The European Union laid out a broad strategy aimed at ensuring its future 5G networks are secure from cyber threats, but stopped short of meeting U.S. demands for a ban on Huawei Technologies Co.
The U.S. has been pressuring European allies to bar Huawei equipment from telecommunications networks amid concerns Chinese companies could be forced to facilitate espionage by Beijing -- accusations both Huawei and the Chinese embassy in the EU have denied. In the recommendation published Tuesday, the European Commission, the bloc’s executive body, left the decision in the hands of the member states.
"We’re not talking about bans today, what we’re talking about is a process that will be based on a thorough analysis of the risks and vulnerabilities," European Security Commissioner Julian King said at a press conference in Strasbourg, France.
The EU gave member states until July 15 to report back after carrying out risk assessments of 5G network infrastructure in their individual countries. By the end of December, the countries will need to collectively agree on any EU-wide measures, such as certification requirements, tests or identifying suppliers considered "non-secure." Countries retain the right to ban companies from their markets for national security reasons.
In a statement reacting to the EU’s announcement, Huawei said it "welcomes the objective and proportionate approach of the European Commission’s recommendation on 5G security," adding that it "understands the cybersecurity concerns that European regulators have."
As Europe seeks to balance concerns about growing Chinese influence with aims to increase business with the region’s second-biggest trading partner, no European countries currently have Huawei bans in the works. Germany and France have proposed tighter security rules for data networks rather than outlawing Huawei, while the U.K.’s spy chief has indicated that a ban is unlikely.
Still, King stressed that after European member states exchange information about 5G risks, one of their agreed measures could include identifying products, services or suppliers that are considered potentially not secure. "That is envisaged as a possible outcome conclusion of this process," he said. Read more