Twenty-four out of the Twenty-Eight Member States have submitted their national 5G technology risk assessments to the European Commission, Commissioner for Security Union, Julian King, told a press briefing on Friday 19 July. However, the content of these analyses remained secret, as they "belong to the Member States", the Commissioner commented.
These press statements, far from revealing major innovations, were intended to take stock of the Commission's March recommendation for a common approach to 5G network security (see EUROPE 12222/23). It provided for several stages with specific actions and deadlines, the first - a national analysis by all Member States - having been set for 31 June.
According to Mr King, twenty-four Member States have submitted their assessments, which cover several issues: - the main threats and actors that affect 5G networks; - the degree of sensitivity of the components, functions and other resources of a 5G network; - various types of vulnerabilities, technical and other, such as those that could arise from the 5G supply chain.
The Commissioner refused to name the four Member States that did not submit their assessments. But he expressed optimism that the countries concerned would do so quickly.
Huawei threatened?
At present, several Member States are considering measures to ensure the security of their digital networks. In France, a legislative proposal on network security is discussed in the National Assembly and the Senate, including the proposal for prior authorisation. In the United Kingdom, a government review is planned to examine the risks arising from the supply chain of telecommunications equipment and objective security criteria.
This exercise should enable Member States, together with the Commission, to decide by autumn 2020 whether regulatory measures should be taken.
It also aims to reassure the United States. On several occasions, they have indicated that they will reassess how they share information with countries that allow unreliable suppliers to participate in the deployment of 5G networks (implied, which allows Chinese operators Huawei and ZTE).
When asked about a possible ban on Huawei in the EU, Mr King was cautious: "It's not about starting with the conclusion, we don't assume anything. But in the end, it is possible that we may come to the conclusion that, in some cases, some products may be considered dangerous".
According to the Commissioner, the measures that could be considered include "enhanced obligations towards telecommunications operators to ensure a secure configuration of the network, prior authorisation regimes for the deployment of certain types of network equipment, testing requirements, possible restrictions on sensitive network parts, obligations to increase transparency and, in some cases, control in the supply chain all the way to the equipment provider and the subcontractor". (Original version in French by Sophie Petitjean)