The EU defied American calls for a blanket ban on Huawei and ZTE, opting instead to demand stricter security measures on telecoms vendors by the end of the year.
The European Commissions plans, unveiled in Strasbourg Tuesday, include asking national capitals to conduct risk assessments and work together to draft common European security checks on companies building high-speed 5G networks.
“We have to protect our privacy, we have to protect our business secrets, we have to protect our whole lives,” Andrus Ansip, vice president of the European Commission, told reporters. He said the Commission has “specific security concerns,” adding “everyone knows Im talking about China and Huawei.”
While there is no blanket ban, the guidelines pave the way for a European model of managing risks associated with Chinese vendors. The Commission is also working on tools to handle competition from China, including trade defense instruments, privacy requirements and procurement rules.
Here are seven takeaways from the 5G security plan:
1. There will be EU-wide measures by year-end
EU countries pushed the Commission to present its thoughts following months of pressure from Washington to clamp down on Chinese vendors.
The plans are timed to coincide with the auction of spectrum bands for 5G networks and the rollout of initial commercial 5G services across Europe.
“Its urgent that we get on with this because decisions are being taken now and in the next year or so” on spectrum and network equipment, Julian King, European security commissioner, told reporters in Strasbourg.
The Commission said 11 countries have auctions planned this year and six others have auctions planned next year.
The Commission asked EU countries to complete national risk assessments by June 30 and send them by mid-July. The EU will conduct its own risk assessment by October. By year-end a group of key cybersecurity experts is due to agree on EU-wide measures to mitigate the risks.
2. Operators are still in limbo
While the Commissions move shows the EU isnt close to or likely to impose blanket bans on foreign vendors, it leaves open the question of Huaweis access to national markets.
One telecoms industry official, who asked not to be named because of the sensitivity of the issue, said the Commission seems to have kicked the can down the road. The move prolongs operators uncertainty about whether foreign vendors could face restrictions in the future.
Europes main telecoms lobby organizations reacted with caution.
“We support a fact-based and harmonized approach to network security,” Lise Fuhr, head of ETNO (the European Telecommunications Network Operators Association), said in a statement.
Global mobile lobby GSMA said in a statement it welcomes the EUs efforts “to avoid fragmentation, and ensure a proportionate and coherent approach to this important issue.”
Many European operators are in the process of contracting vendors for the rollout of 5G networks. Huawei is considered a strong player, pitching its gear at lower prices than its competitors, industry officials said. But the global debate about alleged security risks is forcing operators to consider potential restrictions on Chinese telecoms equipment in Europe in the future.
Huaweis chief representative to the EU institutions, Abraham Liu, said in a statement that the company “understands the cybersecurity concerns that European regulators have. Based on the mutual understanding, Huawei looks forward to contributing to the European framework on cybersecurity.”
3. Washington failed to get its Huawei ban …
The Commissions plan comes after months of lobbying by U.S. officials in Europe. U.S. State Department officials toured Europe to convince their counterparts to block, ban or restrict Huaweis activities. The diplomats targeted key events like the Munich Security Conference and Barcelona Mobile World Congress for talks with operators and lawmakers.
But the German government and others stopped short of introducing bans, and now the Commission has also refused to impose specific measures targeting Huawei.
Ansip stressed that the EU is not siding with either Washington or Beijing. “Some people arent able to understand we have our own concerns,” he said. “Its not just the support for one or another. We have to think about our own security, our own future.”
4. … but Huawei, ZTE remain clear targets
The Commission stressed that the work in the coming months could lead to a list of products and even suppliers not being considered trustworthy.
National assessments of 5G security “should take into account both technical and other factors,” the recommendation reads, including “regulatory or other requirements imposed on information and communications technologies equipment suppliers.” The text goes on to say “an assessment of the significance of such factors would need to take into account, inter alia, the overall risk of influence by a third country,” including security governance, privacy standards and whether the country abides by international norms and law on cybersecurity.
Thats a clear stab at China, which has been accused of cyber espionage activities by Western security authorities.
5. Watch Berlin …
Brussels plans echo those presented in Berlin, where regulators presented a set of draft requirements on 5G security earlier this month. The draft German rules, which will be finalized later this year, stress that operators have to buy equipment from “trusted suppliers,” and that critical network components can only be procured by suppliers that provide an “assurance of trustworthiness.”
The European Commission will ask its cybersecurity agency ENISA to start work on a certification scheme under the EUs new Cybersecurity Act, which enters into force in coming weeks. Such a scheme is likely to mimic the German draft reRead More – Source