Public telecommunications networks and services are critical to the future prosperity of the UK. 5G offers new technical capabilities through higher data rates, reliable and low latency communications, and machine-to-machine communications. This gives 5G the potential to generate significant economic and social benefits across the digital economy. However, it brings risks as our national infrastructure becomes more dependent on these networks and services.
To manage the risks to UK national security, the Government have issued a designation notice to Huawei and designated vendor directions to 35 public telecommunications providers.
The directions place restrictions on the use of Huawei goods and services by those telecommunications providers. This follows long-standing advice from the National Cyber Security Centre (NCSC) and the Government on the use of Huawei equipment in UK public telecommunication networks. The Government have concluded a targeted consultation with telecommunications providers and Huawei and is now, following the passage of the Telecommunications (Security) Act 2021, placing legal controls on the use of Huawei goods and services for the first time.
I have set dates by which telecommunications providers should meet the requirements in the direction. Having fully considered consultation responses, and following close consultation with the NCSC, the key deadline to remove all Huawei equipment in the UK’s 5G network by 2027 remains unchanged, as do eight other requirements.
For a small number of operators, the interim milestones initially proposed before the coronavirus (covid-19) pandemic could have led to network outages and significant disruption for millions of customers, with delays caused by covid-19 restrictions and global supply chain issues. In light of this, while I am asking providers to continue to meet the original target dates for the removal of Huawei from network cores and the capping of Huawei in the access network to 35% wherever possible (January and July 2023 respectively), I am setting the legally required date for compliance to December and October 2023 respectively to avoid customer disruption. Providers also now have a legal requirement to report to me on progress in January and July 2023, so I can keep Parliament informed of progress. Providers will also work closely with NCSC through this period, who have confirmed that the adjustments represent a sensible balance between network disruption and network security.
[HCWS321]