The European Commission told member states to impose restrictions on high-risk suppliers for 5G networks without delay, with a specific focus on the dependency on high-risk suppliers, specifically Chinese firms Huawei and ZTE.
According to a second report on Member States’ progress in implementing the EU Toolbox on 5G Cybersecurity, member states are recommended to ensure that the restrictions cover critical and highly sensitive assets identified in the EU Coordinated risk assessment, including the Radio Access Network.
The report was prepared by Member States’ authorities (NIS Cooperation Group), with the support of the Commission and the EU Agency for Cybersecurity (ENISA).
“Ten Member States have used these powers to impose obligations on MNOs to restrict or exclude suppliers considered as high-risk from their 5G networks.” reads the report published by the EU. “Several Member States have taken measures to restrict the use of, or exclude, high-risk suppliers or components. In three Member States, decisions on high-risk suppliers or equipment are taken based on applications from MNOs to deploy 5G equipment. One Member State has taken a public decision to exclude Huawei and ZTE from its 5G network.”
The report provides an overview of the implementation of the EU Toolbox‘s strategic and technical measures. The strategic measures aimed at mitigating risks associated with long-term dependency on specific suppliers. The technical measures focus on bolstering the security of 5G networks and equipment, analyzing the problems from different perspectives, including technologies, processes, human involvement, and physical elements.
The call to restrict the suppliers is subordinate to the assessments made by member states’ national authorities.
The report highlights the risks to collective security associated with delays in limiting the provision of network equipment from high-risk suppliers.
Out of the twenty-four Member States that possess or are in the process of developing legislative powers, seventeen have already implemented or are planning to adopt an ex-ante approach. This approach allows the states to restrict the deployment of 5G equipment from risky providers. Additionally, nineteen Member States have already confirmed their ability to enforce the removal of existing equipment provided by high-risk suppliers.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, European Commission)