Huawei slams EU high-risk supplier claims as against principles of free trade

Huawei has made a strong response against comments made by the European Commission (EC) – confirming that the decisions taken by certain EU Member States to restrict or exclude technology from the comms tech giant and fellow Chinese company ZTE from their 5G networks are justified and in line with the EC’s technology toolbox – noting that the remarks are clearly not based on a verified, transparent, objective and technical assessment of 5G networks.

In a speech made on 13 June, European commissioner for the internal market Thierry Breton assessed the January 2020 adoption by the EU of a toolbox on the security of 5G networks following a call from the European Council, where the EC gave a recommendation on the cyber security of 5G networks calling on member states to complete national risk assessments, review their measures, and work together on a coordinated risk assessment and common toolbox of mitigating measures.

The toolbox was designed to address all risks identified in the EU’s coordinated assessment, including risks related to non-technical factors, such as the risk of interference from non-EU state or state-backed actors through the 5G supply chain with the 5G cyber security toolbox in particular defining the risks and measures to be taken by Member States and telecoms operators to address them, including strategic and technical measures and corresponding actions to reinforce their effectiveness.

These were said to be calibrated based on objective factors. In particular, it recommended the use of equipment in the core and access (RAN) parts of the networks should be restricted or prohibited for entities considered to be “high-risk suppliers”, notably because they are subject to highly intrusive third-country laws on national intelligence and data security.

In his speech, Breton noted that three years on, almost all Member States have transposed the toolkit’s recommendations into their national law. In other words, they can now decide to restrict or exclude suppliers on the basis of security risk analysis. However, to date, only 10 of them have used these prerogatives to restrict or exclude high-risk suppliers. This, Breton stressed, was too slow, and he asserted that it posed a major security risk exposing the EU’s collective security as it created a major dependency for the EU and serious vulnerabilities.

“We have been able to reduce or eliminate our dependencies in other sectors such as energy in record time, when many thought it was impossible,” he said. “The situation with 5G should be no different: we cannot afford to maintain critical dependencies that could become a ‘weapon’ against our interests.

“That would be too critical a vulnerability and too serious a risk to our common security,” added Breton. “Because the security of 5G networks is essential for the development of applications in the internet of things, which are part of our everyday lives. And because it is also a major issue for our economic security and sovereignty. We will continue to work with determination with the Member States that are lagging behind and the telecommunications operators. I can only emphasise the importance of speeding up decisions to replace high-risk suppliers from their 5G networks. I have also reminded the telecoms operators concerned that it is time to get to grips with this issue.”

Breton called on all EU Member States and telecom operators to take the necessary measures without further delay. He expressly called out Huawei and ZTE, and confirmed the Commission would implement the 5G toolbox principles to its own procurement of telecoms services, to avoid exposure to the two Chinese firms. He added that the EC would also take into account the toolbox and the assessment in the report when allocating EU funding throughout the programmes.

Reacting to Breton’s statement, Huawei said it understood the EC’s concern to protect cyber security in the EU. However, it warned that restrictions or exclusions based on what it said were discriminatory judgments would pose serious economic and social risks, hampering innovation and distorting the EU market. Huawei cited an Oxford Economics report calculating that excluding the company technology from mobile infrastructures could increase 5G investment costs by up to tens of billions of euros, and it will have to be paid by European consumers.

In a statement given to Computer Weekly, Huawei said publicly singling out an individual entity as a high risk vendor (HRV) without legal basis was against the principles of free trade.

“It is of paramount importance to emphasise that the discriminatory HRV assessment shall not be applied to any vendor without justified procedure and adequate hearing,” it noted. “As an economic operator in the EU, Huawei holds procedural and substantial rights and should be protected under the EU and Member States’ laws, as well as their international commitments.

“Cybersecurity is Huawei’s top priority,” it continued. “Huawei has opened a Cyber Security Transparency Centre in Brussels. This centre is open to customers and independent third-party testing organisations. They are invited to perform fair, objective and independent security tests and verifications according to industry-recognised cyber security standards and best practices. We remain committed to delivering globally certified and trusted products and services, connecting millions of Europeans.”