FRANKFURT AM MAIN: The German government approved a draft IT security law Wednesday that raises the requirements for manufacturers working on critical infrastructure like the country’s next-generation 5G mobile network, in a potential setback to China’s Huawei.
Under the proposed legislation, which must still be approved by parliament, “critical components” in strategic installations such as telecommunications can only be used if the supplier submits a “declaration of trustworthiness”.
Critical components are defined as of such importance that a failure would have dramatic consequences, the interior ministry said.
Manufacturers will have to guarantee that the components don’t have any technical features that could influence the security or proper functioning of the infrastructure, particularly for the purposes of “sabotage, espionage or terrorism”, according to the bill.
It will also be possible to ban certain components if their manufacturer has not reported known weak points.
Chinese tech giant Huawei, a world leader in the telecoms industry, could be hit by the new legislation. The United States has long accused Huawei of being a conduit for espionage by Beijing and has pressured allies to exclude the firm from their telecoms infrastructure.
After Britain in July, Sweden in October became the second country in Europe to ban Huawei equipment although the decision is on hold pending a legal appeal.
Germany however has so far ruled out barring individual firms from its 5G rollout. Beijing and Huawei have strongly denied the spying accusations.
An interior ministry spokesman said the new draft law does not “target any particular manufacturer”.
But the legislation has raised eyebrows among industry observers.
“The definition of critical components and their use in critical infrastructures remains too vague,” said Achim Berg, president of the Bitkom federation of digital companies.
The new requirements “offer no legal, planning or investment security” for companies, he added.