EU nations are ‘progressing at different paces’ in terms of security protocols introduced by the European Commission in order to ensure the safety of next-generation telecommunications networks, the European Court of Auditors has said.
The news comes at the beginning of a year-long probe into the EU’s security of 5G networks by auditors, while the European Commission has also confirmed to EURACTIV that nations across the bloc have missed deadlines set out in law, which had bound countries to assign 5G spectrum frequencies by the end of 2020.
Auditors say their research has already unearthed evidence of a divergent approach to 5G security across member states, as well as differences in deployment timelines for the technology across the continent.
As part of a series of measures unveiled by the Commission in their 2020 5G Toolbox, member states were tasked with assessing the risk profile of telecom providers, with a view to applying restrictions for those vendors considered to be high-risk.
The toolbox highlighted that “a particular threat stems from cyber offensive initiatives of non-EU countries,” in a veiled reference to Chinese telecommunications providers Huawei and ZTE.
“Several member states have identified that certain non-EU countries represent a particular cyber threat to their national interests based on previous modus operandi of attacks by certain entities or on the existence of an offensive cyber programme of a given third state against them,” the toolbox adds.
A progress report on the plans in July pressed member states to make ‘urgent progress’ on mitigating the risks to 5G telecommunications networks posed by certain high-risk suppliers.
Speaking on Thursday (7 January), the European Court of Auditors’ Paolo Pesce, part of the team conducting the 12-month review, said harmonisation across the bloc on such security standards was not yet taking place.
“Member states have developed and started implementing necessary security measures to mitigate risks,” Pesce said. “But from the information gathered so far, member states seem to be progressing at a different pace as we implement this measure.”
Annemie Turtelboom, the ECA member leading the audit, added that the report will seek to probe the trade-off EU nations seem to be making with regards to security and speed of deployment.
Under the 2018 Electronic Communications Code, member states had been obliged to assign spectrum for 5G for the 700 MHz band by 30 June 2020, whereas for both the 3.6 GHz and 26 GHz bands the assignments were due by 31 December 2020.
By mid-December, member states, including the UK, had assigned on average only 36.1% of the 5G pioneer bands, the European Commission informed EURACTIV.
“The coronavirus crisis has made electronic communications including mobile communications even more vital for the citizens and businesses while making it more difficult to timely prepare authorisation procedures so that several member states have recently expressed their intention to delay their national spectrum auction procedures,” a spokesperson told EURACTIV.
“The Commission will follow the matter closely and take any difficulty into consideration considering the impact of the current public health crisis.”
However, it appears that the security concerns of contracting various suppliers have been just as relevant in the delays as has the coronavirus pandemic.
In one recent example, Sweden had to sideline auctions for its 3.4-3.6 GHz and 3.6-3.8 GHz bands, after telecoms regulators PTS prohibited the use of equipment from Chinese firms Huawei and ZTE.
Earlier this week, Huawei announced that it had lodged an appeal to the supreme administrative court for being frozen out of the auctions.
[Edited by Zoran Radosavljevic]