In a global context dominated by rapid technological advances and the increased need for security of critical infrastructures, Romania adopted Law no. 163/2021 on the adoption of measures related to IT and communication infrastructures of national interest and the conditions for implementing 5G networks (the “5G Law”), published in the Official Gazette no. 590 on June 11, 2021.

We recall, the 5G Law was based on the 2019 Memorandum of Understanding between Romania and the United States and the 5G Toolbox, a set of recommendations from the European Union developed by ENISA and the NIS Cooperation Group to safeguard cybersecurity in 5G networks and related infrastructures.

Currently, a draft amendment to the 5G Law, proposed by the Ministry of Research, Innovation, and Digitalization (MCID), was approved by the Senate in December 2024 and is now under review by the Chamber of Deputies.

Key proposed amendments

1. Extending the authorization requirement to distributors and integrators

A central aspect of the current version of the 5G Law is the mandatory authorization for the use of technologies, equipment, and software in IT infrastructures of national interest and in 5G networks. In its current form, this requirement applies only to producers, broadly defined to include any entity that designs, manufactures, or markets products under its own brand.

The draft amendment extends the authorization requirement to:

• Distributors, defined as persons who make available on the market technologies, equipment, services, and software designed, manufactured, and/or marketed by another authorized person;
• Integrators, defined as persons who carry out activities of integrated implementation of technologies, equipment, services, and software from several authorized producers or distributors, for the purpose of designing solutions, delivering hardware and software, developing applications, configuring them, and ensuring maintenance.

2. Introducing the concept of “5G or later networks”

To keep pace with technological developments and the anticipated rollout of 6G technologies, the law will extend regulations to future generations of networks and electronic communication services. Thus, the term “5G networks” in the draft amendment will be replaced with “5G or later networks,” explicitly covering all relevant future technologies.

3. Simplifying bureaucratic procedures

The procedure for submitting authorization requests essentially remains unchanged: the applicant submits the documentation to Ministry of Economy, Digitalization, Entrepreneurship and Tourism (MEDET), which verifies the existence of the required documents without conducting a substantive analysis. MEDET initiates the procedure to place the request on the agenda of the Supreme Council of National Defense (CSAT).

If, following the checks carried out by MEDET, it is found that the documentation needs to be completed or CSAT requests clarifications on certain aspects relevant to resolving the request, MEDET will notify the applicant. In this situation, the four-month deadline for resolving the request begins to run from the date of submission of the complete documentation required for obtaining authorization.

However, the proposed legislative amendments aim to eliminate some redundant steps in the authorization process, which in practice have led to significant delays in issuing authorization decisions. According to the new regulations, MEDET will transmit authorization requests directly to the General Secretariat of the Government, and not to CSAT, as currently provided in the 5G Law. This measure is expected to reduce the processing time for requests.

4. Modifying usage deadlines in case of authorization withdrawal or absence

In the event of authorization withdrawal, technologies, equipment, and software may be used for a maximum period of 6 years and 6 months from the date of withdrawal, except for those in the network core, which may be used for a maximum period of 4 years and 6 months. Under the current legislation, these deadlines are 7 years and 5 years, respectively.

Technologies, equipment, and software whose manufacturers, distributors, or integrators do not obtain authorization may be used until June 30, 2030, at the latest, except for those in the network core, which may be used until June 30, 2028, at the latest.

These deadlines are final and cannot be extended.

5. Public Procurement – authorized distributors and integrators

Contracting authorities in the fields of defense, public order, and national security will be able to require, through procurement documentation, that both manufacturers and distributors or integrators be authorized. If this condition is not met, economic operators will be excluded from public procurement procedures.

6. Establishment of RENPDI and digitization of the verification process

By December 31, 2025, the Authority for Digitalization of Romania (ADR) must create and manage the National Electronic Registry of Producers, Distributors, and Integrators (RENPDI).

This registry will centralize all data regarding authorized or unauthorized entities and will be integrated with the Electronic Public Procurement System (SEAP). The interoperability between RENPDI and SEAP will enable the digitization of the eligibility verification process for bidders in public procurement procedures, increasing the efficiency and transparency of the process.

How Boureanu Law Office Can Assist

We offer comprehensive legal support, step-by-step guidance, and representation before authorities to help clients navigate the authorization process for 5G technologies.

Contact us to ensure your compliance with the latest regulatory requirements and secure the necessary authorizations efficiently.