This study addresses the question of the security risks that arise from the O-RAN implementation of a 3GPP RAN as specified by the O-RAN Alliance. It starts with a functional description of a 3GPP RAN and the O-RAN architecture. The study then presents a risk analysis that was undertaken on this basis while factoring in the protection goals of confidentiality, integrity, accountability, availability and privacy. Three stakeholders are considered in assessing the risks associated with a violation of these security objectives: the user of a 5G network, the operator of a 5G network and the state as an entity representing the societal perspective.