Discordant rules among EU countries over the vetting of suppliers of 5G technology pose a security risk to the bloc, the European Court of Auditors (ECA) said in a report Monday (24 January).
“Six of the eight largest vendors including Huawei and Samsung are not based in the EU. This means that the legislation in non EU countries can differ significantly from the EU standards for example in terms of personal data protection,” the report’s lead author, Annemie Turtelboom, told journalists.
She gave the example of Sweden, which bans Chinese vendors such as Huawei from its telecom infrastructure, while Germany does not.
“Little publicly available information exists on how EU countries approach security matters, in particular the issue of high-risk vendors” in their 5G roll-out, the ECA said in a statement.
“This makes it difficult for member states to take a concerted approach” and for the European Commission to propose harmonised policies to improve the situation, it said.
It noted that a “toolbox” the Commission and EU countries adopted two years ago meant to protect the bloc’s 5G networks from espionage or sabotage yielded only non-binding rules and were insufficiently clear where it came to defining and restricting “high-risk vendors”.
5G, which allows data transfers up to 100 times faster than current 4G networks used for mobile telephones, holds the promise of ultra-connected societies, where household and commercial apparatuses are linked through the Internet of Things and advances such as remote surgery become possible.
Huawei is a leading provider of 5G tech, but its penetration into Western markets has been curtailed by a US-led campaign that highlights a danger of China clandestinely getting access to data passed through its network products.
EU countries – several of which are rallying around a bid for “strategic autonomy” in technology and other spheres – have become increasingly wary of using tech from Huawei or other non-EU vendors that may not comply with EU data protection laws.
The ECA noted that, of the eight main 5G tech providers to the EU, six of them were based outside the European Union.
“So far, the Commission has not assessed the potential impact of a member state building its 5G networks using equipment from a vendor considered to be high-risk in another member state,” the ECA statement said.
“Such a scenario could impact cross-border security and even the functioning of the EU single market itself.”
The ECA – an EU institution tasked with scrutinising how EU money is spent – recommended that the Commission survey the different approaches by member states and evaluate how their divergent polices could affect the single market.
It also urged “new impetus” in rolling out 5G in the 27-nation bloc, underlining that most member states were unlikely to meet the Commission’s target of having 5G available in all cities by 2025.
That could slow 5G’s potential to add 7.5% to EU countries’ gross domestic product between 2021 and 2025, equivalent to “up to one trillion euros”.