transport paths by 2025,” as outlined in the 2016 5G Action Plan for Europe.

In May, the Commission’s Vice-President for Digital, Margrethe Vestager, urged EU telecoms ministers to “limit as much as possible” any delays to their 5G spectrum assignments.

Setbacks had, at the time, been registered in a number of countries including Spain, Austria, Portugal, Poland and the Czech Republic, who all pushed back spectrum frequency auctions.

On security, the Commission, alongside the member states and the EU’s cyber agency, ENISA, will continue to monitor compliance with the 5G toolbox, with a view to potentially analyzing the need for stricter security baselines to be recommended at the EU level in the future.

[Edited by Zoran Radosavljevic]

Subscribe to our newsletters