The European Commission has laid out plans for a coordinated EU approach towards the next generation of mobile broadband networks, 5G, following concerns about China aired by member states during last week’s European Council summit.
Upon announcing the plans, Commission Vice-President for the Digital Single Market, Andrus Ansip, said the EU’s executive branch has “specific concerns connected with some producers.”
He added that “everyone knows I’m talking about China and Huawei,” and elaborated further by saying that the 2017 Chinese intelligence act forces producers “to collaborate with the secret services.”
“We have to be worried about this,” Ansip said. “But we have never asked to ban certain suppliers.”
Despite Huawei facing a barrage of criticism related to the security of their 5G equipment, they came out applauding the Commission’s efforts on Tuesday.
“Huawei understands the cybersecurity concerns that European regulators have,” said Huawei’s Chief Representative to the EU, Abraham Liu.
“Based on mutual understanding, Huawei looks forward to contributing to the European framework on cybersecurity. We are firmly committed to continuing to work with all regulators and partners to make the 5G rollout in Europe a success.”
Announcing the plans on Tuesday, the EU’s Security Chief Julian King was keen to highlight how much citizens across the continent rely on watertight infrastructure in telecommunications.
“The resilience of our digital infrastructure is critical to government, business, the security of our personal data and the functioning of our democratic institutions,” he said.
The plans announced by the EU’s executive arm cover several areas of competence.
Firstly, member states have been asked to carry out a risk assessment of 5G network
infrastructures by the end of June 2019.
As part of the assessments, the Commission calls upon member states to take into account the technical vulnerabilities of 5G equipment, as well as “risks linked to the behaviour of suppliers or operators, including those from third countries.”
Moreover, the Commission reiterates that member states “have the right to exclude companies from their markets for national security reasons if they do not comply with the country’s standards and legal framework.”
National governments are also asked to communicate with one another during and after the risk assessment procedure as a means to formulate an EU coordinated risk assessment by October 2019.
The EU wants a range of security standards to emerge as a result of the assessments, ranging from certification requirements, tests, controls, and “the identification of products or suppliers that are considered potentially non-secure.”
During last week’s EU council summit, French President Emmanuel Macron said there had been a “European awakening” about potential Chinese dominance on the continent, which can be seen as being led by Huawei’s authority in the 5G marketplace.
Macron himself has rallied the cause for a more unified approach to cybersecurity standards, as part of the Paris Call for Trust and Security in Cyberspace, which has received the backing of 547 official supporters in order to develop common principles for making cyberspace more secure.
As part of a recent EURACTIV event which examined the importance of establishing international cybersecurity standards, Alexander Evans, the cyber director in the National Security Directorate at the UK’s Foreign Office, said such cyber norms are about “what states should or should not do in cyberspace to each other, to their citizens and in International security, development and trade.”
On the sidelines of the event, Estonian ALDE MEP Urmas Paet spoke to EURACTIV about the risks of impending cyberattacks.
He said that “Europe must be much more prepared for these kinds of attacks in the future, and it’s all about our infrastructure and how well we are prepared.”
Speaking of the alleged risks concerning the cybersecurity standards of Huawei, Vice-President Ansip was clear that if Europe is to be ‘prepared’, it cannot wait for evidence to surface as to potential vulnerabilities of 5G equipment.
He emphasised that the steps introduced by the Commission on Tuesday were a precautionary measure to ensure EU member states and policymakers in Brussels alike were all well aware of the risks involved of contracting particular providers in Europe’s rollout of 5G.
[Edited by Zoran Radosavljevic]