EUR-Lex Access to European Union law

Back to EUR-Lex homepage

This document is an excerpt from the EUR-Lex website

Document 52022XG0701(01)

Council Conclusions on the Special Report No. 03/2022 by the European Court of Auditors entitled ‘5G roll-out in the EU: delays in deployment of networks with security issues remaining unresolved’ 2022/C 252/03


OJ C 252, 1.7.2022, p. 3–4 (BG, ES, CS, DA, DE, ET, EL, EN, FR, GA, HR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)



Official Journal of the European Union

C 252/3

Council Conclusions on the Special Report No. 03/2022 by the European Court of Auditors entitled ‘5G roll-out in the EU: delays in deployment of networks with security issues remaining unresolved’

(2022/C 252/03)


RECALLING its conclusions on improving the examination of special reports drawn up by the Court of Auditors in the context of the discharge procedure (1);


TAKES NOTE of the Special Report No. 03/2022 by the European Court of Auditors entitled: ‘5G roll-out in the EU: delays in deployment of networks with security issues remaining unresolved’ (2), which generally covers the period between 2016 and May 2021.


STRESSES the strategic importance of the timely deployment of high-quality 5G networks within the EU to enable innovative business models and public services essential for the functioning of the internal market.


HIGHLIGHTS that delays in assigning the spectrum may be attributed to different reasons and that the situation in terms of 5G deployment may have evolved in certain Member States since the data was collected and processed. Therefore, EMPHASISES the importance of using verified data and the need for conclusions based on clear criteria/methodology.


RECALLS its Conclusions on the significance of 5G to the European economy and the need to mitigate the security risks linked to 5G, in which it CALLED UPON the Member States and the Commission, with the support of ENISA, to take all necessary measures within their competences to ensure the security and integrity of electronic communication networks, in particular 5G networks, and continue to consolidate a coordinated approach to address the security challenges related to 5G technologies and to identify effective common methodologies and tools to mitigate risks related to 5G networks (3).


RECALLS the strong collaborative approach of the Member States and the Commission that led to the adoption of the EU 5G cybersecurity toolbox (4), which provides a framework of measures to mitigate the security threats associated with 5G networks with a view to promoting an adequate level of cybersecurity of such networks in the internal market.


EMPHASISES the importance for Member States to achieve the implementation of the EU 5G cybersecurity toolbox, in particular regarding the application of the relevant restrictions on high-risk suppliers for key assets defined as critical and sensitive in the EU coordinated risk assessments (5).


HIGHLIGHTS that the EU 5G cybersecurity toolbox represents an agile risk-based instrument to address identified security challenges, which allows to handle 5G cybersecurity aspects in a timely and efficient manner, while respecting the competences of the Member States, and their sole responsibility for national security, in accordance with Article 4(2) of the Treaty on European Union, including in the domain of cybersecurity.


RECALLS the requirement asserted by the Commission in its communication, Shaping Europe’s digital future (6), that any business providing services to EU citizens should accept and respect EU’s rules.


TAKES NOTE of the conclusions and recommendations of the Special Report and RECOGNISES in particular that:

not all Member States refer to the Commission objectives in their national 5G strategies or broadband plans;

the European Electronic Communication Code (EECC) (7) has not yet been transposed in all Member States;

the spectrum for the 5G networks has not, or not entirely been assigned in all Member States;

the likelihood of a vendor being subject to interference from the government of a non-EU country is an important factor defined in the toolbox as determining a vendor’s risk profile; criteria to assess this potential interference include characteristics of the third country’s legal framework, including whether it guarantees a sufficient level of data protection.


TAKES NOTE of the Commission’s replies that accompany the Special Report (8) and the acceptance of the Special Report’s Recommendations by the Commission.


INVITES the Member States and the Commission to pay attention to the recommendations of the Special Report and encourages them to consider those recommendations when elaborating their policies on the development of their 5G networks while ensuring the security of those networks by the application and further development of the 5G cybersecurity toolbox, in light of new security issues emerging from technological trends and developments in the 5G supply chain.


INVITES the Commission to work together with the Member States to recommend policies and measures in order to reach the European connectivity targets and 5G coverage of all populated areas in the Union by 2030, while taking into consideration pivotal geopolitical and economic factors - like the Russian Federation’s aggression against Ukraine - that may hinder progress towards the achievement of such targets and have significant consequences in terms of cross-border coordination of Member States with non-EU countries.


INVITES the Commission, with the support of ENISA, and the Member States to continue the coordinated EU-cooperation on the 5G security measures and the monitoring of the implementation of the 5G cybersecurity toolbox and to assess the need for a more homogeneous approach to the use of its elements.

(1)  7515/00 + COR 1.

(2)  WK 5636/22 INIT.

(3)  ST 14517/19.

(4)  Cybersecurity of 5G networks EU Toolbox of risk mitigating measures, agreed by the NIS Cooperation Group.

(5)  Conclusions of the special meeting of the European Council of 1 and 2 October 2020, EUCO 13/20 .

(6)  Communication-shaping-europes-digital-future-feb2020_en_3.pdf (

(7)  Directive (EU) 2018/1972.

(8)  COM-Replies-SR-22-03_EN.pdf (