ELECTRONICS (ICS 31), TELECOMMUNICATIONS. AUDIO AND VIDEO ENGINEERING (ICS 33), INFORMATION TECHNOLOGY. OFFICE MACHINES (ICS 35)
Draft law introducing additional security measures for the provision of mobile 5G services (37 page(s), in French; 37 page(s), in Dutch)
This draft law imposes restrictions on the use of network elements coming from manufacturers that pose a high risk in the context of 5G. To this end, the present draft establishes a system whereby operators of a mobile network of the fifth generation are required to obtain prior authorisation from the ministers concerned before deploying 5G network elements. If they have already started rolling out their 5G network, they will have to submit a request for regularisation to the ministers concerned. The system of prior authorisation or regularisation is introduced in the Electronic Communications Act, as it primarily concerns the telecom operators and, at least in terms of the quality of the suppliers' products and practices in terms of security, it touches on the security of the operators' networks and services. As some operators have already started to deploy 5G and in order to minimise the impact of the present law on their 5G deployment strategy, it is important to quickly define the requirements in this regard.
We would like to draw attention to the fact that this draft law has already been notified to the European Commission in the context of the 2015/1535 (TRIS) notification procedure and has since undergone some changes, to take into consideration the opinion of the Belgian Council of State, whereunder the following which we deemed not to be significant in the context of Article 5.1.3 of Directive 2015/1535 (EU):
- A definition of the notion of 5G has been introduced (reduction of scope);
- More clarity has been given about which private 5G network operators could be subjected to the authorisation regime (clarification of the text);
- A mobile network operator shall submit its authorisation request to the BIPT, according to the modalities it sets on its website (clarification of the procedure);
- The "list of sensitive areas" will be determined by the King, after the opinion of the National Security Council + the Royal Decree identifying these areas will be published in the Moniteur Belge (adjustment of the procedure);
- The ministers concerned have 3 months to finalise the (draft) decision + 2 months after the hearing or after the receipt of written observations to adopt the decision (adjustment of the procedure);
- The requirements for the operation of the network from the territory of the EU will now be fixed by Royal Decree (and no longer in the law) + will only be applicable for the essential activities of the operator;
- Location/operation of the network: the King will determine the dates for the obligations to come into force (but not before 1/01/2026).