The HCSEC was created in 2010 as a way for the UK government to keep a close eye on the company as it moved into telecommunications infrastructure in the country. The oversight board came about four years later -- it contains a senior executive from Huawei and senior representatives from various levels of government and the telecommunications sector. After saying that the HCSEC has been effective in pursuing its mission, the report states that it has "identified shortcomings in Huawei's engineering processes" that have "exposed new risks in the UK telecommunication networks and long-term challenges in mitigation and management."

The HCSEC wants to make sure that Huawei can deliver consistent binary code for its products. That way, it can be assured that such code does not contain anything malicious that could attack UK telecommunications systems (or leave them vulnerable to attacks). Huawei was only able to show that one of four specific products had software builds that were reproducible. The report notes that this particular build has not yet been distributed by any UK operators, but may be in the near future, with the other three products becoming available later this year if they can provide reproducible binaries as well.

Ultimately, the oversight board reported to the UK's National Security Adviser that it can "provide only limited assurance that all risks to UK national security from Huawei's involvement in the UK's critical networks have been sufficiently mitigated."