But the Foreign Secretary Dominic Raab has said the decision would not affect the UK’s intelligence-sharing relationship with the US and other close allies.
“Nothing in this review affects this country’s ability to share highly-sensitive intelligence data over highly-secure networks both within the UK and our partners, including the Five Eyes,” the minister told the House of Commons.
Huawei has always denied that it would help the Chinese government attack one of its clients. The firm’s founder has said he would “shut the company down” rather than aid “any spying activities”.
Conservative MP Tom Tugendhat, former chair of the Foreign Affairs Select Committee, tweeted that the government’s “statement leaves many concerns and does not close the UK’s networks to a frequently malign international actor”.
Over the limit
Three out of four of the UK’s mobile networks had already decided to use and deploy Huawei’s 5G products outside the core in the “periphery”.
Two of them – Vodafone and EE – now face having to reduce their reliance on the supplier, as more than 35% of their existing radio access network equipment was made by it.
The cap also applies to the Shenzen-based firm’s involvement in the rollout of full-fibre broadband.
“We need to diversify the market significantly in the UK so that we have a more robust supply base to enable the long-term security of the UK networks and to ensure we do not end up nationally dependent on any vendor.”
The new rules still have to be debated and approved by MPs.
Tim Morrison, a former US National Security Council official, urged them to rebel.
“There is still time for backbenchers in both parties to save the special relationship and the privacy rights of Britons if they vote to block this mistake by the government.”
What is the core and why is Huawei being kept out of it?
A mobile phone network’s core is sometimes likened to its heart or brain.
It is where voice and other data is routed across various sub-networks and computer servers to ensure it gets to its desired destination.
authenticating subscribers so that specific users only get access to the services they have paid for and opted into
sending a call to the right radio tower to connect to another person’s mobile phone
managing facilities such as call-forwarding and voicemail
delivering SMS messages and multimedia from one handset to another
routing data back and forth to third-party services such as apps and websites
keeping track of usage to calculate an individual’s bill
While once, a lot of this involved physical equipment known as routers and switches, in the 5G world much of this kit has been “virtualised”. That means software rather than specialised hardware now takes care of much of the job.
This opens the door to new capabilities. But a perceived risk is that it could also open the system up to new kinds of attack.
And even if encryption means the information being handled cannot be spied upon, the fear is that a rogue participant could still crash the network – or at least disrupt the data flow.
How does this differ from the rest of the network?
The core is distinct from the Radio Access Network, which is sometimes referred to as the “periphery”.
The RAN includes the base stations and antennas used to provide a link between individual mobile devices and the core.
Insiders sometimes describe this as the “innovative but dumb” part of the network. That is because new traffic management software and other advances mean more traffic can be handled than before, but the equipment does not actually affect what happens to the data itself beyond transmitting it back and forth.
Although it has commonly been reported that Huawei’s advantage here is cost, industry insiders say a bigger advantage is that it can currently do the same job as its rivals using fewer antennas. That means fewer planning permission requests need to be approved, and 5G can be rolled out more quickly as a result.
The theory is that by limiting Huawei to the RAN but banning it from the core, the authorities make the risk of its involvement more “manageable”.
So why are the Americans still worried?
The Trump administration’s cyber-security chiefs, along with their Australian counterparts, contend that over time the “edge” – the name given to the boundary between the core and periphery – will disappear, as more and more sensitive operations are carried out closer to users.
As a result, they claim it will no longer be possible to keep Huawei, and by extension the Chinese state, out of the network’s most sensitive areas.
UK network operators acknowledge that over time more functions will indeed move from centralised sites to individual exchanges and even base stations themselves.
But they are adamant that they can still design the architecture of their networks to keep the core distinct and protected.