The European Commission (EC) published a slate of recommendations designed to ensure security of 5G infrastructure in member states, while placing the onus on individual countries to assess the role of the vendors involved in supplying core network equipment.

In its EU Toolbox for 5G Security, the EC calls on regulators to ensure they have powers in place to impose tight rules on mobile operators in relation to the make-up of their supply chains. Specifically, it wants national authorities to assess the risk profiles of vendors, impose restrictions for those deemed high risk and exclude specific companies from supplying “key assets” to networks.

It recommends individual operators limit dependency on any one supplier with a multi-vendor strategy in place, similar to policies outlined by the UK yesterday.

The EC document also provides detailed guidelines for mitigating specific risks in 5G and provides an overview of key strategic and technical measures for use by member states.

European Commissioner Margaritis Schinas said: “A genuine security union is one which protects Europe’s citizens, companies and critical infrastructure. 5G will be a ground-breaking technology, but it cannot come at the expense of the security of our internal market.”

“The toolbox is an important step in what must be a continuous effort in the EU’s collective work to better protect our critical infrastructures.”

Coordinated approach
Its latest document was compiled as part of a wider plan to ensure 5G network security commenced in March 2019, which provides best practice information for countries, but does not impose legally-binding rules.

However, in a statement, the EC said all member states had agreed to take steps as outlined in the toolbox by 30 April, with status reports on each country’s progress due by 30 June.

Under EU rules national security matters fall under the remit of individual countries, but the EC is pushing for a coordinated approach for 5G.