At present, the EU risk management toolbox outlines specific measures regulating the security of 5G in the EU. The measures in the toolbox are non-binding but were agreed by EU member states within the NIS Cooperation Group.

The NIS Cooperation Group was formed under the Directive on the Security of Network and Information Systems (NIS) to facilitates the strategic exchange of information between member states, e.g. on cyber threats. The Group also includes a dedicated work stream to address 5G network security across the EU. 

The European Electronic Communications Code (EECC, articles 40 and 41) remains the only legally binding act (until the NIS2 comes into effect) that imposes baseline security requirements on all telecoms networks and services, including fixed networks and 5G networks.

A key measure in the toolbox asks member states to assess the risk profile of 5G equipment vendors and restrict or ban suppliers which pose a security threat (high risk vendors or HRVs) from providing 5G critical assets.

On 15 June 2023, the NIS Cooperation Group published a report on member states’ progress in implementing the toolbox.

The report warned that member states are not restricting HRVs. It called on member states to do so “without delay”, including in the radio access network (RAN).

The same report suggested that the European Commission could consider EU-binding measures to secure 5G.

Our new cheat sheet provides an overview of how 5G security is being regulated in the EU. It also includes new actions that could be taken at an EU level to secure 5G networks.

For a free download of our cheat sheet, please click on the below button.
Clients of our European Digital Economy service, can also access it directly on our client portal via "Access the ful content".