The Commission, with the support of EU Member States and ENISA, the EU Agency for Cybersecurity, has published a report, which analyses the impacts of the Commission Recommendation of 26 March 2019 on the Cybersecurity of 5G networks and the progress made in implementing the EU toolbox of mitigating measures since the progress report of July 2020. Based on the findings of the Commission report, a set of concrete actions to continue the coordinated work at EU level on 5G cybersecurity are presented as part of the EU Cybersecurity Strategy for the Digital Decade.

EU citizens and companies using advanced and innovative applications enabled by 5G and future generations of mobile communication networks should benefit from the highest security standard. As follow-up of last year’s EU recommendation on the cybersecurity of 5G networks,the  EU Toolbox adopted in January 2020 sets out a comprehensive and objective risk-based approach to 5G cybersecurity .

As a result of its review of the Recommendation, the Commission found that most Member States are well on track to implement a significant part of the measures recommended in the Toolbox in the near future.
Going forward, the Commission calls on Member States to complete the implementation of these measures by the second quarter of 2021 and to ensure that identified risks have been mitigated adequately and in a coordinated way, in particular with a view to minimise the exposure to high risk suppliers and of avoiding dependency on these suppliers.

Indeed, in October, the European Council called on Member States ‘to make full use of the 5G cybersecurity toolbox adopted on 29 January 2020, and in particular to apply the relevant restrictions on high-risk suppliers for key assets defined as critical and sensitive in the EU coordinated risk assessments, based on common objective criteria”.

Next Steps

As regards next steps, the EU Cybersecurity Strategy details the way forward and proposes a set of concrete actions, categorised by key objectives, to continue the coordinated work at EU-level. These objectives consist of ensuring further convergence in risk mitigation approaches across the EU, supporting continuous exchange of knowledge and capacity building, and promoting supply chain resilience and other EU strategic security objectives.

Useful links



Related documents: