A new security law being unveiled on Tuesday threatens telecoms giants with hefty fines if they fail to tighten security.
The Telecommunications Security Bill bans the involvement of Chinese firm Huawei in the UK’s 5G mobile network.
But it also says that companies which fail to meet deadlines for higher security requirements could face enormous fines.
Some of these could be 10% of turnover, or more than £100,000 a day.
Attempts to ban Huawei from the 5G network have been continuing for more than a year. But the new bill is the first step in enshrining such bans in law, and offers details of exactly how it will work – assuming Parliament passes it.
The bill provides government with national security powers, allowing it to give instructions to the big telecoms companies such as BT about how they use “high risk” vendors including Huawei.
But a new measure contained within the draft law is that any companies which do not live up to expectations will face heavy fines for failure. The threatened sum of £100,000 a day would only be used in the case of “continuing contravention”, the government said.
Ofcom, the communications regulator, will be given the job of policing the rules – along with new powers it may need to do so.
The move to formally legislate follows months of national and international political wrangling over the company’s threat to security and its alleged links to the Chinese state.
Initially, the UK decided that Huawei equipment should be removed from the sensitive part of the core network, and only make up a maximum of 35% of the non-core systems. The deadline was set to be 2023.
However, amid pressure from the United States, it was revised to order the complete removal of Huawei kit from the entire 5G network by 2027.
In recent days, Huawei has commissioned economic research showing that a ban on its 5G equipment will prove a costly setback to the UK’s 5G ambitions, and has mounted a publicity campaign with a simple message to the government – you’re making a big mistake.
The Chinese company seemed to think that the defeat of Donald Trump, whose US administration had lobbied so hard for the ban, might make ministers think again. If so, this bill shows that assumption was wrong, though both Huawei and the mobile operators will be relieved that the government has resisted pressure from some Conservative MPs to move the deadline to remove its equipment forward to 2025.
Huawei may also be more focused now on making sure other countries in Europe do not follow the UK’s lead. Meanwhile, the mobile operators are getting on with signing new deals with Nokia and Ericsson, and seem to be markedly less vocal in their claims that taking Huawei out of the equation would be a costly catastrophe.
“We are investing billions to roll out 5G and gigabit broadband across the country, but the benefits can only be realised if we have full confidence in the security and resilience of our networks,” Digital Secretary Oliver Dowden said.
“This groundbreaking bill will give the UK one of the toughest telecoms security regimes in the world and allow us to take the action necessary to protect our networks.”
The Department for Digital, Culture, Media and Sport (DCMS) said the security obligations were likely to include things such as rules on who had access to sensitive parts of the “core” network, how security audits were conducted, and protecting customer data.
The technical director of the National Cyber Security Centre, Dr Ian Levy, said “our national networks and operators need to know what is expected of them”.
He added: “We are committed to driving up standards, and this bill imposes new telecoms security requirements which will help operators make better risk-management decisions.”
Huawei, however, dismissed such concerns about its own operations.
“This decision is politically motivated and not based on a fair evaluation of the risks,” said Huawei vice-president Victor Zhang.
“It does not serve anyone’s best interests as it would move Britain into the digital slow lane and put at risk the government’s levelling-up agenda.”