What is a 5G private network?

Private 5G networks are locally operated 5G mobile networks that are adapted to the specific requirements of the deployment area and take full advantage of the benefits and features of 5G. In most cases, these 5G networks will operate independently of the public mobile network.

Many companies deploying private 5G networks prefer the closed nature of the 5G network from an information security perspective. In this case, there is only one interface to the internal corporate network through which data is exchanged. In this case, the group of authorised users is usually limited to devices belonging to a specific company or institution.

Private 5G networks are also suitable for implementing telephony applications, especially if a private 5G campus network is already in operation for other purposes. For example, DECT (traditional cordless telephony) telephony can be replaced by the 5G network.

5G networks that are already in operation can be found in logistics use cases to control driverless transport systems in a specific area. Other deployment scenarios are described on the following page Use cases and applications.

In order to operate a private 5G network, it is necessary to apply to the Bundesnetzagentur (BNetzA) for a licence to use the corresponding frequencies (application forms under Bundesnetzagentur - Regionale Netze). As this licence is only granted for the use of spectrum at a specific location, the private 5G network must always be operated at a fixed location. If the private 5G network is to be used in different locations, a separate licence must be applied for each of these locations.

Target Group

This overview provides general information on issues closely related to the acquisition and operation of a private 5G network as a business or public authority. It is also intended to help you make a decision for or against a private 5G network.

Accordingly, this topic area is aimed at all institutions that are interested in deploying a private 5G network, are specifically planning to do so, or are already in the process of doing so.

Unlike public 5G mobile networks, private 5G networks in Germany are not regulated by the BSIG or the TKG. Therefore, companies or public authorities using or planning to use private 5G networks are not obliged to implement technical guidelines or to use certification. However, in order to protect their data and ensure the availability of the private 5G network, there is a high demand for security-by-design to secure the chosen connectivity solution in their own information network.

With IT-Grundschutz, the BSI provides a proven and recognised tool for establishing IT security. To make the operation and integration of 5G campus solutions as secure as possible with proven best practices, the BSI has worked with industry experts to develop IT-Grundschutz profiles and user-defined modules. These are designed to help enterprises and government organisations securely build, operate and integrate a 5G campus network into the corporate network. The BSI provides IT-Grundschutz profiles that support the security of 5G campus networks for the operating models described below. BSI IT-Grundschutz profiles for securing private 5G networks

Operation models

In addition to the decision to rely on 5G technology, it is important to clarify with the potential service provider the appropriate form of operation and the associated division of responsibilities. These responsibilities range from full outsourcing of all operational tasks to the service provider, including full network sovereignty, to the user institution organising and implementing the operation of the network itself, and all other options in between. Various models involving cloud solutions are also possible.

In-house operation

In the case of in-house operation, the user (institution) of the private 5G network is also the operator. The relevant 5G network hardware and software will be procured either through a service provider or directly from the manufacturer. Any configuration as well as the deployment of the network itself (e.g. distribution of radio units) is the responsibility of the user and can be supported by a service provider. The application for the use of the corresponding frequencies is submitted by the using institution directly to the BNetzA. The user has network sovereignty and is also responsible for the power supply. The hardware used is fully owned by the user. The SIM cards (physical or eSIM) are mostly provided by service providers.

Third-party operation

Third-party operation is where a service provider takes over the entire operation and maintenance of the private 5G network. Such service providers often specialise in private 5G networks. Some mobile network operators also have such an offering. The service provider takes on the role of network operator and therefore has network sovereignty. The frequencies used are usually still applied for by the user from the BNetzA. If a shared access network is used, they may also be provided by the service provider. Any configuration, provision of SIM cards and distribution of radio units is carried out by the service provider. Even with third-party operation, there is always the option of hosting the core in the cloud or using a cloud-hosted RAN. Again, different service providers offer different operating models.