OPNESAS research project shows the BSI-backed security framework can be applied to campus networks as well as public mobile infrastructure
A German research consortium led by secuvera has secured what it describes as the first NESAS certification of 5G core elements within a private 5G campus network, extending the reach of the Network Equipment Security Assurance Scheme beyond its traditional focus on public mobile operators.
The certification was delivered through the OPNESAS research project, formally titled “Security Optimisation for 5G campus networks by operationalisation of NESAS Certification”. The initiative brought together Ruhr University Bochum, Montsecure GmbH and secuvera GmbH, with Campus Genius GmbH acting as implementation partner for the private 5G deployment.
Germany’s Federal Office for Information Security (BSI) provides the national implementation of the internationally established NESAS framework. Originally developed for public mobile networks, NESAS is regarded as a high-standard international security evaluation model for 5G network equipment.
Within OPNESAS, the consortium carried out what it says was the first research-led implementation of NESAS in a practical private 5G use case. The 5G core supplied by Campus Genius was evaluated against NESAS criteria, resulting in the award of certificate BSI-DSZ-NESAS-0003-2026 on 2 February 2026.
Sebastian Fritsch (above), head of inspection at secuvera and OPNESAS Project Leader, said the work demonstrates that the framework “should not be limited to public mobile networks alone but can also be implemented in private 5G networks”. He added that close cooperation between research, testing practices and implementation had been critical, and that lessons learned would contribute to the further development of security and detection methods in 5G.
Increasing security concerns
The project ran from 31 December 2022 to 30 June 2025 under the BSI’s KoPa 45 programme. It was conducted against a backdrop of increasing security concerns in 5G networks, including risks stemming from specification, implementation, configuration and user errors across both public and private environments. OPNESAS focused on structured security testing and improved detection methods aimed at identifying vulnerabilities at an early stage.
Under Germany’s current legal framework, from 1 January 2026 public mobile network operators may only deploy equipment that has been security-certified in accordance with the BSI NESAS scheme. Although private 5G campus networks are not presently subject to these regulatory requirements, the consortium argues that the project demonstrates the certification process can also be applied to non-public networks and smaller providers, provided suitable methodological preparation is in place.
In terms of roles, secuvera led the project and was responsible for the security-related evaluation of the 5G core components. The company is recognised by the BSI as a NESAS test centre in Germany. Montsecure, a spin-off from Ruhr University Bochum, contributed scientific and methodological expertise in network and system security, including development of the SEAL tool to automate testing in line with 3GPP SCAS requirements. Ruhr University Bochum supported the systematic assessment and qualification of project findings, while Campus Genius supplied its CG Core product for deployment and testing within the private 5G environment.
The partners say the outcome provides methodological input for the continued development of the German BSI NESAS scheme and related international certification approaches in the 5G domain, at a time when regulatory scrutiny of mobile network security is intensifying.
