The European Parliament has adopted a resolution urging the European Commission and Member States to take action against potential security risks posed by China’s growing technological presence in the EU. This happened on the margins of the vote on the EU Cybersecurity Act, which was adopted by a firm majority.
MEPs expressed concern about recent allegations – mainly from the United States – that 5G equipment from Chinese suppliers may have built-in backdoors, giving China unauthorised access to personal data and telecommunications of European citizens and institutions.
Parliament calls on the Commission and the Member States to lay down guidelines on how to deal with cyber threats and vulnerabilities when purchasing 5G equipment. This can be done, for example, by diversifying suppliers, introducing phased purchasing processes or defining a strategy to reduce Europe’s dependence on foreign cybersecurity technology.
It also calls on the Commission to give a mandate to ENISA, the European Cyber Security Agency, to establish certification for the roll-out of 5G in the EU, which ‘meets the highest security standards’. Huawei, head of jut in the whole discussion about Chinese 5G equipment in the West, has been calling for some time for the industry to work together on such standards.
EU Cybersecurity Act
Such a certification could fit within the EU Cybersecurity Act, which was also voted on today. With 586 votes in favour, 44 votes against and 36 abstentions, the legislation – on which there was already an informal agreement – was adopted with little resistance.
The EU Cybersecurity Act lays the foundation for European cyber security certification, so that certified products, processes and services traded within the European Union always meet the same security standards. In addition, critical infrastructure can also be certified in a similar way.
The certification is not mandatory, but must come from the market in order to create European certificates that are valid in all member states and are based on international standards, explained Despina Spanou, Director for Cyber Security at the European Commission, last year during a presentation at the Belgian Cyber Security Convention. Only in this way does it offer global added value for businesses and consumers.
First and foremost, the text gives consumers certain guarantees about the safety of the products and services they buy. In addition, it should lower the threshold for companies to enter new markets, because they can obtain a certificate that is valid for Europe in one go. By 2023, the European Commission will assess whether certain voluntary certificates should still be made mandatory.
The EU Cybersecurity Act is still before the European Council for formal approval. The legislation will enter into force twenty days after its publication.
Related: Cybersecurity in Europe: how the EU is developing an international security approach
This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.