Seven governments in the Global Coalition on Telecoms unveiled a set of 6G Security and Resilience Principles at Mobile World Congress 2026, setting early guardrails for how next-generation mobile networks should be designed, deployed, and protected. Backed by industry partners, the framework outlines expectations for safeguarding 6G infrastructure against cyber and physical threats, strengthening supply chain resilience and ensuring continuous, reliable service. Coalition members said they will now work with industry and international stakeholders to translate the principles into implementation measures as 6G development accelerates.
As 6G networks move from concept to reality, their impact will extend deep into critical national infrastructure, shaping the security and reliability of essential services that societies depend on every day. Future power grids, transport systems, healthcare delivery, manufacturing operations and public safety platforms are expected to rely on high-performance, ultra-reliable connectivity. That raises the stakes well beyond faster consumer data speeds or new smartphone features.
Debate around 6G has largely centered on commercial appetite and how operators will balance the total cost of network ownership with the rollout of new services. As with previous generations, widespread adoption in mass market devices is likely to influence success, alongside enhanced service offerings built around those ecosystems. Ultimately, uptake will hinge on commercial viability for network operators, measured against key metrics such as spectral efficiency and energy performance, areas that are still under active study.
Yet 6G cannot be viewed solely through a commercial or technological lens. It will form a foundational layer of the digital economy and a strategic asset for nations. The International Telecommunication Union’s IMT-2030 Framework has already acknowledged this broader societal dimension by embedding public interest considerations into early design principles.
Security and resilience sit at the center of that mandate. Both public and private 6G networks are expected to become integral to daily life, making their integrity a matter of national consequence. Trust will determine commercial success as much as technical capability. Consumers and enterprises must be confident that 6G services are secure, resilient and protective of sensitive data. As these networks will underpin critical national infrastructure, they must be secure and resilient by design, establishing a strong baseline that supports operators in maintaining robust protections even under economic pressure.
The Global Coalition on Telecoms statement sets out the core security and resilience priorities that the partners say must guide the ongoing development of 6G. At its foundation, the 6G system is expected to deliver clear, measurable outcomes. Containment means limiting the ability of malicious actors or compromised software to move laterally across the network, reducing the risk that a single breach escalates into systemic disruption. Confidentiality requires that 6G be secure by design, protecting user data against interception or unauthorized access, including when transmitted over channels that are not physically secure.
Additionally, Integrity ensures that data cannot be altered in transit without detection and that the underlying network infrastructure itself remains trustworthy and protected from tampering. Resilience demands that 6G networks maintain service availability even under stress, including during cyber incidents or physical disruptions, with particular attention to emergency and first responder communications. This also extends to building secure and resilient supply chains that support network continuity.
Lastly, regulatory compliance means operators must be able to meet national legal and policy requirements as 6G is deployed. Together, these principles define the technological foundations required to achieve secure, resilient next-generation mobile systems.
The Global Coalition on Telecoms said that the 6G system should be developed with security as a foundational principle, considered at all stages, from development to deployment and ultimately operation. The 6G system must be consciously designed to be more secure than previous generations and manage legacy vulnerabilities where it relies on existing systems. Security controls should be informed by a proper examination of current and future threats, and decisions about the architecture and overall system requirements of the 6G system should properly consider the security model that they need to enable at an early stage and how they might need to evolve.
“The doctrine of 6G being ‘secure by design’ is now widespread but as the initial 6G system is developed, it is imperative that we move from rhetoric to practice – building upon the progress we have seen in 5G,” the document detailed. “If security is not understood and integrated properly into architectures and solutions from the outset, including secure interworking with third-party and legacy systems, the cost of retrofitting or patching systems later will be prohibitive both to communication providers and to consumer safety and trust. 6G needs to be designed and implemented to avoid implicit trust of previous generations or peer networks with a clear logical separation for security.”
It added that 6G systems should transition away from perimeter security to more granular function-level security in line with the principles of zero trust, with continuous security monitoring of the network and effective logging to assess dynamically the likelihood of potential compromise of network components. This should be coupled with authentication and authorization of individual network components, based on a rule of verification before use and limiting a given component’s access to only data required to fulfil its function.
The Global Coalition on Telecoms noted that as 6G becomes embedded in critical national infrastructure, from energy grids and transport systems to healthcare and emergency services, its architectural choices will carry direct consequences for national security and operational continuity. The next generation of mobile networks is expected to deepen the shift begun with 5G toward virtualised network functions, separating software from dedicated hardware and running core capabilities on generic compute platforms.
In many deployments, this will rely on public, private or hybrid cloud environments capable of hosting multiple network functions and third-party applications on shared infrastructure. Greater multi-vendor integration, expanded AI-driven network management and advanced sensing capabilities will further increase data flows and dependencies across a complex ecosystem of providers and users.
These advances promise innovation and flexibility, but they also expand and reshape the attack surface in ways that traditional perimeter defenses cannot adequately address. A Zero Trust approach must be foundational, requiring continuous authentication and authorization within the network, not just at its edges. No function, device or application should be implicitly trusted because it sits ‘inside’ the system.
Network functions must be strongly authenticated before accessing other functions or sensitive data, with permissions tightly scoped to specific tasks and data sensitivity levels, including heightened protections for privacy-sensitive sensing data. Trust must also extend to the underlying platforms through secure roots and chains of trust.
Continuous monitoring will be equally critical. Operators need the ability to detect anomalous behavior across network components, user devices and AI agents, identifying undeclared capabilities or signs of compromise before threats spread.
Effective observability across both radio access and core domains will allow early intrusion detection, prevent lateral movement between network slices and reduce the risk of data exfiltration, all while preserving user privacy.
Finally, strong technical standards alone will not suffice without secure deployment models. Both physical and virtual infrastructure hosting standardized network functions must adhere to rigorous configuration management and hardened security baselines from day one. Continuous maintenance and oversight are essential to prevent misconfigurations and platform-level exploitation. At the same time, standards and regulatory frameworks must address sovereignty concerns, ensuring that cloud-based 6G deployments reflect the strategic importance of telecommunications networks as critical national infrastructure.
The coalition observed that the 6G system should take advantage of AI-driven mechanisms to monitor and respond to potential cybersecurity threats and incidents. At the same time, AI systems in telecommunications should be developed, deployed, and operated in a secure and safe manner.
“We must consider whether and what restraints are appropriate on the actions AI systems or agents are able to undertake autonomously, as well as mechanisms for secure recovery if AI services fail,” according to the Global Coalition on Telecoms. “This will require effective coordination between standards bodies like 3GPP and the IETF to ensure that agent authentication and authorisation are based on industry standard practices, and communication between them is properly secured and sufficiently robust to merit inclusion in our Critical National Infrastructure.”
Beyond the technology itself, deployment of AI agents must also properly account for potential risks arising from human error in training, deploying, supervising, and updating AI agents, whilst still enabling sufficient access to network data to fulfil their function. There are also challenges in determining clear lines of accountability for tasks handled by AI agents.
In January, the U.K. National Cyber Security Centre warned local authorities and critical infrastructure operators to strengthen defenses against denial of service attacks after a surge in pro Russia hacktivist activity aimed at disrupting services and taking websites offline. The alert came as the government relaunched its Cyber Action Plan, supported by 210 million pounds in funding to bolster resilience across the public sector. Overseen by a new Government Cyber Unit, the initiative seeks to accelerate security upgrades to government systems and safeguard access to essential services including benefits, tax platforms and healthcare.
