EU outlines 5G rules: You don't have to keep 'risky' vendors completely Huawei

Just keep 'em out the core and keep supply chains diverse, ja?

It's not just the UK government that's wrestling with the decision to permit Huawei's gear on the 5G network. Across Europe, a similar debate has raged. Can Huawei, which many in intelligence circles believe to be inextricably linked to the Chinese government, be trusted to power the next generation of mobile telephony and data? Today, we got our answer: kinda.

Short of a full ban, the European Commission has agreed to permit Huawei's equipment on the national EU networks, although says it will impose "strict" rules. These strongly mirror those proposed by the UK's comms-regulating ministry – DCMS – yesterday.

What the EU is calling its "Toolbox for 5G Security" (PDF) asks national regulators to impose strict governance standards. It urges national bodies to vet the risk profiles of specific 5G vendors, and limit those deemed risky from the core elements of national networks. It also recommends that individual providers limit their exposure to any one vendor, by having a multi-vendor approach.

EE 5G at St Paul's

UK to Chinese telecoms giant: From 5G in Tiree to the Isles of Ebony, carry me on the waves… Sail Huawei, sail Huawei, sail Huawei

READ MORE

So far, the four companies offering 5G infrastructure are Huawei, Nokia, Ericsson, and Samsung.

Margrethe Vestager, exec veep for a Europe fit for the digital age, emitted a supportive quote: "5G will be a ground-breaking technology but it cannot come at the expense of the security of our internal market. The toolbox is an important step in what must be a continuous effort in the EU's collective work to better protect our critical infrastructures."

The European Commission urges all remaining 27 member states to implement the rules outlined by April 30, 2020, and prepare a joint report that details how they've implemented them by June 30, 2020.

In recent months, the EU has come under pressure from the American government to take action against Huawei, which Trump's administration perceives to be a significant national security threat. It argues that allowing the Chinese firm to build the infrastructure surrounding 5G would provide Beijing an opportunity to conduct surveillance and intelligence gathering against its closest geopolitical allies.

Huawei has repeatedly denied allegations that it would spy on customers and users overseas at the behest of the Chinese government.

Huawei also has an arrangement with the UK government to allow officials from the NCSC-founded Huawei Cyber Security Evaluation Centre (HCSEC) Oversight Board to audit its code. While the HCSEC hasn't uncovered any smoking guns proving the existence of backdoors in Huawei's kit, it has raised concerns about the firm's "basic engineering competence and cyber security hygiene" – describing "serious and systematic defects".

The GSMA, a mobile industry lobby group, notes that replacing kit from Chinese firms would add €55bn to the cost of building 5G networks – an already expensive process, considering the cost of acquiring rights to spectrum bandwidth. The analysis also adds that it would delay the technology by 18 months.

Today's announcement comes shortly after the Department for Digital, Culture, Media, and Sport (DCMS) published guidelines for Huawei's involvement in the UK's 5G network, albeit in a limited manner. That decision came in the face of similarly intense lobbying from the US government, which climaxed with US prez Donald Trump addressing the issue directly with Boris Johnson on a phone call last Friday. ®

Sponsored: Detecting cyber attacks as a small to medium business

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER


Biting the hand that feeds IT © 1998–2020