Last modified more than a year ago

European Commission publishes toolbox on 5G risk mitigating measures

European Commission publishes toolbox on 5G risk mitigating measures

3 February 2020

Following a report: ‘EU Coordinated Risk Assessment on Cybersecurity in 5G Networks’ (published in October 2019) where each Member State completed its own national risk assessment of 5G network infrastructures, the European Commission endorsed the joint toolbox of mitigating measures agreed by EU Member States to address security risks related to the rollout of 5G networks on.

The objectives of this toolbox (published on 29 January 2020) are to identify a possible common set of measures which are able to mitigate the main cybersecurity risks of 5G networks, as they have been identified in the EU coordinated risk assessment report, and to provide guidance for the selection of measures which should be prioritised in mitigation plans at national and at European Union level. It does this in order to create a robust framework of measures with a view to ensure an adequate level of cybersecurity of 5G networks across the EU and coordinated approaches among Member States. It includes strategic and technical measures and corresponding actions to reinforce their effectiveness.

While the decision on specific security measures remains the responsibility of Member States, the European Commission will support the implementation of an EU approach on 5G cybersecurity and will act, as requested by Member States, using, where appropriate, all the tools at its disposal to ensure the security of the 5G infrastructure and supply chain:

  • Telecoms and cybersecurity rules;
  • Coordination on standardisation as well as EU-wide certification;
  • Foreign direct investment screening framework to protect the European 5G supply chain;
  • Trade defence instruments;
  • Competition rules;
  • Public procurement, ensuring that due consideration is given to security aspects;
  • EU funding programmes, ensuring that beneficiaries comply with relevant security requirements.

The European Commission is launching relevant actions within its competence and is calling for key measures to be put in place by 30 April 2020.