The Costa Rican Union of Private Business Chambers and Associations (Uccaep) issued a criterion at the request of the Ministry of Science, Innovation, Technology and Telecommunications (Micitt) on Executive Decree No. 44.196- MSP-MICITT, “Regulation on Cybersecurity Measures Applicable to Telecommunications Services based on technology of Fifth Mobile Generation (5G) and higher,” which was published on 31 August 2023 in the Journal La Gaceta.
Uccaep pointed out that – with regard to the regulations in question, we regret that it has not been consulted, prior to its publication, with all those institutions, organizations or interested parties that may potentially be affected by the content of the regulations, as established by article 361 of the General Civil Service Law.
In this particular case, we believe that the different actors in the telecommunications industry, of course including operators, would have provided extremely valuable opinions on the most relevant technical aspects of this regulation during its preparation, as well as on the time and cost implications of the deployment of the 5G network in Costa Rica, he added.
They also indicated that our partners Infocom and Camtic are fully committed to working hard to implement the measures necessary to ensure the security of telecommunications networks, both those currently operating and those that will be deployed in the future.
It makes it clear that the private sector defends and promotes the principles of transparency, healthy competition and technological neutrality, which are complemented by other guiding principles in the field of telecommunications, such as effective competition, non-discrimination and flexibility in the choice of technological options.
Should it be borne in mind that cybersecurity is an issue that transcends telecommunications operators and their suppliers, and that it often also corresponds, even more decisively, to the behaviour and culture of care and safety of the end-users of telecommunications networks, including both public and private entities. In this way, it should not be understood that cybersecurity is the sole responsibility of the operators, they say.
They also highlight that all manufacturers of mobile telecommunications network equipment follow the standards dictated by the international organization 3GPP, which dictates the technical and security specifications for telecommunications equipment. On the other hand, GSMA and 3GPP developed a program for the security of network equipment, called NESAS, through which audits and safety tests are carried out on the network equipment of manufacturers, with the aim of ensuring the safety of these equipment from their design, development and use.
Is it clear that any new regulation has an impact on the activity it intends to regulate. In this particular case, the Regulation has, inter alia, a practical effect of excluding for the deployment of 5G networks, some providers of this technology for mobile networks, within a market that is very limited at the global level. We must bear in mind that competition in this market – all over the world, and particularly in Latin America – has played a key role in recent years in terms of innovation and better prices, which in turn has resulted in better services for companies and end-users, they argue.
Uccaep points out that it is incorrect to indicate that the Regulation only regulates the network elements that will be deployed in the future, as many of the network elements for the deployment of 5G in the country are already operational for 4G networks, and in accordance with the new provisions, it will be necessary to replace these existing network elements, which mean large investments. This creates uncertainty about these investments made and delays in the deployment of 5G technology.
Is it essential to consider the impacts of this type of regulatory provisions on the entire industry in a comprehensive manner, before making decisions that can result in technological delays and negatively affect the prices, conditions and quality of services provided to individuals and companies. There are challenges that the Regulation aims to address; but a complete analysis is also needed to minimize any negative impact on investments, on the capacity, form and speed of implementation of 5G technology, on the quality of current and future mobile telecommunications services, as well as their affordability,” they explain.
The Union of Chambers is concerned about the impact of the measures taken and, in this regard, the cost impacts and possible delays in the process towards the 5G route in Costa Rica will have a negative impact on investments, which is detrimental to the economy, the competitiveness of the country and the generation of jobs.
On the other hand, the Uccaep made it clear that in terms of the technical nature it supports the observations, comments and concerns expressed by Infocom and Camtic, as what they seek is to maintain an open and efficient market in the telecommunications industry in Costa Rica, to adopt adequate and internationally recognized cybersecurity standards, and to guarantee technological neutrality to promote competition and innovation in the sector.
Because of this, they ask the Micitt to analyze the observations made by the private sector through work spaces with the active participation of representatives of the private sector, in order to analyze the possible modifications that could be implemented in the current regulations and thus mitigate the negative effects that would result from the application of the provisions raised today.
If we work hand in hand, public and private sector, we can raise cybersecurity levels in the country effectively and with a comprehensive approach, and provide greater legal and technical certainty for the telecommunications industry and operators, without generating obstacles to the development of new technologies, which are essential at the current juncture,” they conclude.
This article has been translated from the original which first appeared in El Mundo