Every few years, an event generates a wave of telecoms industry commentary about the threat China poses to Western operators. The Huawei exclusions, the 5G patent wars, and the supply chain decoupling each prompted a round of analysis. China’s 15th Five-Year Plan [FYP], published March 13, 2026, is generating a similar response among similar critics. We might be better served not to listen to Pavlovian responses.
That’s not because the geopolitical risk is overstated, but because Western operators can learn a more important lesson from the FYP.
China has identified the digital trust and authentication layer as a strategic national asset, is building the institutions to engage with it at scale, and is executing against a coherent plan. Western operators have the same underlying assets such as SIM infrastructure, subscriber identity, carrier-grade reliability, and network-level visibility over fraud and authentication events, but have not used them in anywhere like the same way to date.
The FYP does not prevent the rest of the industry from leveraging the opportunity that lies in trust and authentication, but it should hold up a mirror to the industry’s failure to take it.
Trust in The Plan
One of China’s most operationally significant moves in the identity space is already in market. In July 2025, China launched its national Cyberspace ID system, jointly developed by the Cyberspace Administration and the Ministry of Public Security. It offers a unified digital identity framework which provides a unique internet ID linked to real-world identity, integrated with the carrier layer, which major platforms including Taobao and Xiaohongshu started adopting within months of launch. The FYP deepens this architecture and extends its strategic ambition beyond national borders.
In January 2026, China’s top IP regulator announced that China intends to push for international IP rules in AI and emerging industries through WIPO in 2026, with Belt and Road IP cooperation “continuously deepened” in parallel. China dominates global AI patenting, accounting for roughly 40–60% of filings depending on methodology, and up to 70% in generative AI specifically. The FYP itself commits to “a new industry standardisation leading project” and “international mutual recognition of rules and standards” across key sectors. There are specific timelines for all this too, so – while the FYPs tend to be more a direction than a prophecy – this is more substantial than political theatre.
The plan for how this plays out in practice has precedent. ZTE, Dahua Technology, and China Telecom shaped ITU standards for facial recognition, video monitoring, and city surveillance, with those standards subsequently adopted as national policy across Belt and Road partner nations in Africa, the Middle East, and Asia, markets that typically lack the resources to develop independent standards and so default to ITU frameworks.
The mechanism is a well-trodden path which nevertheless tends to get insufficient attention. You write standards that match your own technology’s architecture so that it appears to be magically “just the way it is”, and then export your technology to everyone taking advantage of standards. The FYP’s standardisation language follows this playbook in AI and adjacent domains.
Coordination Plan
While it’s possible to be inflammatory or alarmist about this, we don’t need to overstate the problem. The ITU has a strong Chinese influence is structurally embedded and documented, is not the main forum for standardisation. Meanwhile 3GPP, has different dynamics, different membership, and a security working group (SA3) that is currently dominated by Ericsson, Nokia, ETSI, and NIST contributions. Technical studies for 6G only formally began in August 2025, with specifications not expected until 2028 and commercial deployments not before 2030. The architectural decisions that matter most for authentication have not been made.
Meanwhile, the technical architecture of 5G also mitigates against undue panic that China will “own identity”, “own authentication” or similar phrases. Authentication in 5G is explicitly a core-network terminated procedure, with the base station acting strictly as a secure relay that has no access to long-term credentials or authentication vectors. More importantly, 5G’s architecture explicitly supports external identity systems. In other words, the commercial authentication layer that operators should want to own is accessible above the network layer via standardised APIs. It is not locked inside the core or radio network architecture. There is, unsurprisingly, a great interest from current stakeholders in having 5G-A and 6G inherit and build upon 5G’s approach, extending the same modularity.
In other words, the alarmist version of the standards-capture argument – that China is on the verge of baking surveillance-compatible identity assumptions into 6G authentication architecture before Western operators notice – is not supported by the current standardisation trajectory. However, it is important to be aware of the language being used in the FYP and be alert to the possibility of this trajectory changing in the medium term.
Plan to Fail
If commercial opportunities around authentication are architecturally accessible within existing 5G infrastructure, and will remain so into the 6G era, then why haven’t operators monetised them? That answer is probably more uncomfortable to some than pointing at standards capture.
Take GSMA Mobile Connect as an example.
