Conclusions of the Council of the EU on 5G and security-related risks

On 3 December, the Council of the EU released its conclusions on the significance of 5G to the European Economy and the need to mitigate security risks linked to 5G.

Background

In March 2019, the European Commission published a recommendation on cybersecurity for 5G networks. This document lists actions that need to be undertaken by Member States and the EU in order to assess and minimise cybersecurity risks affecting 5G networks. Following this publication, Member States carried out a national risk assessment, that was compiled by the NIS Cooperation Group* last October. In addition, ENISA published a threat landscape for 5G networks.  

*The NIS Cooperation Group is composed of representatives from Member States, the Commission and ENISA.

A comprehensive and common approach is needed

In its recently published conclusions, the Council recalls that 5G is a priority for the European Single market. It underlines that a coordinated approach and an effective implementation of the Commission’s recommendation on cybersecurity for 5G is needed to avoid fragmentation.

Member States highlight that technical risks should be considered but also non-technical factors, such as the legal and policy framework in third countries. It is important to diversify suppliers to avoid or limit the creation of a major dependency on a single supplier.

The Council recommends effective and proportionate security measures that focus on security and privacy by design. It also stresses the need to protect electronic communication networks continuously across their entire lifecycle. Moreover, key components, such as components critical for national security, will only be sourced from trustworthy parties.

Standardisation and certification necessary but not sufficient

The Council underlines the need to put in place robust common security standards -taking into account the international standardisation work- and measures for all relevant manufacturers, electronic communications operators and services providers. The Council also acknowledges the importance of the Cybersecurity Act

However, the Council stresses that “while standardization and certification may be able to address certain security challenges related to 5G networks, additional security measures are required to effectively mitigate the risks.”

Next steps

A toolbox is currently being prepared by the NIS Cooperation Group. The toolbox will provide common methodologies and tools to mitigate risks related to 5G networks. The work on the toolbox should be completed by the end of this year.

Further information: funding for 5G. The European Commission plans to establish a European partnership on Smart Networks and Services under Horizon Europe to promote secure solutions in the field of 5G.

The EU will fund TEN-T projects in EU Member States under the programme Connecting Europe Facility (CEF) to develop 5G cross-border corridors.