Germany’s Interior Ministry is currently conducting an audit of the country’s 5G mobile network to assess the extent to which it relies on components from Chinese tech giants Huawei and ZTE. Unlike other EU countries and the US, which have banned equipment from these companies due to concerns over national security, Germany has chosen not to impose a full ban. Instead, it has announced that all components considered “critical IT infrastructure” will require certification from authorities. This decision has faced pressure from the US, but Germany is determined to prioritize security while avoiding any unnecessary costs.
It has been anticipated that removing Huawei and ZTE equipment and replacing it with alternative components could be costly, potentially presenting a financial obstacle. However, Germany’s Interior Minister, Nancy Faeser, has reassured the public that cost concerns will not impede the removal process. She stated, “We will prohibit components if they pose a serious security risk. The network operators will have to act and dismantle the components.” This demonstrates Germany’s commitment to ensuring the security of its 5G network, regardless of the financial implications.
In Australia, the Australian Cyber Security Centre (ACSC) has pledged support for organizations that fall victim to cyberattacks. While the ACSC is not a regulator, it is the government’s lead responder to cyber incidents. Abigail Bradshaw, the head of the ACSC, encourages organizations to join the agency’s threat intelligence sharing platform and cyber defense partnership program, which currently has 140,000 members. The ACSC, which operates under the Australian Signals Directorate (ASD), extends its coordinated support to both civil and defense agencies. The ACSC’s primary focus is on minimizing harm and assisting with remediation and recovery efforts.
To strengthen its cybersecurity capabilities, the ASD plans to double in size and triple its offensive cyber capabilities over the next four years. The expansion of the ASD’s capabilities reflects the increasing importance placed on proactive prevention, resilience, and recovery. According to Kris Lovejoy, a global security and resiliency leader at US tech advisory firm Kyndryl, organizations should allocate more resources to recovery efforts. Lovejoy emphasizes the importance of not only proactive prevention but also effective reaction and bouncing back from cyber incidents. Recommendations include backing up critical support systems such as usernames, passwords, and devices that control key manufacturing or product systems.
Meanwhile, the European Union’s new tech laws, approved in July, are set to take effect in the coming weeks. Meta (formerly Facebook) and Apple, as major US tech giants, are making preparations for the sweeping changes expected. These new laws aim to regulate content and promote competition, making them the most substantial expansion in digital regulation in the Western world. Noncompliance with the laws can result in significant fines.
The Digital Services Act will introduce social media and search engine rules in late August, followed by the determination of which tech services will fall under the competition rules of the Digital Markets Act in early September. These changes will challenge the monopoly of big tech companies, requiring them to grant more freedom to users in terms of app installation and browser selection. In response, Apple is working on allowing users to install apps from non-Apple app stores, while Google is developing a choice screen to simplify the process of selecting a browser.
The implementation of the new rules poses a significant undertaking for companies like Google. Kent Walker, Google’s president of global affairs, acknowledged that each provision of the laws necessitates process and architectural changes. Compliance with the rules carries financial consequences, with potential fines of up to 6% of global revenue for online content violations and 20% of revenue for repeated breaches of digital competition rules. The EU also has the authority to compel non-compliant companies to break up their operations. However, enforcing these laws may prove to be a challenge, requiring additional staff members and a new center in Seville, Spain for analyzing technical data reported by companies.
As the EU’s new tech laws come into effect, companies, especially major tech giants, must adapt to the regulations and ensure compliance to avoid financial penalties. These changes aim to create a more competitive and regulated digital landscape, allowing users more control over their online experiences. It remains to be seen how effectively these laws will be enforced and what implications they will have on the global tech industry.