Please enable javascript in your browser to view this site

Funding for vendor ‘rip and replace’ programmes

Cybersecurity Tracker

Vendor Restrictions benchmark expanded to include information on government funding for the removal of suppliers from telecoms networks

We recently expanded the Vendor Restrictions benchmark within our Cybersecurity Tracker to include details on whether and to what extent governments provide funding for operators to remove so-called high risk vendors from their networks. This addition was sparked by the passing of the National Defense Authorization Act (NDAA) in the US in late December 2024, which includes $3.08bn (£2.53bn) to support operators' removal of Huawei and ZTE technology from the county’s telecoms infrastructure. The NDAA essentially provides a loan that bolsters the FCCs Secure and Trusted Communications Networks Reimbursement Program, bringing total public funding to $4.98bn (£4.09bn). In early January 2025, the now ex-FCC Chairwoman Jessica Rosenworcel called for a swift auction of AWS-3 spectrum, with proceeds from the award being used to repay the Government for its financial support.

According to our benchmark, which tracks restrictions on telecoms vendors in 30 jurisdictions around the world, the US is the only country that has allocated public funding to support such a ‘rip and replace’ scheme. In contrast, in Canada, Bill C-26 explicitly states that no operator is entitled to compensation for reforms to the country’s regulatory framework, including the prohibition on Huawei and ZTE products and services. In Portugal, the Government has also confirmed that there would be no compensation for replacing high risk equipment, stating its decision strikes a balance between the need to ensure security and the investments operators would have to make.

In three countries, there are ongoing legal challenges to rip and replace measures, which could lead to operators securing financial support to remove certain vendors from their networks:

  • In Denmark, TDC NET has stated that it will comply with the Centre for Cyber ​​Security’s decision requiring it to phase out Huawei technology from its central transport network, but wants a court to clarify whether it is entitled to compensation;

  • In Estonia, Elisa asked the Court of Justice of the EU (CJEU) in May 2024 to provide a ruling on a number of questions, including whether the country’s Electronic Communications Act – and the vendor restrictions it introduces – is aligned with the EECC and other EU law; and

  • In France, Bouygues Telecom and SFR have launched legal action against the French Government over costs incurred in the removal of Huawei equipment from their networks. The operators are more reliant on the vendor than competitors Free Mobile and Orange, and have stated that they expect to face a collective cost burden of more than €182m (£154m).