The European Commission published on 29 January 2020 the 5G risk management toolbox, which lists measures to mitigate the security threats associated with 5G networks.

Member states are not required to implement all the measures recommended in the toolbox. Depending on national circumstances and the security requirements already in place, each member state will itself decide on the suitability of the measures to be adopted.

The European Commission calls on member states to complete the implementation of the measures recommended in the toolbox by 2Q 2021.

Cullen International’s new benchmark provides an overview of national initiatives addressing 5G cybersecurity in EU member states, the UK, Norway and Switzerland. These initiatives include new security requirements for 5G technologies, as well as specific actions taken by European countries to transpose the key security measures recommended in the 5G toolbox. The benchmark also looks at whether the studied countries have established criteria to define high risk vendors (HRVs).

The research finds that nearly all European countries have adopted or are in the process of adopting security measures addressing 5G networks. However, the measures taken to secure 5G networks differ significantly among the countries observed.

Most European countries have established criteria to define HRVs. Common criteria include:

• equipment suppliers being subject to interference by a non-EU country or state-backed actors;
• transparency of the supplier’s ownership and governance structure; and
• the supplier’s overall cybersecurity practices as well as compliance with EU privacy regulations.

Sweden and the UK remain the only countries to impose explicit bans on the use of 5G equipment supplied by Chinese vendors Huawei and ZTE.

For more information or a demo of the benchmark, please click on “Request Access” or on “Access the full content” in case you are subscribed to our European Digital Economy service.