Today, the European Union (EU) took its final step in enacting its new telecommunications legislation, the European Electronic Communications Code (the “Code”), which overhauls the existing EU legislative framework for telecommunications, dating from 2009. The Code was published in the Official Journal of the European Union today, and EU Member States will have two years to transpose relevant clauses of the Directive into national laws, regulations and administrative provisions necessary to comply with it. The deadline for that transposition (and the date from which the national laws should be enforced) is therefore December 2020.
The Code’s overall aim is, as described by the European Commission, to “put the EU at the forefront of internet connectivity by 2025 – to create a Gigabit Society.” The European Council further stressed that this “is the cornerstone of EU efforts to ensure very high quality fixed and mobile connectivity for everyone, which is considered a key factor for a globally competitive economy and a modern inclusive society.” To achieve this goal, the new Code is multifaceted – it includes measures to stimulate investment in and take-up of very high capacity networks, new spectrum rules for mobile connectivity and 5G, as well as changes to governance, the universal service regime, end-user protection rules, and numbering and emergency communication rules.
Notably, it also includes provisions on security: providers of electronic communications networks and services are to put in place mechanisms and technology to minimize and manage security incidents. These rules build upon security requirements in the existing law, with new provisions related to security incident notifications and other areas.
The Code’s security provisions convey that, to truly benefit from 5G, the EU understands these networks must be secure, particularly to drive the user confidence (businesses and EU citizens) in online activities that are expected to flourish from infrastructure investments. With 5G, more devices and critical services will move onto these networks, and cybersecurity threat actors will likely follow.
Palo Alto Networks has been working closely with our service provider (SP) partners around the world – including in Europe – to understand the unique security challenges 5G will present for them. We know SPs are facing a major mobile infrastructure transition from 4G to 5G technology, and we plan to be there to help them succeed. Recently, we announced the coming availability of a dedicated service provider product series of our next-generation firewalls (NGFWs), which are ideally suited for service provider 4G/5G network evolutions and IoT use case scenarios.
Like many others, Palo Alto Networks will be looking to understand the real world implications of the Code over the coming months. In addition, further details on its security and other provisions will have to be developed by Member States and the competent telecommunication authorities from now through 2020. We will continue analyzing the law in more depth to assess how we can help our EU SP customers with their security needs and compliance journey. Expect to hear more from us on this topic in the future.