The security of 5G networks is essential. They are critical infrastructures in their own right and for other sectors that depend on them, such as energy, transport, health and finance.
This is why, in January 2020, the EU unanimously adopted a toolbox on the security of 5G networks. The "5G cybersecurity toolbox" defined the risks and the measures to be taken by Member States and telecoms operators to address them.
In particular, it recommended that the use of equipment in the core and access (RAN) parts of the networks should be restricted or prohibited for entities considered to be "high-risk suppliers", notably because they are subject to highly intrusive third-country laws on national intelligence and data security.
3 years on, almost all Member States have transposed the toolkit's recommendations into their national law. In other words, they can now decide to restrict or exclude suppliers on the basis of security risk analysis. But to date, only 10 of them have used these prerogatives to restrict or exclude high-risk vendors.
This is too slow, and it poses a major security risk and exposes the Union's collective security, since it creates a major dependency for the EU and serious vulnerabilities.
Today, Member States have unanimously agreed the second report on the implementation of the 5G security toolbox. We welcome this report. On that basis, the Commission has just published a communication confirming that the decisions taken by certain Member States to restrict or exclude completely Huawei and ZTE from their 5G networks are justified and in line with the toolbox.
We will continue to work with determination with the Member States that are lagging behind and the telecommunications operators. I can only emphasise the importance of speeding up decisions to replace high-risk suppliers from their 5G networks. I have also reminded the telecoms operators concerned that it is time to get to grips with this issue.
For our part, the Commission will implement the 5G toolbox principles to its own procurement of telecoms services, to avoid exposure to Huawei and ZTE. We will also take into account the toolbox and the assessment in the report when allocating EU funding throughout our programmes.
We have been able to reduce or eliminate our dependencies in other sectors such as energy in record time, when many thought it was impossible. The situation with 5G should be no different: we can't afford to maintain critical dependencies that could become a "weapon" against our interests. That would be too critical a vulnerability and too serious a risk to our common security. I therefore call on all EU Member States and telecom operators to take the necessary measures without further delay.
Because the security of 5G networks is essential for the development of applications in the Internet of Things, which are part of our everyday lives. And because it is also a major issue for our economic security and sovereignty.
