An EU-wide cybersecurity certification scheme for 5G networks will be rolled out across the bloc in a bid to patch technical vulnerabilities in next-generation mobile communications, the European Commission said on Wednesday (3 February).
The move comes as part of the EU’s cybersecurity act adopted in 2019, which attempts to encourage market players to bolster the security of their connected devices in order to achieve EU certification. The bloc’s cyber agency, ENISA, has been tasked with coming up with the standards required to qualify for the certificate.
The cybersecurity of 5G networks has long been on the minds of policy workers in the field, as the EU attempts to establish a common approach with regards to the security of next-generation networks in light of various concerns about third-country operators.
In January last year, the Commission unveiled its 5G Toolbox, in which EU nations were tasked with assessing the risk profile of telecoms providers, with a view to applying restrictions for those vendors considered to be high-risk.
A progress report on the plans in July pressed member states to make ‘urgent progress’ on mitigating the risks to 5G telecommunications networks posed by certain high-risk suppliers.
Wednesday’s announcement to establish a cyber certification scheme for 5G comes as the EU attempts to bring member states closer together on the issue of telecommunications security.
In January, the European Court of Auditors said that EU countries are ‘progressing at different paces’ in terms of 5G security protocols introduced by the European Commission as part of last year’s toolbox.
“Member states have developed and started implementing necessary security measures to mitigate risks,” the European Court of Auditors’ Paolo Pesce said, speaking on the launch of a year-long probe of the bloc’s security standards in the field.
“But from the information gathered so far, member states seem to be progressing at a different pace as we implement this measure.”
Meanwhile, the Commission’s internal market chief, Thierry Breton, said in a statement on Wednesday that the new certification framework could bring EU nations closer together on 5G security.
“Security is at the core of 5G technology roll-out. EU-wide certification, in combination with other types of measures in the EU 5G Toolbox, supports our efforts to optimize 5G security and patch technical vulnerabilities,” he said.
“This is why it is important that member states make further progress in implementing the Toolbox.”
For their part, Chinese telecoms manufacturer Huawei, who has previously been a cause for concern in some member states, including most recently Sweden, welcomed this week’s news.
“A European cybersecurity certification scheme is the backbone for safe and secure 5G operations in Europe,” a spokesperson from the company told EURACTIV. “We believe this announcement is a positive step as 5G in Europe is critical for the continuation of a resilient Digital Society.”
[Edited by Zoran Radosavljevic]