Guidelines for the Security of 5G Infrastructure in the European Union
9
31 JAN 2020 Spotlight
The European Commission (EC) has published a “toolbox” of rules to guarantee the security of 5G infrastructure in Europe. They are intended to minimise the risks of espionage and leaks of sensitive data. The document is the result of an agreement between the Member States on cooperation criteria with contractors for 5G construction in the EU but it does not exclude any particular entity from the development of fifth-generation telecommunications infrastructure.
Fot. Reuters Fot. Reuters

Why did the EU address the issue of 5G network security?

The document, published on 29 January, is one element of the EU’s fifth-generation telecommunications network development plan. In 2019, on the EC’s recommendation, the Member States carried out national risk assessments related to the development of 5G infrastructure that were then used to develop the set of instruments and activities presented by the EC. This “toolbox” will be a reference point going forward for discussion in the EU about allowing companies such as Chinese Huawei from working on 5G infrastructure. The Chinese manufacturer’s offer is cheaper than European companies but suspicions about intelligence cooperation with the government of China have raised alarms. The publication of the document is also a reaction to the U.S. reservations regarding the cooperation of EU countries with Chinese companies. The recommended restrictions are viewed as justifying continued, albeit in some cases limited, cooperation with Huawei.

What do the EU guidelines contain?

In the document, the EC defines the most serious risks associated with the construction of 5G and proposes specific countermeasures. At the strategic level, it encourages countries to increase security standards for 5G suppliers and limit access to sensitive infrastructure for those companies that, based on the criteria are classified as “high risk”. The Commission also points to the need to diversify suppliers in order to reduce dependency on individual enterprises. The document also signals the need for closer monitoring of foreign investment in the 5G market and strengthening native 5G technological capabilities through financing and programmes designed for this purpose. It also allows the use of defensive trade instruments, such as duties, on products manufactured by companies benefiting from unauthorised subsidies.

What are the prospects for the development of 5G infrastructure in the EU in light of the new recommendations?

The proposed solutions are a compromise between the security concerns about cooperation with Huawei, in particular, in the construction of 5G and the risk of provoking retaliatory action by China if there was a total ban on cooperation with the Chinese company. There are differences between the Member States in the threat assessment of Chinese companies and 5G. The guidelines are not legally binding and the EC gives wide scope for interpreting the scale of the threat, leaving the decision to exclude a given company to member governments. As some countries are currently at an advanced stage of cooperation with Huawei (including Hungary), a diversified approach within the EU should be expected. For some countries, the guidelines will serve to justify the rejection of the Chinese manufacturer in favour of European or American companies without violating single market competition rules.

How will the EU “toolbox” be perceived by China and the U.S.?

From China’s perspective, the rules will be interpreted as a political success and a sign that Europe is rejecting U.S. pressure to ban cooperation with Huawei from 5G construction. China hopes that the advantage resulting from Huawei’s presence on the European telecommunications market will, contrary to the new guidelines, translate into more contracts for the construction of 5G in EU countries. China will intensify its political interaction with EU Member States to try to persuade them to accept its companies’ offers. It is possible that the Chinese will also try to influence the loosening of regulations in the future.

For the U.S., the EU’s “toolbox” may be a disappointment, especially since the suggestion about the diversification of suppliers may be applied to American companies as well. Further pressure on individual EU Member States to exclude Huawei through national regulations will continue under the threat that a lack of such rules may affect cybersecurity cooperation with the U.S.