The European Commission has unveiled its recommendations for security mechanisms for the 5G era, and Huawei lives to fight another day, at least for the next couple of months.
While this is the proportionate response many telcos have been calling for, it does not quite give the concrete position of certainty they might have been hoping for. Despite attempts from the US to bend Europe to its will, the bloc will take a risk mitigation approach, though member states have until October 1 to conclude threat landscape assessments. At this point, decisions might be taken to ban certain products, services or suppliers.
“5G technology will transform our economy and society and open massive opportunities for people and businesses,” said Andrus Ansip, Commissioner for the Digital Single Market. “But we cannot accept this happening without full security built in. It is therefore essential that 5G infrastructures in the EU are resilient and fully secure from technical or legal backdoors.”
While the US has decided to effectively ban Huawei and other Chinese companies without the burden of proof, Europe has decided to take a much more measured approach. There have been worries over Chinese espionage thanks to legislation stating companies are legally obliged to help the state with any intelligence activities, however the next couple of months will see the member states assess the landscape.
At national level, each member state should complete a national risk assessment of 5G network infrastructures by the end of June. This process should lead to each state updating security requirements and mechanisms, though some have already made a start on this work, France and Germany for example.
After this point, member states should begin exchanging information, with the support of the Commission and the European Agency for Cybersecurity (ENISA), will complete a coordinated risk assessment by 1 October. The member states will agree a consistent set of mitigating measures including certification requirements, tests, controls, as well as the identification of products or suppliers that are considered potentially non-secure. At this point, there might be calls to ban products, services and suppliers on a European level.
This is where the uncertainty continues. Europe has stopped short of stating it will ban any suppliers, keeping telcos in a state of nervousness, but at least there is now a timetable. 5G deployment will almost certainly be slowed over the next couple of months though at least this position is not open-ended anymore.
What is worth noting is this recommendation does not prevent or dismiss any bans which might currently be in place. As it stands, none of the member states have banned Huawei, though they will be free to do so if they feel it necessary moving forward.
How the US will react to this position remains to be seen, though it has already started to make passive aggressive threats to individual member states. Germany and the UK are two who have been told they risk access to US intelligence databases should they not ban Huawei, though the huffing and puffing self-proclaimed ‘leader of the free world’ is largely being ignored. Talks will continue, but it seems the US influence is not comprehensive enough to force through these demands.
For the moment, this is good news for the European operators. There was a risk telcos would have to rip and replace certain components in networks, with 5G rollouts suffering as a result. Some telcos, including Three and Vodafone in the UK, have suggested 5G would be delayed by two years if Huawei was to be banned. This is the crux of the issue.
The vast majority of US networks have never made use of Huawei equipment therefore a ban would have almost zero impact on operations or 5G deployment. This is not the case in Europe, therefore our overseers have a tricky equation to balance; on one side is risk mitigation and the other is economic success in the digital era.