Canada says it has safeguards in place that mean it does not need to follow the United States and Australia in banning Chinese telecoms firms such as Huawei.
Telecommunications networks are among a nation’s most critical pieces of infrastructure. The rollout of 5G will deepen that dependence, powering use cases ranging from healthcare and autonomous vehicles to smart cities and industrial automation.
For that reason, many countries are understandably cautious about allowing foreign companies to supply core components of their national telecoms infrastructure.
The most notable example is the United States, which has maintained a strict ban on equipment from Chinese vendors like Huawei in national networks on national security grounds.
Australia has also restricted Huawei’s role: the company has been excluded from the National Broadband Network (NBN) and, earlier this year, Canberra moved to ban Huawei from 5G networks as well. Previously, Huawei equipment had been allowed in earlier-generation mobile networks.
Canada, by contrast, believes its approach of layered safeguards and rigorous oversight mitigates the security risks without requiring an outright ban.
Scott Jones, head of the Canadian Centre for Cyber Security in Ottawa, said Canada enjoys a deep, collaborative relationship with its telecommunications providers that sets it apart from many other countries.
“We have a very advanced relationship with our telecommunications providers, something that is different from most other countries from what I have seen.
We have a program that is very deep in terms of working on increasing that broader resilience piece especially as we are looking at the next-generation telecommunications networks.”
Canada’s model is similar to the United Kingdom’s approach, which relies on close oversight and technical evaluation rather than an outright supplier ban. Since 2010 the UK has operated the Huawei Cyber Security Evaluation Centre (HCSEC), where experts from GCHQ and other security agencies examine vendor equipment for potential vulnerabilities before deployment in national infrastructure.
For many years HCSEC reported only minor issues and provided assurance that Huawei gear did not pose unacceptable risks. However, in July the centre identified deficiencies in Huawei’s engineering processes and concluded it could only provide “limited assurance” that those risks had been mitigated.
Huawei said it welcomed the report’s findings and that the oversight demonstrated HCSEC’s operational independence. The company acknowledged areas for improvement in its engineering processes and said it was committed to addressing them, stressing that cybersecurity remains a top priority.
Like the UK, Canada is pursuing a testing-and-assurance model: it has established a set of independent “white labs” that evaluate network equipment for backdoors, covert data interception capabilities, and features that could be used to disrupt communications.
Other members of the Five Eyes intelligence partnership — notably the United States, Australia, and New Zealand — have been more inclined toward broad bans on equipment from certain Chinese vendors. Washington has actively encouraged its partners to align with the US approach.
“One of the things we are looking at with our Five Eyes partnership is to make sure they are aware of our program, our approach which is very comprehensive in terms of dealing with the full risks across the telecommunications sector,” Jones said when asked whether Canada’s position might conflict with its Five Eyes obligations.
Jones also argues that excluding specific vendors can, in some circumstances, increase systemic risk by reducing the pool of suppliers. If a smaller set of vendors supplies critical network components, any compromise of one vendor’s equipment would affect a larger share of infrastructure.
Canada is making the case to partners that a rigorous testing and assurance regime provides a robust alternative to blanket bans. Jones notes that concerns about national security apply beyond any single country; for example, large non-Chinese vendors also have corporate links and supply-chain relationships that merit scrutiny.
Rather than adopting a prohibition, Canada’s approach focuses on deep technical assessment, continuous oversight, and collaborative engagement with industry to bolster resilience across the telecoms sector while managing the risks posed by foreign-sourced equipment.
Do you agree with Canada’s decision not to ban Chinese telecoms firms? Let us know in the comments.
Interested in hearing industry leaders discuss topics like this and sharing use-cases? Attend industry expos such as IoT Tech Expo, Blockchain Expo, AI & Big Data Expo and Cyber Security & Cloud Expo to hear panels and case studies on the future of enterprise technology.