The Global Coalition on Telecommunications (GCOT) officially published its “Security and Resilience Principles for 6G” at the Mobile World Congress (MWC) in Barcelona in March 2026.

Founded as a consultative forum chaired by the United Kingdom, and initially comprising the US, Canada, Australia, and Japan, GCOT is defining a security baseline years before 6G reaches commercial viability, shifting the focus from data throughput to auditable resilience.

The Technical Baseline: Zero Trust and Quantum Readiness

The GCOT principles are designed to build security principles into every level of the 6G hardware and software stack to isolate risk and future-proof data against emerging cryptographic threats:

• Logical Separation: GCOT mandates that 6G networks maintain strict architectural isolation from legacy systems. Unlike 5G, which frequently overlaid existing 4G infrastructure to accelerate deployment, 6G must sever these ties to prevent the inheritance of older vulnerabilities.
• Function-Level Zero Trust: In a disaggregated, software-defined network, the principles abandon the concept of “perimeter security”. The architecture assumes that any node could be compromised, meaning authentication must occur continuously at the granular, microservice level.
• AI-Native Security: Because 6G will rely natively on artificial intelligence for network optimisation, the principles demand “Safe AI” deployments. The machine learning models governing the network must be rigorously defended against adversarial machine learning (AML) attacks, data poisoning, and logic manipulation.

The most significant structural shift is the mandate for Day One Quantum-Safe Cryptography.

The framework treats Post-Quantum Cryptography (PQC) not as a future upgrade, but as a mandatory baseline. Aligning with the NIST standards (FIPS 203, 204, and 205) finalised in 2024, GCOT requires a hybrid implementation where traffic is secured by both traditional and post-quantum layers (e.g., ML-KEM). This is a direct response to the intelligence community’s concern over “harvest now, decrypt later” espionage tactics.

The 7 GHz Anchor Band: Spectrum as Security Infrastructure

The mandate for quantum-safe encryption and continuous AI monitoring introduces a significant computational and signalling overhead. If deployed on legacy spectrum allocations, this security burden would severely degrade user latency and throughput.

To solve this scaling challenge, GCOT members have harmonised their approach to the upper 6 GHz and 7 GHz bands (6.425–8.4 GHz).

In the US, the Trump administration’s late-2025 “Winning the 6G Race” directive ordered the rapid clearing of the 7.125–7.4 GHz band for commercial 6G.

Concurrently, the UK and Japan are coordinating multilateral frameworks to ensure this mid-band spectrum provides the 400–750 MHz of contiguous bandwidth required to run high-overhead encryption without bottlenecking the network. Spectrum allocation has become essential to executing GCOT’s cryptographic standards.

The Intelligence Bedrock: AUKUS and Transatlantic R&D

While nominally published by civilian bodies such as the UK’s Department for Science, Innovation and Technology (DSIT), the principles bear the distinct operational fingerprints of national signals intelligence agencies. The UK’s National Cyber Security Centre (NCSC) and the US’s National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) have embedded personnel within the GCOT working groups.

The principles themselves are the commercial output of classified defence partnerships. The mandate for “Resilience by Design”, specifically the requirement that 6G networks survive Global Navigation Satellite System (GNSS) outages, was enabled by AUKUS Pillar 2 trials. By successfully testing Australian and UK-developed quantum clocks and sensors for Positioning, Navigation, and Timing (PNT) in late 2025, the AUKUS partners proved that networks could function without GPS.

Commercialising this defence-grade technology into the 6G baseline ensures civilian telecommunications cannot be “blinded” by satellite jamming, providing a ubiquitous, non-GNSS network lifeline for NATO and allied operations, such as JEF.

Similarly, the UK-Canada Memorandum of Understanding on Quantum Infrastructure, signed in late 2025, provides not only standardisation of technical benchmarking for the PQC algorithms that GCOT now mandates, but a strategy for their roll-out in commercial 6G infrastructure.

The Silicon Challenge: Impact on Manufacturers and Operators

Though currently voluntary, the GCOT principles represent the consolidated procurement intent of the world’s major economies, forcing an immediate engineering shift that reverberates down to the silicon level.

For chip makers such as NVIDIA, Intel, and Qualcomm, the framework forces an acceleration of the hardware lifecycle. Because 6G silicon deployed in 2029 will remain active well into the quantum era, manufacturers must embed a Hardware Root of Trust (HRoT) with non-upgradable, quantum-resistant keys into their designs today. The computational weight of PQC algorithms also requires dedicated hardware acceleration engines baked directly into the modem chips to prevent power spikes.

