The EU Parliament recently adopted a resolution calling for concerted action against the threat posed by China’s growing technological presence in the EU as well as the possibility of China gaining access to personal data and telecommunications using embedded backdoors in 5G equipment.
The resolution adopted by members of the EU Parliament could pose further challenges to Huawei's intention to participate in 5G network trials across Europe and could also severely curtail the sale or deployment of IoT devices in the EU by Chinese manufacturers.
When adopting the resolution, MEPs also expressed concern over China using new state security laws that compel "all enterprises to cooperate with the state in safeguarding a very broad definition of national security also outside their own country".
In order to prevent China from gaining access to personal data and telecommunications via 5G equipment deployed by Chinese companies in Europe, MEPs asked member states to provide guidance on how to tackle cyber threats and vulnerabilities when procuring 5G equipment. Various methods to tackle such threats could involve diversification of equipment from different vendors, introducing multi-phase procurement processes and establishing a strategy to reduce Europe’s dependence on foreign cybersecurity technology.
In the draft resolution, EU Parliament noted that 5G networks will be the backbone of EU's digital infrastructure and will bring new benefits and opportunities to society and businesses in many areas, including critical sectors of the economy such as the transport, energy, health, finance, telecoms, defence, space and security sectors.
5G equipment from Chinese firms to be monitored
In the resolution, MEPs also voiced their concerns about third-country equipment vendors that might present a security risk for the EU due to the laws of their country of origin. To support their concerns, they cited the Chinese State Security Laws which impose obligations on all citizens, enterprises and other entities to cooperate with the state to safeguard state security, in connection with a very broad definition of national security.
MEPs expressed "deep concern about the recent allegations that 5G equipment developed by Chinese companies may have embedded backdoors that would allow manufacturers and authorities to have unauthorised access to private and personal data and telecommunications from the EU, and were equally concerned about "the potential presence of major vulnerabilities in the 5G equipment developed by these manufacturers if they were to be installed when rolling out 5G networks in the coming years".
Based on such concerns, MEPs used the resolution to urge the European Commission and member states to empower the European Agency for Network and Information Security (ENISA) to work on a certification scheme for 5G equipment in order to ensure that the rollout of 5G in the Union will meet the highest security standards and will be resilient to backdoors or major vulnerabilities that could endanger the security of telecommunication networks and dependent services.
They also asked the Commission and member states to ensure that organisations in critical infrastructure sectors such as telecoms, energy, health, and social systems will undertake relevant risk assessments that take into account the security threats specifically linked to technical features of the respective system or dependence on external suppliers of hardware and software technologies.