The UK government has announced it will permit Huawei equipment to be used in national 5G networks, but only in a tightly constrained and limited capacity following a comprehensive security review.
After a meeting of the National Security Council (NSC) chaired by Prime Minister Boris Johnson, the government confirmed the decision that balances the need for fast, reliable connectivity with national security concerns.
Digital Secretary Baroness Morgan said, “We want world-class connectivity as soon as possible but this must not be at the expense of our national security. High-risk vendors never have been and never will be in our most sensitive networks.” The government concluded its assessment of the telecoms supply chain and determined stringent limits are necessary for the presence of high-risk suppliers.
Huawei has faced sustained scrutiny over alleged ties to the Chinese state, claims the company denies. The United States urged the UK to bar Huawei from 5G infrastructure on security grounds and provided British officials with a dossier outlining perceived risks earlier this month. The UK, however, has emphasized that its decision would be evidence-led and based on its own technical and security reviews.
Senior officials across government departments recommended last Wednesday that Huawei be allowed a “limited role” within the UK’s 5G networks; that recommendation was confirmed by the NSC today.
Under the announced restrictions, Huawei and other deemed “high-risk” vendors will face several specific exclusions and limits:
- They will be barred from all safety-related and safety-critical networks within critical national infrastructure.
- They will be excluded from security-critical “core” functions—the most sensitive parts of the network architecture.
- They will not be permitted in sensitive geographic locations such as nuclear sites and military bases.
- Their equipment will be restricted to a minority share of no more than 35 percent in the periphery of the network, known as the access network, which connects devices to mobile phone masts.
The 35 percent cap on Huawei’s presence in the access network is particularly significant. It is designed so that, if Huawei equipment were later found to be compromised or too risky, roughly two-thirds of the UK’s 5G capacity would remain operated by other vendors, limiting potential exposure.
Some analysts have previously argued that allowing multiple vendors can improve overall resilience: if one supplier’s equipment is compromised, the damage to the broader network is reduced when other providers are also in use.
Operators and vendors reacted quickly to the announcement. BT said the decision provides important clarity for the industry and reaffirmed that network security is a top priority. BT noted it already avoids using Huawei in core networks and will now assess the detailed implications, including potential costs of complying with the new restrictions.
All four of the UK’s major mobile operators had already begun deploying Huawei 5G equipment. Fully removing and replacing that gear would have been expensive and time-consuming, making a limited, managed approach more practical from an operational and financial standpoint.
Andrew Stark, cybersecurity director at Red Mosquito, observed that Huawei equipment is already integral to the UK’s 3G and 4G networks, so continuing with Huawei for some 5G rollout provides a less disruptive path and increases the likelihood operators can meet tight deployment schedules. At present, the main alternative hardware providers are Nokia and Ericsson.
The government stated the decision followed an in-depth technical and security analysis by the National Cyber Security Centre (NCSC), which it described as the most detailed assessment in the world of what is needed to protect the UK’s digital infrastructure.
Despite the intelligence community’s conclusion, the decision remains controversial. Some MPs and security experts voiced strong concerns: Conservative MP Bob Seely argued Huawei is, to all intents and purposes, linked to the Chinese state and warned that involving the company risks allowing Chinese agencies access to the UK’s networks.
Huawei’s equipment has been the subject of recurring worries. The Huawei Cyber Security Evaluation Centre (HCSEC) reported in 2018 that it could no longer provide full assurance that risks associated with Huawei gear could be mitigated after identifying shortfalls in the company’s engineering and security processes. The HCSEC highlighted challenges in verifying internal product code and issues related to components sourced from external suppliers.
A follow-up HCSEC report in March 2019 criticized Huawei for slow progress in addressing these issues and said there had been insufficient remediation to change the prior level of assurance. Think tanks like the Royal United Services Institute (RUSI) also warned about the difficulty of detecting hidden backdoors and the uneven balance between potential attackers and defenders in such technical disputes.
The UK government’s approach—allowing Huawei a limited role under strict conditions—reflects a judgment that the benefits of diversified supplier presence, operational continuity, and faster 5G rollout outweigh the assessed risks, provided robust safeguards remain in place. But it is unlikely to end the debate.
15:00 update: Added statement from BT.
Interested in hearing industry leaders discuss topics like this and share real-world use cases? Attend co-located industry events such as IoT Tech Expo, Blockchain Expo, AI & Big Data Expo, Cyber Security & Cloud Expo and 5G Expo World Series, with upcoming shows in Silicon Valley, London and Amsterdam to explore the future of enterprise technology.