National Cyber Security Centre
Printable version

Advice for users of Huawei enterprise equipment

This guide explains implications of US action against Huawei, its US suppliers and affiliates.

It also recommends actions which UK organisations, with Huawei products in use, can take to prepare for and mitigate resulting security concerns, particularly if the current licensing regime is not renewed.


On Wednesday 15 May 2019, the United States of America’s Commerce Department placed Huawei and 70 affiliates on its “Entity List”.  This meant that suppliers who normally supply Huawei with US products (including software updates and other technology) were no longer able to do so without a licence from the US Government. 

On Monday 20 May 2019, the US Commerce Department issued a temporary general licence (TGL) restoring suppliers’ ability to provide Huawei with what it needs to maintain some existing products.

The NCSC understands that the TGL allows companies (at their discretion) to provide support and services to equipment that was made available to the public before 16 May 2019. The TGL is currently set to expire on 19 August 2019. If it is not extended or replaced, Huawei’s suppliers may be unable to provide future support unless they are granted individual licences from the US government enabling them to do so.

For customers of Huawei enterprise equipment, this could hamper the ability to obtain new or replacement hardware and receive software updates, including security updates for existing products. This will apply to devices such as routers, switches, wireless access points and compute/storage appliances. Managed services and support contracts are also likely to be impacted.

What should Huawei enterprise IT customers do?

Customers with Huawei equipment currently deployed should continue to use it as normal.

In the short term, it is unlikely that any issues will be encountered obtaining spares and updates. As such, there is currently no need to replace otherwise operational infrastructure.

If equipment that is deployed has not been updated for some time, ensure that current available updates are applied. This will minimise disruption in the event that these updates become unavailable in the future.

You should also seek to understand the extent of your use of this equipment, and ensure you have plans in place should it become unsupportable. This includes how issues arising would be dealt with in your environment. For example, security vulnerabilities that cannot be patched.

If you are currently undergoing a procurement exercise ensure that the potential unavailability of support is taken into account when making decisions on the intended lifetime of equipment, as you usually would.

The NCSC continues to assess the situation and will provide further advice for Huawei customers as appropriate.

Channel website:

Original article link:

Share this article

Latest News from
National Cyber Security Centre