The conversation about digital sovereignty has stalled at the cloud. We’re debating which laws apply to data, who the hosting provider is, and the terms of the contract. That’s fair enough, but it’s just one layer. Beneath the servers lies a physical network, and that network runs on machines manufactured by a handful of companies. The question of who builds them, who maintains them, and who can access them remotely is distinct from the issue of the cloud. It’s older, more tangible, and has its own market.
Let’s define the terms here as well.
What Is a Network Equipment Manufacturer?
A telecom operator—such as Orange, SFR, or Deutsche Telekom—does not manufacture its own antennas or routers. It purchases them from an equipment manufacturer and then operates them. The equipment manufacturer is the company that designs and produces the hardware through which traffic flows: mobile antennas, base stations that cover a given area, RAN equipment that connects devices to the network, core network routers that route communications, and optical transport systems. This is the physical infrastructure—the part you can touch—as opposed to the services that run on it.
But the hardware is only part of the contract. Each piece of equipment contains firmware—the low-level software that controls it—written and updated by the manufacturer. And the operator almost always signs a maintenance contract that gives the equipment manufacturer remote access to diagnose failures, deploy patches, and upgrade the equipment fleet. Buying a network, therefore, isn’t just about purchasing pieces of equipment once and for all. It’s about forging a long-term relationship with the party that knows how they work on the inside and retains control over keeping them operational.
The State of the Market
The global RAN equipment market is dominated by a few major players. In Europe, Finland’s Nokia and Sweden’s Ericsson remain leading players, with a long-standing presence and a substantial portfolio of patents. But their market share is declining. China’s Huawei, long the leader in RAN, offers equipment at prices that European companies struggle to match, and captured massive market share before political restrictions curbed its expansion in the West. The pressure on prices is structural: an operator deploying a national network is dealing in billions, and the price difference carries significant weight in the decision-making process.
One notable absence stands out. France once had its own consumer electronics manufacturer, Thomson, which became Thomson-CSF, and later Thales for its defense and critical infrastructure electronics division. Thales remains a major industrial player, but in the realm of civilian telecom networks, this historic brand has exited the field. Europe therefore has two world-class leaders, and neither is French. The issue isn’t simply a matter of national flag color: it hinges on the industrial capacity that remains, and on the trajectory of those who still uphold it.
Why the equipment manufacturer has more control than the cloud provider
This is the point that the conversation about the cloud overlooks. The cloud provider holds your data and processes it under a specific license. The equipment manufacturer, on the other hand, is right in the pipeline. It manufactures the hardware through which all traffic—voice, data, and signaling—passes, even before it reaches any application server.
This position provides three concrete points of control. The first is physical access to the network: the hardware is deployed throughout the country, in central offices and at the base of cell towers, and it sees the raw data flow as it passes through. The second is the firmware: the manufacturer writes the code and decides its content with every update, which requires a level of trust that cannot be audited line by line across millions of devices. The third is maintenance: contracts provide for remote diagnostics and interventions, thus establishing a permanent, legitimate access channel that is necessary for operations. A cloud provider you leave behind leaves your data behind. An equipment manufacturer you depend on retains control over the infrastructure as long as the network is running—that is, continuously. The nature of this control is different, and it runs much deeper.
How 5G Changes the Equation
5G isn’t just faster 4G. It changes the network’s architecture. To maintain its speeds and latency, it increases density: where 4G covered an area with just a few antennas, 5G multiplies the number of transmission points, particularly small cells placed close together in urban areas. More equipment, installed closer together, means more hardware from a single vendor deployed deep into the territory.
This densification automatically expands the attack surface. Each piece of equipment is a point that receives firmware updates and supports remote maintenance; increasing their number means increasing the number of points to monitor and the dependence on the manufacturer. 5G also blurs the line between the core network and the edge by bringing intelligence closer to the edges, which dilutes the clear distinction that used to be made between sensitive areas and the rest. It is this combination—more critical hardware distributed more widely—that has brought the issue of equipment suppliers back onto the European political agenda with unusual clarity. The debates over excluding certain suppliers from 5G networks were not about data. They were about who would control the physical infrastructure of a network that, at this density, has become a structural dependency.
Telecom sovereignty, therefore, cannot be addressed using cloud-based tools. The law governing data says nothing about who manufactures the router, who writes its firmware, or who logs in at night to repair it. These are two separate issues, two layers, two markets. As long as we focus solely on the upper layer, we leave the most physical of dependencies outside the scope of the discussion.
Sources
- Ericsson Mobility Report, RAN market overview and global 5G deployment
- Nokia, annual reports and market share for network equipment
- European Commission, “5G Cybersecurity Toolbox,” recommendations on high-risk vendors, 2020
- ANSSI, prior authorization regime for 5G equipment (Law of August 1, 2019)
- Thales, history of the group formed from Thomson-CSF