For network operators like BT, Vodafone, and AT&T, the principles offer a regulatory “safe harbour”. Procuring equipment certified under GCOT standards effectively inoculates operators against future, costly “rip and replace” mandates.

However, this shifts the operational burden. Operators must now employ rigorous continuous integration and continuous deployment (CI/CD) pipelines, hiring software engineers to conduct continuous security audits and ensure that routine algorithmic updates do not break the mandated security baselines.

The Certification Engine: Open RAN and Procurement Strategy

To operationalise these high-level security principles, GCOT concurrently updated its Open RAN (Radio Access Network) Certification Standards at the March 2026 summit.

In a disaggregated 6G network, where a baseband unit from one vendor might run on an AI software stack from another, the structural risk of vulnerabilities multiplies exponentially. GCOT’s Open RAN framework attempts to solve this “trust gap” by making secure-by-design engineering auditable in practice.

The core mechanism is independent lab reciprocity. A software module or silicon component certified in a UK facility, such as the SONIC Labs, is now automatically recognised by the US National Telecommunications and Information Administration (NTIA) or Japan’s Ministry of Internal Affairs and Communications (MIC). This mutual recognition significantly lowers the barrier to entry for smaller Western manufacturers, enabling operators to source from a global pool of vetted startups rather than relying exclusively on legacy integrators.

Consequently, the procurement landscape is shifting. Integrators are transitioning from network builders to legal “security guarantors”, tasked with proving that the combination of two trusted components does not inadvertently create a novel attack vector.

The Nordic Expansion: Securing the European Supply Chain

Perhaps the most consequential geopolitical development at the MWC summit was the formal accession of Sweden and Finland into GCOT. This expansion fundamentally alters the coalition’s centre of gravity and its market power.

By integrating the home nations of Ericsson and Nokia, GCOT transitions from a demand-side bloc of technology consumers into a global ecosystem that effectively controls the supply of the West’s non-Chinese telecommunications hardware. For Scandinavian governments, aligning with a security framework championed by the “AUKUS+1” partners is politically palatable because it is framed around technical resilience and “middle-power” collaboration.

This manoeuvring allows the Nordics to align with global security baselines without conflicting with the European Union’s broader pursuit of strategic autonomy, such as the impending EU Digital Networks Act.

The Indo-Pacific Pivot: Anchoring South Korea and Samsung

While the inclusion of Scandinavia consolidates Europe’s supply chain, integration of South Korea represents a benchmark for GCOT’s viability as a truly global framework in the Indo-Pacific. South Korea’s government remains cautious about formal GCOT membership to avoid provoking retaliatory trade measures from China. However, in a diplomatic victory for the coalition at MWC 2026, Samsung Electronics officially endorsed the GCOT 6G Principles.

This endorsement indicates that the world’s largest memory chip and smartphone manufacturer will engineer its 6G AI-RAN stacks to meet GCOT’s Zero Trust and Quantum-Safe requirements. Seeking to hedge against the protectionist tendencies of the major blocs, South Korean firms require a Western “safe harbour”.

Through the UK £70 million Future Telecoms UKRI Technology Missions Fund, Samsung Research UK is now integrated into the JOINER 6G testbed and the REASON consortium. By co-developing AI-native RAN architectures with British academic institutions and benefiting from enhanced Research and Development Expenditure Credit (RDEC) tax incentives, Samsung is anchoring its global 6G R&D in a GCOT-aligned environment.

South Korea’s Ministry of Science and ICT (MSIT) is observing this effort closely, collaborating actively with the UK, Japan, Canada, and Australia (“AUKUS+1”) in 6G R&D, technical outputs and standardisation as part of the formulation of its domestic IMT-2030 standards. This allows Seoul to align its hardware exports with Western security mandates without formally joining a US-led political bloc.

Conclusion: The Structural Reality of 6G

The GCOT Security and Resilience Principles represent a coordinated, state-led intervention designed to secure a foundational architecture of the twenty-first-century economy.

The success of 6G can now be measured not only by its data throughput, but by the ability of competing economic, regulatory, and military priorities to coalesce into a functioning, auditable, and secure global infrastructure.