A total 24 of the EU's 28 member states have completed national risk assessments on the security of 5G networks. The European Commission said it will use the input to develop a harmonised approach to 5G networks for the EU by the end of the year.
The Commission asked in March for all 28 states to conduct their own investigations into 5G security, following pressure from the US to exclude certain Chinese suppliers of network equipment due to concerns they could be used by the Chinese government for spying. The European Council agreed to develop a common approach for the EU, based on the input from the 28 member states.
National risk assessments include an overview of the main threats and actors affecting 5G networks; the degree of sensitivity of 5G network components and functions as well as other assets; and various types of vulnerabilities, including both technical and other types of vulnerabilities, such as those potentially arising from the 5G supply chain. The work on national risk assessments involved a range of actors, including cybersecurity and telecommunication authorities and security and intelligence services.
Based on the information received, the Commission and the EU Agency for Cybersecurity (Enisa) will prepare a coordinated EU-wide risk assessment by 1 October. In parallel, Enisa is analysing the 5G threat landscape as an additional input.
By the end of this year, the Commission will develop with the NIS Cooperation Group, which unites member states working on network security, a toolbox of mitigating measures to address the risks identified in the risk assessments at country and EU level.
Following the recent entry into force of the Cybersecurity Act at the end of June, the Commission and Enisa are also setting up an EU-wide certification framework for ICT equipment. The EU states have been encouraged to cooperate and to prioritise a certification scheme covering 5G networks and equipment.
