Last week, EU Member States, with the support of the European Commission and ENISA, the EU Agency for Cybersecurity, published a second progress report on the implementation of the EU Toolbox on 5G cybersecurity. The report also addresses some of the recommendations of the European Court of Auditors’ Special Report of January 2022. In complement to the progress report, the Commission adopted a Communication on the implementation of the toolbox by Member States and in the EU’s own corporate communications and funding activities.
As regards strategic measures and in particular enacting restrictions on high-risk suppliers, the progress report records that 24 Member States have adopted or are preparing legislative measures giving national authorities the powers to perform an assessment of suppliers and issue restrictions. Out of them, 10 Member States have imposed such restrictions and 3 Member States are currently working on the implementation of the relevant national legislation. Given the importance of the connectivity infrastructure for the digital economy and dependence of many critical services on 5G networks, Member States should achieve the implementation of the Toolbox without delay.
The Commission underlines in its Communication its strong concerns about the risks posed by certain suppliers of mobile network communication equipment to the security of the Union. The Commission considers that decisions adopted by Member States to restrict or exclude Huawei and ZTE from 5G networks are justified and compliant with the 5G Toolbox. Consistently with such decisions, and on the basis of a broad range of available information, the Commission considers that Huawei and ZTE represent in fact materially higher risks than other 5G suppliers.
Source: European Commission