EU Continues Efforts to Enhance 5G Network Security: A Look at Progress Report

The European Commission, in collaboration with EU Member States and ENISA, releases an update on the advancement of the EU Toolbox implementation on 5G cybersecurity. The report details the adoption of legislative measures by member states, the risks posed by specific 5G suppliers, and the importance of swift implementation to ensure robust cybersecurity
EU Continues Efforts to Enhance 5G Network Security: A Look at Progress Report

The European Union, along with its Member States and ENISA, the EU Agency for Cybersecurity, have presented the second progress report concerning the ongoing implementation of the EU Toolbox on 5G cybersecurity. This report not only reflects the efforts made since the inception of the project but also encompasses several recommendations outlined in the Special Report by the European Court of Auditors issued in January 2022. In parallel to the progress report, the Commission has also endorsed a Communication, serving as a complement to the report, which elaborates on the application of the toolbox by the Member States and within the EU’s internal communication and funding activities.


The progress report emphasizes strategic measures that have been initiated, particularly focusing on the enforcement of restrictions on high-risk suppliers. Currently, 24 Member States are either in the process of or have already adopted legislative measures that provide national authorities with the power to assess and issue restrictions on suppliers. Out of these, ten have already implemented such restrictions, and three are engaged in facilitating the enactment of the relevant national legislation. Given the importance of the connectivity infrastructure for the digital economy and the dependence of many critical services on 5G networks, it is essential that the Member States expedite the complete implementation of the Toolbox without delay.

The Commission’s Communication brings to light, strong concerns about the risks posed by specific mobile network communication equipment suppliers to the security of the Union. The Commission considers that decisions adopted by Member States to restrict or exclude Huawei and ZTE from 5G networks are justified and compliant with the 5G Toolbox. The Communication indicates that, based on a broad spectrum of available information, the Commission considers that Huawei and ZTE represent materially higher risks than other 5G suppliers.

The Commission underscores that the security of 5G networks is a top priority, serving as an essential component of its Security Union Strategy. As those networks are central to infrastructure, they provide the bedrock for a wide range of services essential for the functioning of the internal market, as well as the maintenance and operation of vital societal and economic functions. The issue of 5G network security is pivotal to the Union’s sovereignty, strategic autonomy, and resilience.

The Commission also appeals to Member States that have yet to adopt the Toolbox, urging them to enact relevant measures as recommended in the EU Toolbox, to effectively and promptly address the risks posed by the identified suppliers.

As part of its corporate cybersecurity policy, the Commission will implement measures to avoid exposure of its corporate communications to mobile networks that use Huawei and ZTE as suppliers. Moreover, it will take relevant security measures to avoid procuring new connectivity services that rely on equipment from those suppliers and will work with Member States and telecom operators to ensure these suppliers are gradually phased out from existing connectivity services at Commission sites.

The second progress report reflects that a vast majority of Member States have reinforced or are in the process of bolstering security requirements for 5G networks based on the EU Toolbox. However, despite the progress made, the report acknowledges that this situation creates a clear risk of persisting dependency on high-risk suppliers in the internal market, potentially leading to serious negative impacts on security for users and companies across the EU and the EU’s critical infrastructure.

The EU Toolbox on 5G cybersecurity, published in January 2020 by Member States’ authorities with the support of the Commission and ENISA, aims to mitigate risks related to the cybersecurity of 5G networks. The first report on Member States’ progress was published in July 2020. Many Member States had already adopted or were well advanced in the preparation of more advanced security measures for 5G cybersecurity.


Recent Content

Twelve major European telecom providers, including Vodafone and Deutsche Telekom, have jointly urged the EU to allocate the full upper 6GHz band (6.425–7.125 GHz) for mobile use, citing the spectrum’s critical role in future 6G deployment. With the U.S. and China already advancing in this area, operators warn that delays could jeopardize Europe’s digital leadership and hinder next-generation connectivity infrastructure.
Dirty data in data centers undermines everything from AI accuracy to energy efficiency. With poor metadata, data drift, and dark data hoarding driving up costs and emissions, organizations must adopt DataOps, metadata tools, and a strong data culture to reverse the trend. Learn how clean data fuels smarter automation, compliance, and sustainability.
The telecom industry in 2025 is undergoing a major transformation, driven by artificial intelligence (AI), cloud growth, next-gen cellular networks, and national data sovereignty. AI is reshaping cellular infrastructure, enhancing spectrum efficiency through innovations like ELAA (Extremely Large Aperture Arrays), and enabling smarter, adaptive networks.
Vodafone is expanding its role in the UK smart metering upgrade by providing fixed-line connectivity between energy suppliers and the Data Service Platform (DSP). This move complements its existing mobile network role and positions Vodafone as a critical telecom partner in the UK’s digital energy transition, helping to advance national net-zero and smart grid goals.
Financial institutions are adopting artificial intelligence (AI) to navigate complex regulations, transforming compliance into a competitive advantage. AI’s ability to process vast amounts of data quickly is proving transformative in meeting these challenges, automating tasks and improving efficiency. This shift allows compliance professionals to focus on strategic initiatives while ensuring regulatory compliance.
The recent SK Telecom data breach, termed the industry’s worst by CEO Ryu Young-sang, led to a massive customer exodus and highlighted urgent cybersecurity needs. With 70,000 users lost, the telecom giant faces financial and legal challenges, emphasizing the critical role of robust data security measures.
Whitepaper
As VoLTE becomes the standard for voice communication, its rapid deployment exposes telecom networks to new security risks, especially in roaming scenarios. SecurityGen’s research uncovers key vulnerabilities like unauthorized access to IMS, SIP protocol threats, and lack of encryption. Learn how to strengthen VoLTE security with proactive measures such as...
Whitepaper
Dive into the comprehensive analysis of GTPu within 5G networks in our whitepaper, offering insights into its operational mechanics, strategic importance, and adaptation to the evolving landscape of cellular technologies....

It seems we can't find what you're looking for.

Download Magazine

With Subscription

Subscribe To Our Newsletter

Scroll to Top