The European Parliament adopted rules designed to reinforce cybersecurity in the European Union (EU), while also expressing concern about the growing influence of Chinese IT suppliers in the market.
The Parliament adopted the Cyber Security Act initially proposed by European Commission (EC) President Jean-Claude Juncker in his State of the Union address in September 2017.
Among the provisions is a strengthened role for the European Agency for Network and Information Security (ENISA) and the creation of a common certification framework for IT services, systems and equipment.
In 2018, the EC proposed the creation of a network of centres of cybersecurity expertise to reinforce research and deployment of new capabilities in the EU. Under the next long-term budget, the EC has proposed investment of more than €2 billion to reinforce cybersecurity in the Digital Europe Programme along with the Horizon Europe scheme, with €63.5 million invested as groundwork in four pilot projects.
Members of the European Parliament also noted “deep concern about recent allegations that 5G equipment may have embedded backdoors that would allow Chinese manufacturers and authorities to have unauthorised access to private and personal data and telecommunications in the EU”.
It was noted there are concerns that third-country equipment vendors may present a security risk if their domestic laws oblige “all enterprises to cooperate with the state in safeguarding a very broad definition of national security also outside their own country”.
There were calls for the EC and member states to provide guidance on how to tackle cyber threats and vulnerabilities when buying 5G equipment, for example by using equipment from different vendors, introducing multi-phase procurement processes, and “establishing a strategy to reduce Europe’s dependence on foreign cybersecurity technology”.
In addition, there was a call for ENISA to develop a certification scheme covering 5G rollouts.
The comments came as the EC set out “ten concrete actions” for EU heads of states or governments to discuss concerning relations with China.
While the broad-ranging talking points address issues such as human rights and climate change, also included is the need for a more balanced and reciprocal economic relationship, and security implications for critical digital infrastructure