It's been a long time coming, but German ministers finally agreed on the details of a new IT security law that, as expected, will make it more difficult for China-based vendors such as Huawei to participate in the 5G market.
While Germany has not bowed to US demands to ban equipment from the likes of Huawei or ZTE in 5G networks, it has tightened up security criteria that will be much harder for such vendors to meet. Authorities will now be able to block components or companies if they do not meet the high security standards.
The German government has been trying to create a balance between meeting US security demands while not upsetting its major export market of China – a seemingly impossible task.
According to Reuters, Huawei welcomed the new German law. "For the 5G networks this means that there are higher and equal security standards for all suppliers," a spokesman told the news agency.
The Financial Times (paywall applies) said that a number of observers remain critical of the law, saying it does not go far enough. At the same time, the UK broadsheet noted that some German ministers have said the law could make it next to impossible to include Huawei in 5G networks – which will not come as welcome news to German operators such as Deutsche Telekom.
More checks and balances
The new law is called IT-Sicherheitsgesetz 2.0, and was described by Interior Minister Horst Seehofer as a "breakthrough for Germany's cybersecurity" that will set "new standards in the defense against attacks in cyberspace."
The aim is to be able to make far more stringent checks of potential telecom suppliers than has been the case up till now.
One key element of the new law is to give more powers to the Bundesamt für Sicherheit in der Informationstechnik (Federal Cyber Security Authority/BSI). In future, the BSI will be involved in digitization projects at an early stage and can order measures against companies if it deems there is a threat to German information security.
The law also contains a regulation that prohibits the use of critical components that are subject to certification. "For the first time, the Telecommunications Act introduces a certification requirement for critical components in telecommunications networks," the law says.
Other elements include the creation of a uniform IT security label for consumer protection.
The law still requires approval by the Bundestag, Germany's lower house of parliament.
- Germany stops short of Huawei ban, but raises bar to entry
- Germany keeps world guessing on Huawei
- Europe's dependence on Huawei laid bare in new study
- Huawei's 5G license win in Germany may rile opponents
- Telefónica Germany to move 5G core into AWS
— Anne Morris, contributing editor, special to Light Reading