The market that grew while its biggest backers walked out

Inside five months in 2025, the two largest cloud providers killed their private-5G products. AWS Private 5G appeared in the AWS service-changes notice dated 20 May 2025; Microsoft retired Azure Private 5G Core (AP5GC) on 30 September 2025, pointing existing customers to Nokia and Ericsson solutions in the Azure Marketplace. Nokia — the largest private-network vendor by deployments — announced at its 19 November 2025 Capital Markets Day that it is divesting its Enterprise Campus Edge business, the unit that packaged its private-5G integration and software.

If you read only the headlines, private 5G looks like a failed category. The deployment numbers say the opposite. Berg Insight counted 6,500 private LTE/5G networks worldwide at the end of 2025 (excluding proofs-of-concept), up from 4,700 a year earlier — roughly 38% growth in a year when the cloud SKUs were being switched off.

The resolution of that paradox is the thesis of this guide: private 5G is an engineering, spectrum, and integration market, not a cloud-platform market. The money is in radios, licensed spectrum, core sizing, and the messy work of wiring a 3GPP network into an existing OT estate — none of which compresses neatly into a managed-cloud line item. This is good news for the engineer, because the parts that matter are the parts you already reason about.

This is the deployment-decision guide, not the primer. If you need the definitions — what SNPN, PNI-NPN, CBRS tiers, and a network slice are — read Private 5G Networks: SNPN, PNI-NPN, CBRS, and enterprise deployment first. Here we assume you have accepted that private 5G exists and now have to license it, choose an architecture, and stand it up.

SNPN vs PNI-NPN: the fork that sets everything downstream

3GPP defines two non-public-network (NPN) deployment models in TS 23.501 clause 5.30. A Stand-alone Non-Public Network (SNPN) is operated without relying on a public PLMN — its own core, its own access control, identified by a PLMN ID plus a Network Identifier (NID). PLMN IDs that are not guaranteed globally unique (the MCC 999 range) are explicitly allowed, so you can stand one up without begging a national numbering authority for a code. A Public Network Integrated NPN (PNI-NPN) is deployed with the support of a PLMN — typically as an operator slice, or as operator cells fenced off to your subscribers using a Closed Access Group.

The reason this is the first decision and not a footnote: it cascades into every later choice.

  • Spectrum. An SNPN almost always rides on locally licensed or shared spectrum (the regimes in the next section). A PNI-NPN typically rides the operator's own licensed band.
  • Credentials and SIMs. An SNPN owns its credential domain — you decide whether to issue physical SIMs, eSIM profiles, or use externally held credentials (more on that below). A PNI-NPN inherits the operator's SIM and authentication machinery.
  • Integration. An SNPN survives a WAN outage because its core is yours and on-site. A PNI-NPN's survivability depends on the link to the operator (mitigated, but not erased, by an on-prem UPF).

Both models lean on the same 5G Core building blocks — an SA core with SBA network functions — and both require Standalone (SA), not NSA, because slicing, LADN, and SBA-based exposure are SA features. If you are weighing whether you even need SA, that comparison is the place to settle it before you spend on spectrum.

Same physics, six rulebooks: spectrum country by country

This is the part no global vendor deck will tell you straight, because the answer is different in every country. The radio engineering for a factory in Munich, Manchester, Osaka, or Pune is essentially identical. The licensing is six different problems. Spectrum policy, not technology, sets each country's private-5G adoption curve — and it is not a coincidence that the countries with the most open regimes (the US, Germany, the UK) are exactly the ones that top the deployment rankings.

