(Reuters) — Germany has finalized rules for the build-out of 5G mobile networks that, in a snub to the United States, will not exclude China’s Huawei Technologies.
Government officials confirmed that Germany’s so-called security catalog foresaw an evaluation of technical and other criteria but that no single vendor would be barred, in order to create a level playing field for equipment vendors.
“We are not taking a preemptive decision to ban any actor, or any company,” German government spokesperson Steffen Seibert said in a news conference in Berlin on Monday.
The United States has piled pressure on its allies to shut out Huawei, a leading telecoms equipment vendor with a global market share of 28%, saying its gear contained “back doors” that would enable China to spy on other countries.
German operators are all customers of Huawei and have warned that banning the Chinese vendor would add years of delays and billions of dollars in costs to launching 5G networks.
The Shenzhen-based company has denied the allegations from officials in Washington, D.C., who imposed export controls on Huawei in May, hobbling its smartphone business and raising questions over whether the Chinese company can maintain its market lead.
Ground rules confirmed
Officials said Germany’s security catalog was due to be published shortly, confirming an earlier decision to keep a level playing field for suppliers to next-generation networks that will power ultra-fast mobile broadband services or run smart factories, offices, and cities.
With billions of devices, sensors, and cameras expected to be hooked up, 5G networks will be far more ubiquitous than their predecessors. At the same time, the fact that 5G networks rely more on software that can be easily updated makes it harder to keep track of cyber threats.
The German rules come after the European Union last week warned of the risk of increased cyber attacks on 5G networks by state-backed actors. A report compiled by member states stopped short, however, of singling out China as a threat.
Network operators Deutsche Telekom, Vodafone, and Telefonica Deutschland would be required to identify and apply enhanced security standards to critical network elements, the Handelsblatt daily reported earlier, citing the draft rulebook.
More broadly, vendors should be certified as trustworthy, giving customers legal recourse to exclude them and seek damages if proof is found that equipment had been used for spying or sabotage.
Certification of critical equipment would meanwhile have to be obtained from Germany’s cybersecurity authority, the Federal Office for Information Security (BSI).
Those requirements were in line with key ground rules set back in March, ahead of the drafting of the full set of rules by the Federal Network Regulator (BNetzA) and the BSI.