The government has extended two deadlines for the removal of Huawei equipment from the UK’s 5G networks.
The requirement to remove the Chinese company’s products from the network core has been pushed back 11 months, to 31 December 2023.
And a limit on the amount of Huawei kit in fibre-broadband infrastructure must now be achieved by the end of October,l rather than July, next year.
It follows advice from the National Cyber Security Centre.
The NCSC decided the security of Huawei’s products could no longer be managed, in 2020, following a US decision to place the company under sanctions, and the UK government said all its equipment had to be stripped out of the UK by the end of 2027.
This and eight other interim deadlines remain unchanged.
The US authorities fear Huawei’s 5G equipment makes countries vulnerable to their data being accessed by the Chinese state or having critically important services switched off.
Huawei has denied being controlled by the Chinese government or posing a security threat.
The new deadline extensions follow consultations with Huawei and UK telecoms providers.
The government said a small number of operators had indicated – because of the pandemic and global supply-chain issues – the original deadlines risked network outages and disruption for customers.
Providers should meet the original targets wherever possible, it said, and it expected most of them would do so.
The direction to remove Huawei equipment is also being put on a legal footing through the handing of notices called designated-vendor directions to all 35 UK telecoms network operators, under the Telecoms Security Act, which came into force in November 2021.
Digital Secretary Michelle Donelan said it allowed the government to “drive up the security of telecoms infrastructure and control the use of high-risk equipment”.
“We must have confidence in the security of our phone and internet networks, which underpin so much about our economy and everyday lives,” she added.
NCSC technical director Dr Ian Levy said: “The Telecoms Security Act ensures we can be confident in the resilience of the everyday services on which we rely and the legal requirements in this designated-vendor direction are a key part of the security journey.”
Huawei has been issued a separate document – a designation notice – which categorises the company as a high-risk vendor of 5G network equipment and services and sets out all of the reasons the government considers it a national security risk, including the impact of the US sanctions.