The UK’s annual assessment of potential security risks from Chinese telecoms firm Huawei has not been published for nearly two years, prompting concerns about government transparency and accountability.
According to reports, the decision to withhold the Huawei Cyber Security Evaluation Centre (HCSEC) annual report was taken under the then-culture secretary, Nadine Dorries. The HCSEC report evaluates risks to the UK’s national infrastructure stemming from Huawei’s products and software, and a public version has not been released since 2021.
HCSEC’s oversight board—commonly called “The Cell”—has monitored Huawei-related security issues since 2010. Its stated role is to examine whether Huawei’s equipment or code could create vulnerabilities in the UK’s critical communications infrastructure. While the board continues to operate from its base in Banbury, it is unclear whether current reports are being completed and shared with the public.
The absence of recent reports has attracted criticism and raised questions about whether ministers effectively reduced scrutiny of Huawei. A source cited by the Telegraph suggested that former ministers may have “let Huawei off the hook,” while figures including former Conservative leader Sir Iain Duncan Smith have publicly questioned why HCSEC findings were not published.
Although the UK moved to ban Huawei equipment from new 5G networks in 2020, existing Huawei kit remains permitted in the country until 2027 following requests from British telecom operators for an extension. That phased removal has drawn attention from policymakers and security experts alike, who argue that transparency over risk assessments is vital during the transition.
Across Europe and beyond, concern about Huawei’s participation in critical infrastructure has been growing. Last week, the European Union’s industry commissioner, Thierry Breton, urged member states to consider banning Huawei. Ten countries have already imposed restrictions or full bans on the company’s equipment, reflecting a broader international effort to limit potential security exposures tied to Chinese-made telecoms hardware and software.
Given HCSEC’s importance in assessing software and equipment risks, withholding its public annual reports carries significant implications for national security oversight. Public access to these findings would enable informed debate about how best to protect critical infrastructure while balancing commercial and operational needs.
Publishing the HCSEC report would not only inform citizens but also support a transparent policy discussion on securing the country’s communications networks and managing the phased removal of vulnerable equipment. Without that transparency, policymakers, industry stakeholders, and the public lack a clear, evidence-based picture of the risks and the rationale behind decisions affecting national infrastructure.
(Photo by Marcin Nowak on Unsplash)
Related: UK sends legal documents mandating Huawei kit removal
Want to learn more about cybersecurity and cloud technologies from industry leaders? Cyber Security & Cloud Expo runs events in Amsterdam, California, and London and is co-located with Digital Transformation Week.
Discover other upcoming enterprise technology events and webinars presented by TechForge.