A national assessment of the risks associated with the next generation of communications infrastructure is the first step toward an EU-wide cyber-security strategy.

The European Commission’s incoming president, Ursula von Der Leyen, will have a series of politically delicate hurdles to contend with in the field of cyber security when she assumes office on 1 November 2019.

Not least is the domain of 5G communications, where the EU has come under increased pressure from its American counterparts to adopt a hostile position against next-generation technologies emanating from Asia-based companies.

Following a Commission recommendation for a common EU approach to the security of 5G networks, member states have recently submitted national risk assessments that provide an overview of their most pressing concerns in the future development of 5G infrastructure. These will feed into the next phase, an EU-wide risk assessment to be completed by 1 October 2019, which the Commission says will be the first step toward implementing a real cyber-security strategy across the EU.

Is this so important for ordinary users and consumers? It’s not so long ago that we heard the news about vendors from illiberal countries being involved in scandals such as the backdoors in Vodafone Italia’s fibre network provided by Huawei. As we move to a society where connected devices are part of daily life, from smart lights to smart home locks to connected cars, the privacy and security of the network will be central to everyday life.

According to research by analysts Berg Insight, there were a total of 22.5 million smart homes in Europe at the end of 2017. This number is predicted to grow to 84 million homes by the end of 2022, representing a market penetration of 35 per cent. Add to this an estimated 45 million smart homes in the United States at the end of 2017.

Consumers want to be able to rely on their network provider to keep what happens inside their smart buildings private and stored securely. For this reason, security must be a defining feature of the standards and norms that govern the global ICT supply chain, as well as the individual pieces of software and hardware that businesses and consumers depend on. Inaction risks undermining the ability of businesses and individuals to exercise meaningful choice in critical 5G and other ICT products and services.

Some of the EU’s largest member states, including Germany and Italy, have used the auctions of spectrum licenses as a cash cow for their national budgets instead of seeing newly utilised frequencies as a gamechanger for consumer connectivity. This has led to the undesired consequence that many operators are cash-strapped and tend to go for cheaper and less trustworthy infrastructure providers. The result is a toxic reliance on very few suppliers, some of whom are accused of operating with questionable motives.

If the next Commission wants to successfully secure the digital ecosystem, it has to coordinate technical standards for interoperability, such as the more trustworthy open-source solutions, and promote an environment based on transparency and trust to make sure national governments will implement liability rules for operators and resellers of software and devices that expose consumers to the risk of malicious and illegal interference. This is the only way to protect consumers, promote innovation and foster safe digital lives for consumers.

Luca Bertoletti is senior European affairs manager at consumer advocacy group the Consumer Choice Center.