5G and Huawei: Europe grapples with risk

The US and Europe differ on using Chinese companies for next-generation mobile-phone networks. John Lee says that reflects different assessments of whether the benefits can outweigh the risks.

The UK’s decision to allow “high-risk vendors” to equip parts of its 5G networks opens the door for Huawei’s involvement. This has drawn strong criticism at home and abroad, particularly from US officials and lawmakers. While the UK’s decision has been blamed on pressure from Beijing and Beijing-backed business interests, the controversy reflects deeper disagreements over the design of 5G networks and whether the risks of working with Chinese suppliers are manageable or fundamentally to be avoided. These diverging views will surface more often as Chinese companies expand their presence across the global economy.

Technical debate over securing 5G networks centers on claims they will collapse the current distinction between ‘core’ and ‘edge’ in telecommunications infrastructure. This is ‘untrue’ according to the UK’s cybersecurity agency. It is therefore still feasible to design networks in ways that separate high-risk vendors from sensitive data and functions, although this may impose limitations on network performance.

The decisive factor in judging Huawei’s trustworthiness is China's political system

These judgments are disputed by foreign commentators who emphasize that to reach full potential, 5G networks will need to distribute sensitive data and functions dynamically, in ways impossible to thoroughly monitor. This view justifies a zero-risk approach towards untrustworthy vendors, treating the security of telecommunications as ‘priceless’. In this context, the decisive factor in judging Huawei’s trustworthiness is the Chinese political system within which the company operates.

This approach, advocated by the US government, seems to have been rejected in London and Brussels. The day after the UK’s decision, the European Commission published its “toolbox” of risk mitigation measures to guide EU member-states’ 5G deployments. Produced under a mandate to coordinate a common European approach towards 5G, it draws on individual risk assessments by member-states and recognizes that a vendor’s relationship with foreign governments can affect its risk profile.

This inclusion of political as well as technical criteria for assessing risk mirrors the UK’s framework, which reportedly inspired the EU’s approach. The UK has defined Huawei as a “high-risk vendor,” taking into account China’s legal system and the history of cyberattacks by the Chinese state. High-risk vendors are restricted to the network’s “edge,” and even that presence is capped at 35 percent.

Individual EU member-states will decide how to implement the toolbox recommendations, which specify that vendors assessed as high-risk from sensitive 5G assets should be excluded ‘as necessary.’ Because the toolbox was developed jointly by representatives of all member-states, the Commission and the EU cybersecurity agency ENISA, it can be taken to reflect general agreement – despite controversies over Huawei in some member-states – that the security of telecommunications is not “priceless”, but must be balanced against other priorities. 

These priorities concern not just short-term cost savings, but also long-term economic security and strategic positioning. The UK’s official statement about its decision and anonymous quotes from UK officials show clearly the importance placed on securing future economic competitiveness through a rapid transition to 5G, which create an imperative to avoid potential delays and costs implied by banning Huawei.

The European Commission seeks to achieve “technological sovereignty”

The EU’s goal is more ambitious. The European Commission seeks to achieve “technological sovereignty” by making the EU “the most dynamic data-agile economy in the world” and establishing “European leadership in network technologies”. In this context the US is expressly viewed as a competitor, and European decision-makers are unsurprisingly reluctant to delay 5G roll-outs at Washington’s behest, when the US is increasingly using its’ own economic power against allies.

Decision-makers in London and continental Europe seem to have concluded two things about the risks of the Chinese state exploiting their interdependence with Huawei: they can be managed through judicious controls, and must be weighed against potential gains from rapid transition to 5G-enabled economies. Both the EU and the UK aim to avoid dependence on high-risk vendors, and to promote market diversity in vendors and technical solutions as a long-term risk mitigation strategy.

US Secretary of State Mike Pompeo has recently doubled down on the case against Huawei by describing the Chinese Communist Party (CCP) as “the central threat of our times”: the CCP’s malevolence, driven by its’ political nature, justifies sacrificing the benefits of connections with Chinese actors. This logic appears to be driving US efforts to “decouple” from China, at significant cost to US firms and the US economy. In this view, permitting Huawei a role in 5G networks amounts to choosing ‘autocracy over democracy’.

But Washington has largely failed to persuade governments in Europe and elsewhere, most of which seem to view the Huawei issue as one of risk management, not of fundamental conflict over political values. The policies developed by the EU and UK on 5G reflect how much of the world is dealing with expanding Chinese influence – by treating the CCP’s political nature as a relevant but not determining factor. This points to an evolving paradigm for globalisation in an age of growing security concerns – managed interdependence with, rather than implacable opposition to China.

A longer version of this blogpost was published by The Diplomat on February 15, 2020.