The Chinese vendor will be allowed in ‘non-core’ parts of networks, where its market share will be capped to 35%.
Background: The UK Government’s decision on whether mobile operators could use Huawei (and other so called ‘high risk vendors’), as part of their 5G networks has been long awaited. In 2019, the Telecoms Supply Chain Review was expected to end the uncertainty, however it stopped short of making a final decision on individual high risk vendors and the additional controls that would be applied to them. In the review, the Government committed to setting out new Telecoms Security Requirements (TSR) in conjunction with Ofcom and industry, and to adopt a ‘three lines of defence’ approach in managing the risks posed by vendors: to require operators to subject vendors to rigorous oversight through procurement and contract Management; to work closely with vendors to ensure effective assurance testing for equipment, systems and software; and to impose additional controls on certain types of vendors which pose significantly greater security and resilience risks.
Huawei is restricted from the core network and subject to a market cap: On 28 January 2020, the Government made a final decision on high risk vendors. The consequence is a partial ban on Huawei equipment – preventing the use of Huawei in the core of 5G networks and placing a limit on how much Huawei can be used in the 5G access network and full fibre networks. The exclusion also applies to all safety related and safety critical networks in ‘Critical National Infrastructure’, and to sensitive geographic locations such as nuclear sites and military bases. High risk vendors will be subject to a cap on their market share in the 5G access network (35%) thereby limiting its presence in mobile masts and in access segments of full fibre networks. This cap will be reviewed over time.
An outcome the industry will have prepared for: The Government’s decision allows operators to continue to use Huawei in their access networks, while excluding it from the core. Operators will have three years to bring the share of high-risk vendors components in their access networks below 35%. The decision will impact some operators more than others, but it is unlikely to cause the major disruption that was feared. BT have said they already have a long-standing principle not to use Huawei in their core networks. It is also worth noting that the advice newly published by the National Cyber Security Centre (NCSC) remains unchanged with regards to existing networks (i.e. 4G and VDSL), which means any changes will relate to FTTP and 5G networks only.