Source: European Parliament
1. The EU toolbox on 5G cybersecurity of 23 January 2020[1] (the ‘5G Toolbox’) was adopted by the Network and Information Systems (NIS) Cooperation Group (composed of representatives of the Member States, the Commission and the EU Agency for cybersecurity — ENISA) and endorsed by the European Council[2] and the Commission[3]. On 15 June 2023, the NIS Cooperation Workgroup published the second progress report on the implementation of the 5G Toolbox[4]. This report recorded that 24 Member States had adopted or were preparing legislative measures giving national authorities the powers to perform an assessment of suppliers and impose restrictions, concluding that Member States should achieve the implementation of the 5G Toolbox without delay.
In complement to the progress report, the Commission adopted a communication[5] where it underlined strong concerns about the risks posed by certain suppliers of mobile network communication equipment to the security of the EU.
2. Imposing restrictions is a process decided by each Member State. In assessing the risk profile of suppliers, Member States consider the objective criteria recommended in the 5G toolbox. 5G suppliers exhibit differences in their characteristics, in particular as regards their likelihood of being influenced by specific third countries which have security laws and corporate governance that are a potential risk for the security of the EU.
3. As imposed restrictions are decided by Member States, the Commission cannot be involved in possible requests for compensation from operators. At the same time, the Commission considers that decisions adopted by Member States to restrict or exclude certain suppliers from 5G networks are justified and compliant with the 5G Toolbox[6].
- [1] https://digital-strategy.ec.europa.eu/en/library/cybersecurity-5g-networks-eu-toolbox-risk-mitigating-measures
- [2] https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32023H0120(01)
- [3] Communication of the Commission of 29 January 2020, COM(2020) 50 final.
- [4] https://digital-strategy.ec.europa.eu/en/library/second-report-member-states-progress-implementing-eu-toolbox-5g-cybersecurity
- [5] Communication of the Commission of 15 June 2023 on the implementation of the 5G cybersecurity toolbox, C(2023) 4049 final.
- [6] Idem.