The Lower House of Parliament approves the 5G Cybersecurity Law by a large majority

News - 2022.4.28

  • x: opens new window
  • Whatsapp: opens new window
  • Linkedin: opens new window
  • Send: opens new window

The plenary session of the Spanish Lower House of Parliament today approved the 5G Cybersecurity Law, which establishes specific cybersecurity requirements for the roll out and operation of 5G networks. The legislation saw broad support, with 312 votes in favour.

The regulation has been in force since 31 March after the Government approved the Royal Decree-Law on 5G Cybersecurity, speeding up the draft law it was working on in light of the increased security risks and cyberattacks that may occur in the new geostrategic scenario caused by the aggression against Ukraine. The regulation, which had to be ratified in Lower House, received approval in the Chamber by a large majority and will establish a reliable and secure framework to encourage the roll out and investment by telecommunications operators and, at the same time, the demand for services by users.

The 5G Cybersecurity Law incorporates the strategic and technical measures of the toolbox agreed by the Member States of the European Union into the Spanish legal framework. The toolbox identifies the main threats and vulnerabilities, the most sensitive assets and strategic risks in the roll out of 5G networks.

The regulation establishes a 5G Network and Service Security Scheme that will take into account the analysis of vulnerabilities and threats to the 5G network by network operators.

It also establishes a procedure and criteria to classify suppliers as low, medium and high risk. 5G public network operators may not use equipment from high-risk suppliers in the core of the network, their network management system or at certain locations in the access network.

This affects both existing networks or network elements - if they are used for 5G technology - and new 5G networks that are installed. If operators are obliged to replace equipment, products or services provided by such suppliers, they have a period of five years to carry out the replacement of critical network elements.

Operators must also analyse their dependence in the supply chain and are obliged to include measures to limit dependence on a single supplier and restrictions for suppliers classified as high risk.

5G is the fifth generation of mobile technology that, due to its technical characteristics, enables permanent, ubiquitous, high-capacity and high-speed connections between people and machines.

Enhancing the roll out of 5G technology is one of the Recovery Plan's priorities and the 5G Cybersecurity Law is one of the reforms committed to in the Plan.

Non official translation