Companies will no longer be able to self-regulate network security and could face heavy fines if found doing so.
A bill that would give the government greater powers to shut out high-risk vendors from the UK’s telecoms infrastructure will be put before parliament on Tuesday.
At the beginning of the year, ministers determined that additional safeguards should be put into place to protect the UK’s 5G and gigabit-capable networks and exclude ‘high risk’ vendors from areas of it that are critical to security.
High risk vendors are those who pose greater security and resilience risks to UK telecoms.
The new Telecommunications (Security) Bill aims to create national security powers capable of imposing controls on when – if at all – a telecoms firm can use material supplied by companies like Huawei.
In the summer the government announced a ban on the purchase of any new 5G equipment from the Chinese firm from the end of the year.
It also unveiled plans to rip out all Huawei equipment from 5G networks by 2027.
These moves will be enshrined in law by the new bill.
Also under the proposals, security protocols around UK networks will be strengthened with fines – of 10% of turnover or £100,000 a day – for those who do not meet the new standards.
Communications regulator Ofcom is to be tasked with the monitoring and assessing of security protocols among telecoms providers.
Digital Secretary Oliver Dowden said: “We are investing billions to roll-out 5G and gigabit broadband across the country but the benefits can only be realised if we have full confidence in the security and resilience of our networks.
“This ground-breaking bill will give the UK one of the toughest telecoms security regimes in the world and allow us to take the action necessary to protect our networks.”
The Department for Digital, Culture, Media and Sport (DCMS) said current-self governance laws in which telecoms providers were responsible for setting their own security standards, did not work.
The government’s Telecoms Supply Chain Review found that with self-regulation, they often had little incentive to adopt the best security practices.
It said the new rules laid out in the bill would set minimum security standards for firms to reach, while new codes of practice will be introduced to help providers comply with their legal obligations around high-risk vendors.
Dr Ian Levy, technical director at the National Cyber Security Centre (NCSC), said: “The roll-out of 5G and gigabit broadband presents great opportunities for the UK but as we benefit from these we need to improve security in our national networks and operators need to know what is expected of them.”
Huawei vice president Victor Zhang criticised the decision, saying: “It’s disappointing that the government is looking to exclude Huawei from the 5G roll-out.
“The decision is politically motivated and not based on a fair evaluation of the risks.
“It does not serve anyone’s best interests as it would move Britain into the digital slow lane and put at risk the government’s levelling-up agenda.”
Analysis: 5G brings greater possibilities, but also greater threats
By Alistair Bunkall, defence & security correspondent
Although this Bill is broad in scope, it effectively signs into law the major decision taken by the UK government in July to exclude Huawei from Britain’s future 5G network.
The decision was influenced by heavy lobbying from Washington; under Donald Trump the US took a hard-line towards China and expected allies to follow. The UK was threatened: ban Huawei or impact intelligence sharing.
Any prospect that a Biden presidency might take a more lenient view of Huawei is unrealistic. Although the president-elect is expected to pursue a more consistent approach to China, working with allies rather than berating them into submission, he is expected to retain Trump’s hard-line position against the telecoms provider and Beijing more broadly.
5G will create a faster, better connected world, opening up a wealth of new possibilities for the way we live our lives. The advantages will be immense but the downside is that it will come with greater security threats as adversaries look for back doors into Britain’s vital infrastructure.
The network is only as strong as each individual part of the chain – should one link be hacked, the entire network could be compromised: this Bill is intended to protect against that and ensure Huawei is not allowed back in.