The European Union has said member states should be able to use "high risk" suppliers in their 5G networks, so long as key assets are secured.
Member states will have ultimate control over what vendors they can use in their 5G infrastructure, but there's is no blanket ban of suppliers that may be deemed a risk to cyber security.
The move is seen as a way to allow countries to make their own decision as to whether they use Huawei 5G infrastructure technology, despite the US lobbying to ban the Chinese firm's hardware from Western 5G networks.
The "joint toolbox of mitigating measures" has been endorsed by the European Commission, with countries expected to start implementing the security controls by the end of April.
Alongside wider security measures, the document outlines how countries can manage the use of technologies from suppliers deemed "high risk".
The non-binding plans say operators should assess the risk profile of suppliers, apply restrictions for those who raise concerns, and exclude key assets from those suppliers if necessary — in short, it's down to each country to decide whether to allow "high risk" suppliers, so long as they do it with eyes open and take security precautions.
While Huawei isn't named in the document, the EC was widely seen as following the UK's lead when it comes to Huawei, after Britain refused to bow down to US demands to entirely exclude the Chinese networking giant from its 5G network, instead choosing to limit and control its use.
“We are not picking on anybody, we are not ostracizing firms,” said Europe’s industry chief Thierry Breton at a news conference, according to Reuters.
Indeed, the EU advised governments to choose products from a variety of vendors, rather than rely only on a single company. Those suppliers should be judged on technical merit, but possible threats of interference should be considered.
"Assess the risk profile of suppliers," the document says. "As a consequence, apply relevant restrictions for suppliers considered to be high risk — including necessary exclusions to effectively mitigate risks — for key assets defined as critical and sensitive in the EU coordinated risk assessment (e.g. core network functions, network management and orchestration functions, and access network functions)."
While that means Huawei products can be used by European countries, their use could be limited to non-core functions.
“This non-biased and fact-based approach towards 5G security allows Europe to have a more secure and faster 5G network,” Huawei said in a statement sent to Reuters.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2023.