EU Member States Complete National 5G Risk Assessments

Following the recommendations of the European Commission, 24 EU Member States have completed the first step for a common European approach to the security of 5G networks. The national risk assessments feed into the next phase which is an EU-wide risk assessment to be completed by 1 October.

The national risk assessments include an overview of:

• the main threats and actors affecting 5G networks
• the degree of sensitivity of 5G network components and functions as well as other assets
• various types of vulnerabilities, including technical ones and those potentially arising from the 5G supple chain

Next steps

Using the information received, the EC along with the EU Agency for Cybersecurity (ENISA), will prepare a coordinated EU-wide risk assessments by 1 October 2019. Additionally, ENISA will be analysing the 5G threat landscape as supplemental input. By 31 December 2019, the NIS Cooperation Group that leads the cooperation effort along with the EC will develop and agree on a toolkit of mitigating measures to address the risks identified in the risk assessments at the Member State and EU level. Following the Cybersecurity Act introduced at the end of June, the Commission and ENISA will set up an EU-wide certification framework. Members States are encouraged to work with the EC and ENISA to prioritise a certification scheme covering 5G networks and equipment. By 1 October 2020, Member States should assess in cooperation with the Commission the effects of measures taken to determine whether there is a need for further action.

Read more about the press release here.