Huawei Technologies Austria GmbH

Trust must be based on facts, facts must be verifiable, and verification must be based on unified standards

1. Properly control the sector/entity list: Consider the proportionality principle and properly control the scope of the sector/entity list to avoid excessive control, increase of regulatory and compliance costs, dampened innovation enthusiasm of SMEs, or pressure on SMEs' digital transformation.
2. Assess and define the critical component/function list in a scientific manner: Use scientific methodologies to assess and define critical components/functions. Establish an element identification–based mathematical model according to 3GPP, ISO 27005, and other standards. Consider scenarios such as the impact duration and number of affected users. Only components that reach the critical level or above can be defined as critical components.
3. Test critical components and unify certification standards: Support and use unified certification standards to enhance the certification efficiency and reduce the costs for businesses. The EU CSA, released in April 2019, clearly recognizes the EUCC scheme as the unified foundation of European cyber security certification.
4. Conduct supply chain risk assessment based on facts and standards: Trust must be based on facts, facts must be verifiable, and verification must be based on unified standards. Project inspections and supply chain risk assessment should be non-discriminatory and proportionate. Restricting specific suppliers will bring serious damage and high costs to the economy