Telefónica secures a $12.8 million contract to safeguard RedIRIS after Huawei deal cancellation

Two months after the government retracted a contract worth almost 10 million euros involving Huawei equipment to enhance the public RedIRIS network, Telefónica is back in the scene. The operator has been awarded a new project valued at 12.8 million to strengthen cybersecurity of the Spanish academic and research infrastructure, through a restricted bidding process in which, ultimately, only the company itself participated. The award, with a minimal discount from the bidding budget—13.18 million, as documented—forms part of the National Cybersecurity Plan and will be financed with European Next Generation funds.

The move follows a turbulent summer. On August 29th, the Ministry for Digital Transformation canceled a previous contract awarded to Telefónica that included Huawei hardware for network modernization. The decision—couched in terms of strategic autonomy and digital security—was made amid pressures and warnings from Washington and as Brussels re-emphasized the principle of technological sovereignty. Although the government maintained that Spain does not maintain a blacklist of prohibited suppliers and makes case-by-case decisions, the fact that RedIRIS also connects Defense Ministry centers rendered the case particularly sensitive.

A “bespoke” contract for a critical asset

RedIRIS is Spain’s academic and research network. Managed by Red.es, it links universities and scientific centers across a backbone exceeding 16,000 kilometers, with millions of daily connections. In addition to the university community, it serves as the backbone for public services and, partly, defense; a combination that raises the bar for security and resilience.

The new award requires Telefónica to deploy equipment and protection layers aimed at mitigating cyberattacks—including DDoS attacks—, strengthening segmentation, monitoring, and ensuring service continuity during incidents. Practically, this speeds up protecting a strategic asset while the government defines a redesign of the technological renewal bid that was stalled after the Huawei withdrawal.

Why was the Huawei contract canceled?

The annulled August file, initially awarded to Telefónica with Huawei equipment, aimed to update links and enhance network capabilities. The decision was justified by “strategic autonomy” and “digital security”, and, according to various reports, it was made once the issue had already become politicized: U.S. had expressed concerns about the Chinese manufacturer’s presence in Defense-connected infrastructures, and in the EU, caution increased due to dependency risks. The government then announced a plan to rebid the contract without preventive vetoes, although the process has yet to be re-launched and no official timelines have been set.

A restricted tender with no competition

The €12.8 million contract has been processed as a restricted procedure. This means that the contracting authority preselects companies that meet technical, financial, or professional competence criteria, and only those can submit offers. In this case, Telefónica was the only bidder, an unusual situation that, according to industry sources, reduces competitive tension and explains the modest 2.9% discount from the initial budget. Without competition, the contract priority is to reduce deployment times and ensure additional defenses are in place while the more complex equipment renewal process is redesigned.

What does this contract change?

1. Cybersecurity at the forefront. This isn’t about increasing capacity but about hardening the network against attacks and failures. The specifications call for equipment and services that detect, mitigate, and respond to incidents, focusing on DDoS and multi-layer protections.
2. Time gained. The government gains margin to reframe the re-tendering of technological modernization without leaving a critical asset unprotected.
3. European funds and the National Cybersecurity Plan. The project is financed via Next Generation funds and aligns with the infrastructure resilience agenda.
4. Political message. After the setback in summer, the government is signaling continuity and control over the network connecting universities and sensitive services.

Open questions: new tender and provider diversity

Although the Secretary of State for Digitalization defended that Spain does not ban manufacturers and that each case is evaluated based on sovereignty criteria, the episode raises questions:

• When will the re-issuance of the RedIRIS modernization occur? Official sources indicated a new contest would be announced “in the coming days” in early September, but the process has not yet been published.
• What profiles of providers might participate? The official discourse mentions technological diversity and evaluates case-by-case. Balancing risk and cost will be tricky.
• How does RedIRIS fit into European strategic autonomy? Summer insights suggest prioritizing manufacturers and assemblers with guarantees and friendly governance for critical infrastructures.

What’s behind it: sovereignty, cyber threats, and service continuity

The recent shift within the last few months can be understood through three vectors:

• Technological sovereignty. The EU has intensified messages about reducing dependencies in critical sectors. For public purpose networks connected to Defense, expectations are high.
• Rising cyber threats. Attacks such as DDoS and ransomware against universities and public services have multiplied. For a backbone like RedIRIS, availability is as critical as confidentiality.
• Academic and scientific continuity. The network supports massive research flows, distributed storage, supercomputing, and campus cloud services. Interruptions or outages lead to delays in projects, idle resources, and costs.

Therefore, even without a large renewal bid published, RedIRIS urgently needed to strengthen its defenses. The contract with Telefónica addresses this need.

Why is it a restricted tender?

For contracts relating to critical infrastructures, the restricted model allows the government to require a higher solvency threshold, verify compliance, and ensure that the winner can meet deadlines and security standards. This approach reduces competition but limits risks when the exposure window is a key factor. In this case, since only Telefónica was invited (or met the requirements), the discount was modest. The advantage: agility in a politically sensitive moment.

Impact on the sector

For Telefónica, winning the contract provides a reputational boost following the summer “No” and consolidates its presence in public infrastructures. For the market, this decision fuels debate about effective competition in security contracts and on balancing sovereignty criteria with the best value. For Huawei, the episode shows that, even without a formal veto, caution in environments connected to Defense will often prevail.

What to watch for next

1. Publication of the new modernization tender: deadlines, specifications, and criteria for solvency.
2. Implementation of the cybersecurity contract: milestones, timelines, and indicators (e.g., reduction of DDoS, response times).
3. Coordination among Red.es, universities, and Defense to align requirements and maintenance windows.
4. Transparency in the use of NextGen funds and traceability of the National Cybersecurity Plan.

Frequently Asked Questions

What is RedIRIS, and why is it a critical infrastructure?
RedIRIS is Spain’s academic and research network (Red.es), a backbone over 16,000 km that connects universities, scientific centers, and public services—including Defense-related environments. Its availability and security directly impact teaching, research, and essential services.

Why was the original Huawei equipment contract canceled?
The Ministry cited strategic autonomy and digital security concerns. Huawei’s presence in a network connected to Defense conflicted with U.S. caution and a broader European trend to reduce dependencies in critical infrastructures. The government clarified there is no general veto, and each case is decided individually.

What is the value of the new contract, and who is funding it?
The award amounts to €12.8 million, a 2.9% decrease from the initial €13.18 million budget. It aligns with the National Cybersecurity Plan and is financed via European Next Generation funds.

What are the timelines and next steps for RedIRIS’s technological renewal?
The government announced plans to reissue the modernization process “in the coming days” in early September, but the procedure has not yet been published. Meanwhile, the cybersecurity contract awarded to Telefónica secures the network and buys time to redesign the bidding with a more diverse group of suppliers.

Sources

• Cinco Días — Telefónica wins the RedIRIS cybersecurity contract worth €12.8 million (28/10/2025).
• ADSLZone — Telefónica secures a new million-euro contract after Huawei veto (28/10/2025).