5G Security Network: Federal Government Seals Ban on Huawei and ZTE Until 2029
Contracts with Telekom, Vodafone, and TelefĂłnica are forcing mobile network operators to replace critical technology from China in core and management systems.
Telecommunications tower HĂĽnenburg by Deutsche Funkturm with various antennas (symbolic image).
(Image: Marie-Claire Koch / heise medien)
The debate about the security of German mobile network infrastructure is entering a binding implementation phase. According to the German government's response to an inquiry from the AfD parliamentary group, the roadmap for the extensive exclusion of Chinese manufacturers Huawei and ZTE from the domestic 5G networks is now contractually fixed. This marks the end of the long discussions about potential espionage risks and technological dependencies in critical infrastructure.
The core of the government's strategy, according to the information provided, consists of public-law contracts that the federal government has individually concluded with the three major mobile providers Telekom, Vodafone, and TelefĂłnica. These agreements conclude the previously conducted administrative proceedings based on the IT Security Act. This approach lends new legal binding force to the security requirements, going beyond political guidelines.
The timeline foresees a two-stage cleanup of the networks. In the first step, operators must remove all critical components from Huawei and ZTE from their 5G core networks by the end of 2026 at the latest. These are considered the "brain" of mobile communications, where sensitive data streams converge and are processed.
Videos by heise
Second Stage by 2029 Focusing on Management
In a second phase, to be completed by the end of 2029, the ban will extend to network management systems. This concerns the control layer in access and transport networks. Mobile operators are obliged to replace the critical functions of these systems with technical solutions from other manufacturers. The federal government aims to ensure that control over the networks also remains in "trustworthy" hands.
The division of responsibilities within the government is as follows: The Federal Ministry of the Interior retains overall responsibility, while the Ministry for Digital Affairs is involved in strategic steering and control processes. This ensures that network and data security issues are coordinated centrally.
When it comes to specific security incidents or vulnerabilities already discovered in Huawei components, the government remains silent. It withholds information, citing state security and the operational methods of intelligence agencies. The question of the costs of the upgrade also remains open. According to its own statements, the government has no information on the financial burden the exchange will impose on providers or whether it could indirectly affect the federal budget.
Operator Responsibility
The technical monitoring of the networks remains a complex task. Although the Telecommunications Act provides for a review by independent bodies or national authorities every two years, the results of these audits are classified as trade and business secrets of the network operators. Responsibility for cybersecurity thus lies primarily with the companies themselves, which must implement technical protective measures under the supervision of the Federal Network Agency and the Federal Office for Information Security (BSI).
With this course, Germany is prioritizing national security interests over economic considerations, thus following the recommendations of the EU's 5G Toolbox. For Huawei and ZTE, this agreement marks the foreseeable end of their era as core suppliers for the German mobile market.
(wpl)
