5G networks are a key asset for Europe as it hopes to become a global leader in the cellular network technology sector as fifth-generation mobile networks become the backbone for a wide range of services that will be pivotal for the digital economy in the coming years, including the energy, transport, banking, and health sectors.

A negative consequence of the oversaturation of society to 5G networks will inevitably increases exposure to cybersecurity vulnerabilities. The European Union has warned that 5G networks could be left open to attack from state-backed hackers if operators use too many parts from a single supplier.

In March, the European Commission recommended that the bloc take decisive steps towards properly assessing and eliminating the cybersecurity risks that already exist for 5G networks. This would give the EU the opportunity to safeguard its own technology and guarantee that the hardware used for the roll-out of the 5G networks will no be compromised by suppliers tied to governments that lack democratic checks and balances.

“In this context of increased exposure to attacks facilitated by suppliers, the risk profile of individual suppliers will become particularly important,” EU officials said in a statement.

The EU’s top security official Julian King told reporters that the decision not to name problematic suppliers was not “ducking the issue.” Instead, he said the report would empower EU countries to make informed choices.

King’s reference to unnamed suppliers concerned evidence provided by the US which says that China’s telecommunications giant Huawei manufactures and develops products that pose a national security risk because they could be used by the Chinese intelligence services for carrying out espionage activities.

According to the EU’s latest report, Europe remains highly exposed to problems concering users’ confidentiality and integrity. Furthermore, the EU still must contend with its dependency on third parties that build and operate 5G networks. The technical vulnerabilities of those networks include poor software development and unreliable supply-chains. 

Europe has so far resisted pressure from the US to ban Huawei products, but Brussels is conducting a wider security review due by the end of December that will include steps to safeguard 5G networks. Although China is mentioned as an “Organisational Partner” in the EU’s latest assessment, the bloc has classified China as a risky individual supplier.

Huawei is the world’s biggest maker of telecom network gear and a major investor in Europe. Washington believes that Huawei uses its infrastructure and equipment to actively spy on individuals while in the service of the ruling Chinese Communist Party.

Though the EU did not specifically single-out Huawei, Brussels did cite a possible risk scenario in which a hostile state actor pressures a supplier under its jurisdiction to provide access to sensitive network assets through either purposefully or unintentionally embedded vulnerabilities.

“Hostile third countries may exercise pressure on 5G suppliers in order to facilitate cyberattacks serving their national interests,” the report said.

American officials have briefed the 28 individual governments of the EU as each carried out national risk assessments for the bloc-wide report, said Minna Kivimaki, the deputy permanent representative from Finland, which holds the rotating EU presidency, without providing more details.

King added that Europe wants to make a detailed, step-by-step, risk-based analysis before it draws a final conclusion on whether companies like Huawei, which have close ties to the Chinese government, pose a major security threat to the EU.