Operators from member states of the European Union should not be dependent on a single high-risk supplier for their 5G networks. The European Commission (EC) states in a recently published report that the member states should have several suppliers.
In the recently published 5G Toolbox Implementation Report, the EC addresses the progress of the implementation of the EU Toolbox for the security of 5G networks among the member states. The European Commission endorsed the use of this security toolbox in January.
In concrete terms, the operators in the member states have to take measures to further strengthen the security of 5G networks. The networks are essential for increased economic growth and the strengthening of the EU’s competitive position on the world stage for the foreseeable future.
According to the report, the various member states are making progress in implementing security measures for their 5G networks. The powers of national regulatory authorities have been, or are in the process of being, strengthened in many member states to regulate 5G security.
There are also regulations in place in several EU member states that limit the reliance on 5G suppliers based on their risk profile. Some member states already have advanced regulations in this regard. This not only concerns the regulation of the mobile core networks but also things such as management tools, 5G radios and imposing restrictions on their use in specific geographical locations or sectors, such as the government. It is also essential that operators who have already secured contracts with high-risk suppliers have agreed to transition periods.
Furthermore, network security and resilience requirements are being reviewed in a majority of member states. The European Commission emphasizes that these requirements really need to be strengthened, follow the latest state-of-the-art best practices and that the implementation of these requirements by operators is monitored and effectively enforced.
On the other hand, the EC also indicates that there is still much room for improvement in several areas. For example, operators within EU member states must ensure that they do not become too dependent on a single supplier for their 5G networks, particularly when it comes to high-risk suppliers in terms of security. Although the EU does not name any foreign company in the report, this addresses the Chinese network vendor Huawei.
The EC also notes that there are challenges for individual operators when it comes to designing and implementing a multi-vendor strategy. This is because of technical or operational issues such as interoperability and the country’s size.
Assessing foreign investments
Last but not least, the EC considers that some member states (thirteen in total) should take more measures to review foreign investment in strategic telecom infrastructure. To this end, they should immediately implement the EU Foreign Direct Investments screening framework. This framework is a tool for member states to apply screenings to foreign investments that could potentially affect strategic telecom networks, such as the 5G networks or the 5G supply chains. This is particularly the case for foreign state-owned companies or companies that have very close links with their corresponding governments.