The Parliament said European states should develop guidance on how to tackle cyber threats when procuring 5G equipment
The European Parliament has passed a resolution calling for the European Union to take action on potential security threats linked to China’s growing technological presence in Europe, the body said in a statement.
In particular, the members of the European Parliament (MEPs) want the European Commission and EU states to develop guidance on how to tackle any cyber threats and vulnerabilities when procuring 5G equipment, by diversifying equipment from different vendors, introducing multi-phase procurement processes and establishing a strategy to reduce Europe’s dependence on foreign cybersecurity technology.
On Tuesday, MEPs adopted the EU Cybersecurity Act, which establishes the first EU-wide cybersecurity certification scheme to ensure that certified products, processes and services sold in EU countries meet cybersecurity standards.
MEPs also expressed concern about recent allegations that 5G equipment may have embedded backdoors that would allow Chinese manufacturers and authorities to have unauthorized access to private and personal data and telecommunications in the EU. MEPS also cited concerns that third-country equipment vendors might present a security risk for the EU, due to the laws of their country of origin obliging all enterprises to cooperate with the state in safeguarding a very broad definition of national security also outside their own country.
MEPs urged the Commission to mandate the EU Cybersecurity Agency, ENISA, to work on a certification scheme ensuring that the rollout of 5G in the EU meets the highest security standards.
The EU Cybersecurity Act, which is already informally agreed upon by member states, underlines the importance of certifying critical infrastructure, including energy grids, water, energy supplies and banking systems in addition to products, processes and services. By 2023, the Commission shall assess whether any of the new voluntary schemes should be made mandatory.
The Cybersecurity Act also provides for a permanent mandate and more resources for ENISA.
““This significant success will enable the EU to keep up with security risks in the digital world for years to come,” said Rapporteur Angelika Niebler. “The legislation is a cornerstone for Europe to become a global player in cyber security. Consumers, as well as the industry, need to be able to trust in IT-solutions.”
The Council now has to formally approve the Cybersecurity Act. The regulation will enter into force 20 days after it is published.
Also, the resolution on Chinese IT presence in the EU will be sent to the Commission and to member states.