Mobile Connect was a technically sound identity and authentication API. It was an undertaking endorsed by the GSMA’s Board of telecom operator group CEOs, a who’s who of the people investing in the industry. It mapped directly onto assets operators already held.
It stalled commercially not because of the technology but because operators did not execute with sufficient speed, coordination, or commercial commitment to consolidate the position before platform and fintech alternatives filled the space. Microsoft or Google needed one implementation globally whereas operators were doing so nationally.
There are all kinds of reasons why telcos can’t compete in the same way at global scale, explored last year through executive conversations in this paper. One challenge is that implementing a service in one country might not seem like a high priority to the executives in that country. After all, how many customers would there be locally? The answer, in all likelihood, is “not enough” for people focussed on that one geography, for the immediate results they might imagine.
However, that misses the point of what made telecoms worth investing in from the start – network effects. If, for example, Orange Madagascar has a service available only to its customers, that may not be much of a market. But if it’s usable by anyone within the country, and accessible to people in other countries, then the proposition becomes much richer. Unfortunately, it takes both coordination and leadership to drive that forward, and in an industry that’s adverse to risk it might take a bit of stick as well as carrot.
Lesson Plan
The lesson from China’s domestic activities on identity architecture is not that Western operators should build a state-surveillance system. China’s Cyberspace ID is incompatible with democratic markets, and its export potential via ITU and Belt and Road channels applies specifically to markets that have already accepted Chinese surveillance infrastructure, not to the European, North American, or middle-income Asian markets where the commercial authentication opportunity is largest.
Instead, we should learn what strategic intent combined with institutional coherence looks like in practice. China identified the trust layer as a national strategic asset with a long-term value proposition, and built the institutional machinery to own it, such as a state mandate, operator compliance, and regulatory integration. Now it’s extending that position outward through standards bodies and infrastructure export. Western operators have assets that would support a commercially viable, democratically appropriate version of the same proposition. The difference is the absence of any institutional mechanism that can translate a broad commercial intent across different players into binding commitments, and then hold the industry to them.
Geopolitically we can see a multi-polar world emerging, and it has its reflections in the telecoms industry. While we have been focusing here about China and lessons from an environment where industrial policy and commerce align closely, there is of course the US and its internet clout; India with its push not to be beholden to either player; and now an increasingly-assertive Europe that might be unclear about what it wants, but certainly knows what it wants to avoid.
This matters particularly for other markets that are not strongly aligned with any of these poles. Operators across sub-Saharan Africa, Southeast Asia, and Latin America are running multi-vendor, multi-standard environments with limited engineering capacity or local skills bases. These are the markets where the authentication opportunity is most open, as there are options for players in these markets to mix and match from options being presented globally.
However, these are also areas where Chinese ITU influence is most active through Belt and Road channels, and where acting first would likely generate the most durable market position. They are also precisely the markets that Western telecoms industry bodies are least systematically addressing right now, owing the the relative lack of stakeholder engagement within essential groups.
Plan for Success
The 15th Five-Year Plan is a useful document for players in the Western telecoms industry to read, not because it represents a threat but because it provides an example of how to build a coherent means to commercialise at scale. China looked at the trust and authentication layer, recognised it as the next structural value proposition in digital infrastructure, and built a system capable of owning it. It’s imperfect, surveillance-compatible, unsuitable for direct export to most of the markets that matter commercially to Western operators, but functional at national scale and being extended internationally.
Western operators have the same underlying assets, the same structural opportunity, and a technical architecture in 5G and emerging 6G that is, if anything, more permissive of commercial authentication models than China’s state-controlled alternative.
The architecture is open and the assets are in place. We have precedents, such as India’s Aadhaar-linked national authentication and East Africa’s mobile money ecosystem, which confirm that when operators or state actors move with genuine commitment before platform alternatives consolidate, the value proposition is real and durable.
So the question is not whether China’s Five-Year Plan represents a threat to the Western telecoms industry’s authentication opportunity. Certainly in the short term, and in the specific standards bodies where it would have to happen, the evidence does not support that alarm.
Instead, the question is who outside of China has the institutional authority, the time and the wherewithal to lead a similar coordination effort? And if today the answer is “nobody”, then perhaps we ought to consider a plan B for that.
