- Systems may only be sourced from "trustworthy suppliers" whose compliance with national security regulations is "assured";
- Network traffic must be constantly monitored for any abnormality and, if there is any cause for concern, "appropriate protection measures" must be taken.
- Critical security-related network and system components may only be used if they have been certified by the Federal Office for Information Security (BSI) and undergone IT security checks by a BSI-approved testing body.
Where all this leaves Huawei in the context of Germany's 5G rollout is unclear. Just last week the head of the country's national cybersecurity agency gave the impression that Germany could allow Huawei to supply equipment for its 5G rollout on condition the Chinese authorities issued further assurances on data security -- what some commentators dubbed a "no spy" deal. (See Eurobites: 'No Spy' Deal Could Clear Way for Huawei to Play Part in Germany's 5G Rollout.)
— Paul Rainford, Assistant Editor, Europe, Light Reading