Every day, there is more news about the security of fifth generation telecommunications infrastructure. Following last week's European risk assessment, the Finnish Presidency of the Council of the EU shared with the Member States on Tuesday 15 October a draft of non-public conclusions, in particular on the "need to mitigate risks" (see EUROPE 12345/1).
The same day, the German Network Agency (BNetzA) officially published its draft new security requirements for German telecommunications networks, which specifies that all manufacturers and suppliers of network components must demonstrate their "reliability" through certification procedures, without, however, explicitly prohibiting Huawei or any other supplier.
Meanwhile, the rhetoric continues between the US and China: while the former was summoning journalists to an audio conference on 15 October, Chinese equipment manufacturer Huawei was organising a conference at the European Parliament to convince Member States of its good faith.
EU Council conclusions in December
The Finnish Presidency of the Council of the EU has submitted draft conclusions to the Member States entitled 'The importance of 5G for the European economy and the need to mitigate the security risks associated with 5G’. The document, seen by EUROPE, will be discussed by Member State experts on 22 October, with a view to adoption by the Telecommunications Council on 3 December.
The draft text recognises that risk assessments should take into account technical and non-technical factors and that 5G networks should be protected throughout their life cycle to cover the entire supply chain and all relevant equipment (network design, development, acquisition, deployment, operation and maintenance of networks). It therefore calls for common and robust standards and security measures "for all manufacturers and service providers". It adds that trust in 5G technologies underpins respect for European values such as "human rights and fundamental freedoms, the rule of law, as well as commitments to transparency, reliability and inclusion of all actors and increased international cooperation".
To note also is Germany's choice not to exclude Huawei from the 5G market, but rather to opt for stricter safety criteria. The BNetzA project, unveiled on 15 October, is open for consultation until 13 November (see EUROPE 12348/33).
The ultra-mobilised United States....
At a press conference on 15 October, US Deputy Assistant Secretary of State Robert Strayer, Coordinator for International Information Programmes welcomed the European approach and, in particular, the joint risk assessment targeting actors supported by a third country (see EUROPE 12345/1). He reiterated to Europeans that it was not enough to simply test and evaluate the software or equipment, but that it was also necessary to take into account the ability of an original equipment manufacturer (OEM) to insert malicious codes into the system software. He also raised the following questions, all the while refusing to let a company answer them on its own: is a company established in a country where the rule of law and an independent judiciary are in place? Does it have a transparent ownership structure and historically ethical behaviour?
Defending himself from any spin, however, the under-secretary reiterated his threats against Germany: "We want to continue to maintain important information and intelligence-sharing relationships with governments like Germany. To do this, we must ensure that we have only trusted providers on 5G networks. So if unreliable technology is deployed in their 5G networks, we will have to reassess how we share information with countries like Germany," he said.
... and Huawei, too
But the Chinese equipment manufacturer is not to be outdone: after announcing the deployment of 400,000 5G antennas to 56 operators, as well as a 24.4% increase in revenue over the first nine months of the year, Huawei took part, on the evening of 16 October, in a debate on 5G in Europe at the European Parliament. MEPs Bill Newton Dunn (Renew Europe, UK), Franc Bogovič (EPP, Slovenia), Maria Grapini (S&D, Romania) and Jan Zahradil (ECR, Czech) were presented as co-organisers of the event, which was standing room only.
Although other equipment manufacturers were present, it was Huawei that attracted the most attention, with an opening speech by its representative to the European institutions. "5G is like a tree, but you have to think that behind it is a whole forest full of potential. And we have something to offer Europe in this respect", said Abraham Liu, praising the collaboration "for over 20 years" between Europe and Huawei. When asked about US concerns, he replied: "Huawei is a private company. (...) The cornerstone of our operations is full compliance with local laws wherever we operate. We have never received any instructions to leak data. We have no reason to do something like that. Any stray step would be suicide”.
For his part, UEAPME’s General Director, Luc Hendrickx, called for a sufficient level of competition to be maintained: "Building walls around a European fortress is not a solution. It is important to have a choice”.
Earlier on, the equipment manufacturer had also welcomed, through various press releases, the European risk study and the German measures. (Original version in French by Sophie Petitjean)