The European Court of Auditors (ECA) seems largely unimpressed by findings from its year-long probe into how European Union (EU) member states are dealing with 5G security.

According to Euractiv, the ECA has identified a worryingly divergent approach across different EU nations

Paolo Pesce, part of the ECA team conducting the 12-month review, remarked that although "member states have started to develop and implement necessary security measures to mitigate risks, they seem to be progressing at a different pace."

Figure 1: Flagging issues: The European Court of Auditors has flagged concerns about member state's approaches to 5G security.

As far as the ECA is concerned, if Light Reading's gist of the Euractiv report is right, the European Commission (EC) has given EU member states more than enough guidance on 5G security, particularly when it comes to dealing with "high-risk vendors" – translation: Huawei and ZTE – to avoid divergence of this sort.

Who's using the 5G toolbox?

Trouble has been brewing for some time.

Last January the EC unveiled its "5G toolbox," which includes proposals on how countries might keep a watchful eye on suppliers. The toolbox recommends "objective assessment of identified risks and proportionate mitigating measures."

Yet a progress report on 5G toolbox adoption, published by the EC last July, had already spotted laggards.

An EC official at the time (again, reported by Euractiv) revealed that two thirds of member states had progressed in the implementation of the 5G toolbox – to the extent they had identified a list of high-risk suppliers – but only a third of this group had put forward plans to restrict their involvement.

Annemie Turtelboom, the ECA member leading the audit, indicated that some countries were bypassing supplier security checks in order to speed up rollout. The report, she said, will investigate the trade-offs being made here.

5G spectrum drip feed

Another EC worry is that EU member states (including the UK), had assigned on average only 36.1% of "5G pioneer bands" by mid-December 2020.

Want to know more about security? Check out our dedicated security channel here on
Light Reading.

An EC spokesperson, in contact with Euractiv, seemed to acknowledge the part COVID-19 has played in pushing back spectrum auctions in "several member states."

Under the 2018 Electronic Communications Code, all spectrum in the 700MHz band should have been awarded by June 30, 2020, with allocations of 3.6GHz and 26GHz airwaves wrapped up by December 31, 2020.

Related posts:

— Ken Wieland, contributing editor, special to Light Reading