Telco Security Landscape 2025
Connect Europe is glad to collaborate with ETIS and TNO on this edition of the Telco Security Landscape to translate the technical analysis provided by ET-ISAC into actionable policy recommendations that align with Europe’s current political and regulatory context. The Telco Security Landscape depicts key developments that will affect the (cyber) security priorities for European telecommunications providers over the coming years.
We hope that the integrated Landscape can then serve as a key reference point for European decision-makers as they consider the security priorities that need to be addressed through public policy initiatives.
Security and technological sovereignty are now central to Europe’s digital policy agenda. Escalating geopolitical tensions and increasingly frequent natural disasters have heightened concerns about the resilience and security of Europe’s critical infrastructure. Securing connectivity networks, from the sky to the seabed, has become a political priority.
The deepening interdependence between telecom and other critical sectors like energy, transportation, and government, highlights our industry’s vital role in safeguarding customers, as well as the broader economy and society. This means that telecoms must invest significantly and continuously in the security and resilience of their infrastructure and services.
According to the Landscape, operators need to invest in network automation and orchestration, modernise legacy systems, adopt AI and post-quantum cryptography, and attract cybersecurity talent. However, these efforts are hampered by the sector’s structural challenges, such as low returns on investment, market fragmentation, heavy regulation, and intense competition from mostly non-European tech giants. Connect Europe’s State of Digital Communications 2025 reports a 2% decline in telecom investment in 2023 – the first drop in seven years – signalling a critical turning point. A new policy approach is essential to reverse this trend, promoting sustainable growth, innovation, and investment.
Beyond underinvestment, Europe faces a weak ecosystem in critical connectivity technologies. Telecom networks are increasingly dependent on cloud, AI, and other technologies, most of which are produced outside Europe, while Europe’s share of the global ICT market has fallen by 10% in less than a decade. To foster “Made in Europe” innovation, funding mechanisms need strengthening, and public procurement must be better leveraged. A more vibrant telecom ecosystem would support the transition to cloud-native infrastructure, offering a wider choice of trusted solutions while ensuring significant investments on the critical telco infrastructure.
Finally, the EU telecom sector is focused on implementing new regulations like the NIS2 Directive, DORA, the CRA, and national measures from the 5G Security Toolbox. These frameworks address critical issues like supply chain integrity. However, the coexistence of various European risk management and reporting obligations, alongside national requirements, risks undermining legal clarity. Harmonising these regulations across the EU and the broader European region is essential for consistency and legal certainty.
To help our industry meet the challenges outlined in the Landscape, we recommend the following to policymakers:
Recognise the sector’s crucial role in enhancing resilience across all industries and acknowledge the cost of maintaining secure and resilient telecom infrastructure in the broader debate on the future of connectivity in Europe and the 2030 Digital Decade targets, ensuring these investments are supported through private and public funding.
Adopt a new regulatory approach for the telecom sector, guided by the upcoming Digital Networks Act (DNA), and a forward-looking competition policy that strengthen the sector’s fundamentals and enable scalability to sustain the continuous investment needed to maintain security and resilience amid heightened cyber and physical threats.
Simplify and harmonise security regulations across markets and streamline reporting obligations to allow operators to allocate resources more effectively to security. This would also enhance cooperation between authorities and operators in fighting large-scale threats.
Enhance European capabilities by supporting a competitive ecosystem in strategic network technologies, strengthening cooperation against cybercrime, and leveraging funding mechanisms and fiscal incentives to drive public and private investment in cybersecurity and cyber culture.
