The EC asked ENISA to start working on a certification scheme in response to the inconsistent approach towards 5G security.

The initiative is part of the EC’s Cybersecurity Strategy: The European Commission has tasked the European Union Agency for Cybersecurity (ENISA) to prepare an EU cybersecurity certification scheme for 5G networks, as part of the EC’s December 2020 Cybersecurity Strategy. The scheme will address the current fragmentation of certification schemes in Europe, including for 5G networks.

The need for a common approach to 5G security: EU countries are responding to 5G security issues inconsistently. In January 2021, the European Court of Auditors found that member states are taking diverging approaches in implementing the EC’s 5G Toolbox of January 2020. It requires EU countries to establish risk profiles of vendors based on common criteria, and make sure operators adopt a multi-vendor strategy.

Next steps: ENISA will now invite experts to work on the scheme in a dedicated working group. During 2021 the EC will also conduct an in-depth analysis of the 5G supply chain. This will identify key assets and potential critical dependencies, monitor market trends, and assess risks and opportunities of OpenRAN, which has gained growing momentum among Europe’s largest operators.

Source: https://www.enisa.europa.eu/news/enisa-news/securing_eu_vision_on_5g_cybersecurity_certification