Huawei ducks EU ban, but member states must probe 5G tech

Hacker behind a computer against the EU flag to depict Brexit

The European Union has officially denounced the alleged Huawei security concerns heeded by the US, but is requiring all member states to conduct audits and share the data ahead of an EU-wide investigation later this year.

EU nations must conduct a cyber security risk assessment by the end of June this year related to the risks presented by 5G as a new technology as a whole, and then share the results with the EU.

A bloc-wide assessment will follow with expected results to be gathered by 1 October, after which EU countries will assemble to agree on risk management provisions by the end of the year.

The measures which could be implemented include certification requirements and tests of equipment using standards set out by the EU. After the 1 October deadline, the EU will have a year to decide whether further action must be taken.

Until then, member states are encouraged to make use of the existing cybersecurity tools made available to them and cooperate with each other, sharing key information as and when it comes to light.

"5G technology will transform our economy and society and open massive opportunities for people and businesses," European digital chief Andrus Ansip said. "But we cannot accept this happening without full security built in. It is therefore essential that 5G infrastructures in the EU are resilient and fully secure from technical or legal backdoors."

The US has called upon the world to reconsider allowing Huawei's equipment to form a core component of national telecoms infrastructure, warning that the company colludes with the Chinese government and will implant backdoors in its infrastructure which can be used for state-sponsored cyber espionage.

The US, Australia and New Zealand are the only countries thus far to have completely boycotted the Chinese firm's technology - no EU state has shown a serious inclination towards taking such action.

Vodafone executive Nick Read echoed what was said at Huawei's keynote at MWC 2019, saying that before any other country takes such drastic action against the tech giant, the evidence must be presented - something the US has yet to produce.

"People are saying things at the moment that are not grounded, I'm not saying that is the case for the US because I have not met them directly myself so I have not seen what evidence they have, but they clearly need to present that evidence to the right bodies throughout Europe," said Read.

Regardless, there is clearly a genuine security risk presented by the company's equipment, otherwise, we wouldn't have reports of BT completely excluding Huawei's tech from its 4G infrastructure - nor would GCHQ director Jeremy Fleming officially say that there are issues with tech that the US has completely abandoned.

"We think this is probably the toughest oversight regime in the world. [Huawei has] revealed significant problems with their cyber security practice... which have caused them to commit to a multimillion-pound remedial programme. We've been crystal clear that with Huawei we will not compromise on the improvements we expect," said Fleming.

Despite this, the UK's National Cyber Security Centre (NCSC) has said that the risk presented by Huawei is manageable and the Chinese comapny's technology shouldn't be totally boycotted.

Huawei has described the EU's approach to the risk assessment of its technology as objective and proportionate. The company has also recently opened a cyber security testing facility where industry partners can visit and test Huawei's equipment ahead of its potential use in critical infrastructure.

Connor Jones
News and Analysis Editor

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.