The Balance between Risk Mitigation and Smoother 5G Deployments in the European Union

With support from the E.U. heads of state, the European Commission (EC) recommended a set of concrete actions on March 26, 2019. The long-awaited recommendations, including both legislative and policy instruments, are meant to protect E.U. economies, societies, and democratic systems from security threats. These suggested actions refer to a national level first and then, later, to an E.U.-level. On a national level, E.U. member states are expected to complete a national risk assessment of 5G network infrastructures by June 31, 2019. This includes the update of existing security requirements for mobile service providers (MSPs) and further conditions for ensuring the security of public networks, especially when granting rights of use for radio frequencies in 5G bands.

On an E.U.-level, E.U. member states will exchange essential information with each other under the coordination of the EC. The European Union Agency for Network and Information Security (ENISA) will complete a coordinated, bloc-wide risk assessment by October 1, 2019. After that point, member states will agree on a set of mitigating measures that can be used at a national level. These can include certification requirements, tests, and controls, as well as the identification of products or suppliers that are considered potentially non-secure. Although Huawei’s name wasn’t even mentioned in the EC’s press release, this set of actions is clearly related to the Chinese giant.

Despite the outstanding U.S. pressure to boycott Chinese vendors, the European Union is not planning to ban Huawei or ZTE from providing 5G infrastructure. Yet. Basically, the European Union won time until October 1, 2019 to execute technical tests and evaluate the potential outcomes of an E.U.-wide ban. Furthermore, there will also be general elections for the seats of the European Parliament May 23 to 26 that will determine the direction of the European Union for the next five years. The current European Parliament simply does not have enough time to execute these actions in this parliamentary cycle. With this move, the EC respects the sovereignty of the member states, which still have the time and the right to exclude Chinese companies from their markets for national security reasons if they do not comply with the state's standards and legal frameworks.

The stakes are enormous: ABI Research expects that European MSPs will spend around US$47 billion on mobile network infrastructure in 2020 alone. The U.S. government is heavily pressurizing key decision makers at both member state and E.U.-levels. Mike Pompeo did an “anti-Huawei roadshow” across Eastern Europe, and basically one of the most important elements of U.S. foreign policy was to keep the Chinese vendor away from 5G request for proposal (RFP).         

On the other side, Huawei also took up the gauntlet in many levels: above the confident verbal statements from Ren Zhengfei and tweets from Ken Hu, the company opened their own Cyber Security Transparency Centre (CSTC) in March, as close to the E.U. decision makers as it could be. They have chosen a symbolic location in the heart of Brussels, in the European Quarter, literally 800 meters from the European Parliament. Furthermore, the Chinese giant executed an omnidirectional technological premiere rush during MWC 2019 to divert attention from security concerns and show their 5G superiority compared to the rest of the vendors. Huawei introduced its new 5G base stations, rural connectivity solutions for developing markets, network switches with artificial intelligence, graphics processing unit (GPU), ARM-based CPUs, and even a new AI-enabled camera.

The interconnected and transnational nature of the telecommunication infrastructures and the cross-border characteristic of the threats would impact the European Union as a whole. Therefore, concerted measures and vendor regulation are essential on a European level to ensure a high level of cybersecurity.     

The EC’s decision is basically a longer timeout until the October 1, and nobody is really happy with the recent outcome yet. ABI Research expects that both parties will continue to pressurize E.U.-level and national level decision makers across all of Europe. Chinese vendors continue to prove their transparency and the highest level of security via lobbying, technological demonstration, or establishing further cybersecurity centers. MSPs already stated their point of view: they have not reported major security concerns with Huawei or ZTE. Furthermore, European MSPs will not support the Chinese ban, based on its lack of evidence and commercial rationality. An oligopolistic vendor market with heavy Chinese price pressure is much more favorable for them than the limited Nordic duopoly. Deutsche Telekom, Vodafone, and others have clearly expressed fears that not using Huawei equipment for 5G will cost them millions of Euro and delay deployment. The bloc-wide ban would clearly increase the current lag behind Asia and the US. A ban of Chinese vendors will result in Nokia and Ericsson gaining a larger market share in Europe, though it will likely result in a slowdown in demand for their 5G products in Europe due to the vendors’ higher costs and the possible need for MSPs to swap existing Chinese equipment. As a lesson from the past, swapping ZTE last year led to major disruption for Italy's Wind Tre, delaying upgrades to mobile networks at considerable cost.         

Even if the demand for 5G will not slow down, there are still challenges for the Nordic vendors that will likely result in Europe falling further behind in the race to 5G. Nokia and Ericsson both successfully executed several cost-cutting programs and layoffs in recent years, and even in regard to network rollout resources that typically rely on external contractors, their capacity to quickly fill the hole resulting from the Huawei ban is questionable and even network rollout resources typically relying on contractors, their capacity to quickly fill in a hole resulting from Huawei’s ban is questionable. Nordics are already struggling to meet demand in the higher margin U.S. market: Ericsson’s CEO, Börje Ekholm, acknowledged that the company can “see the limitations on rolling out and the limitations on tower crews," and also stated that Ericsson is “increasing our investments in bringing more tower crews online but this takes some time. There is stronger demand than we'd anticipated."

The United States is expected to increase the tension in every European country and try to achieve a bloc-wide Chinese ban. To achieve their goal, the United States has a wide range of tools, such as limiting intelligence sharing, blocking M&A with E.U. interest, and even commercial/political threats. As a potential direct threat, the Federal Communications Commission (FCC) can simply block the T-Mobile U.S./Sprint merger in case Deutsche Telekom is still considering Chinese equipment vendors.     

As an upside of the recent E.U. announcement, the telco ecosystem finally has a timetable that can be used by the MSPs. This regulatory uncertainty in the upcoming will certainly slow down 5G deployment until this question is not open-ended anymore. ABI Research recommends MSPs freeze the selection of their 5G vendors until H2 2019, even they receive significant discounts from vendors.       

The EC must make an indelible decision: defining Europe’s future in the long term. Huawei’s well-embedded position and the enormous CAPEX pressure on E.U.-based MSPs are complicating the situation even further. The freshly elected European Parliament will face a real, long-lasting decision point this summer: balancing between the risk mitigation, U.S. political pressure, and oligopolist vendor market and economic success in the digital era is hard.