Congress validates by a large majority the Cybersecurity Law 5G

27/04/2022
220428_f_5g.jpg
  • The standard creates a reliable and secure framework to incentivize deployment and investment by telecom operators and, at the same time, demand for services by users
  • Establishes a 5G Network and Service Security Scheme that will classify suppliers as low, medium or high risk suppliers and limit the presence of the latter in critical elements of the network
  • 5G is the fifth generation of mobile technology that enables permanent, ubiquitous, high-capacity, high-speed connections between people and machines.
    • The standard creates a reliable and secure framework to incentivize deployment and investment by telecom operators and, at the same time, the demand for services by users.

    Boosting the deployment of 5G technology is one of the priorities of the Recovery Plan and the 5G Cybersecurity Law is one of the milestones of reforms included in the Plan

    The plenary of the Congress of Deputies has today validated the Cybersecurity Law 5G that establishes specific cybersecurity requirements for the deployment and operation of 5G networks. The rule has achieved broad support, 312 votes in favour.

    The regulation has been in force since March 31, when the Government approved the Royal Decree-Law on Cybersecurity 5G, accelerating the draft law in which it was working to increase the security risks and cyberattacks that may occur in the new geostrategic scenario that has caused the aggression to Ukraine. The rule, which had to be ratified in Congress, has received the approval of the Lower House by a large majority and will allow to establish a reliable and secure framework to encourage deployment and investment by telecommunications operators and, at the same time, the demand for services by users.

    The Cybersecurity Law 5G incorporates into the Spanish legal framework the strategic and technical measures of the toolbox (tool) agreed between the Member States of the European Union. The toolbox identifies the main threats and vulnerabilities, the most sensitive assets and strategic risks in deploying 5G networks.

    As a novelty, the standard establishes a 5G Network and Service Security Scheme that will take into account the analysis made by network operators about vulnerabilities and threats to the 5G network.

    It also establishes a procedure and criteria so that low-, medium- and high-risk suppliers can be classified. 5G public network operators will not be able to use equipment from high-risk suppliers in the core of the network, in its network management system and in certain locations of the access network.

    This affects both networks or network elements already installed, if they are used for 5G technology, and the new 5G networks that are installed. If operators are obliged to replace equipment, products or services provided by such suppliers, they have a period of five years to carry out the replacement on critical network elements.

    In addition, operators must analyse their dependence on the supply chain and are obliged to include measures to limit dependence on a single supplier and restrictions on suppliers who are deemed to be high-risk.

    5G is the fifth generation of mobile technology that, due to its technical characteristics, allows permanent, ubiquitous, high-capacity and high-speed connections between people and machines.

    Boosting the deployment of 5G technology is one of the priorities of the Recovery Plan and the 5G Cybersecurity Act is one of the reforms committed in the Plan.