EU telecom ministers have stopped short of calling for a ban on specific 5G suppliers such as Huawei. However, they said in a joint declaration that EU countries should take into account non-technical factors when assessing 5G network risks, such as the legal framework suppliers may be subject to in third countries. Furthermore, additional efforts beyond standardisation and certification schemes may be necessary to mitigate the risks.
The statement points to the US government's main criticism of Huawei - that under Chinese law, the company can be forced to hand over information on its customers to Chinese state authorities. The US has banned the use of Huawei equipment in the public sector and prohibits since May US companies from selling parts to Huawei. The Americans have warned European allies repeatedly against using Chinese suppliers, saying the security risks are too high and the Europeans risk losing cooperation with US intelligence agencies.
The EU states have already conducted risk assessments for 5G networks, and the EU institutions are working on recommendations for a coordinated approach to the security question. Following their latest meeting, the telecom ministers welcomed the efforts to date, and noted the support from existing EU legislation, such as the NIS directive on network security and certification schemes in the telecoms code and Cybersecurity Act.
However, the technological changes brought by 5G "will increase the overall attack surface and require particular attention to the risk profiles of individual suppliers", the ministers said in a joint statement. Given the expected widespread applications of 5G networks in the economy, EU countries will need to take into account more than just the technical risks of 5G infrastructure - "also non-technical factors such as the legal and policy framework to which suppliers may be subject to in third countries, should be considered", the ministers said.
The statement otherwise stresses the importance of 5G to the single market and digital economy and calls on EU states and the European Commission to ensure the bloc becomes a leading market for 5G. In addition to coordination on security matters, the statement calls for EU states to share information on electromagnetic field limits, an area which is already raising concern in several European countries among citizens, and to work together on 5G roll-out, research and encouraging demand and uptake of the services.
EU states should also ensure a diversity of suppliers, to avoid over-reliance on a single company and increased exposure to a potential failure, the statement followed. In addition, they must assess the risks associated with critical public and private systems and services relying on 5G networks and ensure that components critical for national security "should only be sourced from trustworthy parties".
The statement comes a day after Huawei's CEO Ken Hu thanked European governments and customers for their trust in the face of the ban in the US and for the EU's "fact-based approach" to technological security. Speaking at the FT-Etno summit in Brussels, Hu singled out German Chancellor Angela Merkel for her emphasis on open standards and the French parliament for not banning individual companies in its legislation on ICT security. The CEO said a "super-connected society means global solutions to trust" and called for politics to be left aside in the discussion on network security.