Figure 1: Six spectrum regimes for the same factory — band, license model, indicative fee, and license count for Germany, the US, the UK, Japan, France, and India.
Figure 1: Six spectrum regimes for the same factory — band, license model, indicative fee, and license count for Germany, the US, the UK, Japan, France, and India.
Germany — local licence, transparent formula. BNetzA assigns local licences in 3,700–3,800 MHz (TDD, 10 MHz blocks, applicant-defined area) under rules in force since November 2019. The fee is a published formula: 1000 + B · t · 5 · (6a1 + a2) EUR, where B is bandwidth in MHz, t is duration in years, and a1/a2 are settlement-and-traffic vs other area in km². A parallel local regime exists at 24.25–27.5 GHz (the same formula with a 0.63 coefficient instead of 5). The official BMWK-commissioned monitoring report counted 424 local 3.7–3.8 GHz assignments by October 2024 (a +23% year-on-year figure). German trade press has reported roughly 465 by April 2025; treat that as indicative — BNetzA publishes the authoritative live list ("Zuteilungsinhaber 3,7 GHz") as a PDF, and by mid-2026 the count is certainly higher again. Germany's transparent, cheap, fast regime is why it is the European reference case. United States — CBRS, give the bottom tier away. The 3550–3700 MHz band runs three-tier shared access: Incumbent Access (federal radar, fixed-satellite) at the top; Priority Access Licences (PALs — 10 MHz each within 3550–3650 MHz, county-based, up to seven per county, max four per licensee); and General Authorized Access (GAA), licensed-by-rule across the full 150 MHz. Spectrum Access Systems (SAS) with Environmental Sensing Capability coordinate the tiers. Roughly 420,000 CBSDs (base stations/routers) were deployed in the band as of August 2025 (OnGo Alliance figures via trade press). Note for mid-2026 readers: the FCC's CBRS proceeding is open — higher-power and 3.65–3.7 GHz transition changes are in flight, and there is congressional reallocation pressure — so verify current rules before you commit a design. United Kingdom — Shared Access, £80 a year. Ofcom's Shared Access framework covers 1800 MHz, 2300 MHz, 3.8–4.2 GHz, and 24.25–26.5 GHz. The 3.8–4.2 GHz low-power (rural) licence costs £80 per 10 MHz per year; separate, higher urban medium-power fees (£160 per 10 MHz) came into force on 13 October 2025. Issued licences are listed in Ofcom's Spectrum Information Portal as a downloadable dataset — there is no headline count to quote, so do not invent one. Japan — "local 5G," strongly sub-6. MIC licenses local 5G in 4.6–4.9 GHz and 28.2–29.1 GHz, granted per base-station establishment plan under the Radio Act. As of December 2024 there were 153 licensees at 4.7 GHz and 25 at 28 GHz (Netmanias/Omdia summaries of MIC data) — the lopsided split is the whole story: the market voted sub-6 for coverage and device economics. France — six years from trials to a regime. Arcep ran a 3.8–4.0 GHz trial from March 2022 (175 trial licences issued, around 90 still active at end-June 2025), later widening the window to the full 3.8–4.2 GHz. A permanent commercial framework for 3.8–4.2 GHz was adopted in 2025, with technical conditions ministerially approved on 12 December 2025 and a one-stop-shop licensing process. A separate 2.6 GHz TDD regime (2575–2615 MHz) serves professional/industrial mobile networks. India — framework in place, spectrum question unresolved. Be careful here. TRAI recommended direct CNPN (Captive Non-Public Network) spectrum assignment in February 2025; DoT ran an enterprise demand survey that closed 31 July 2025 (eligibility floor of ₹100 crore net worth; candidate bands n78 3.7–3.8 GHz, n79 4.8–4.99 GHz, n257 28.5–29.5 GHz); every major operator opposed direct assignment (COAI, 11 August 2025). The Telecommunications (Authorisation for Captive Telecommunication Services) Rules — drafted September 2025, finalized in early 2026 — create the CNPN authorisation category (no authorisation fee, premises-confined, online portal). But the direct spectrum-assignment question itself remained unresolved as of the latest verified reporting. To date only one entity (Adani, via auctioned spectrum in 2022) holds spectrum bought for private-network use. The honest formulation: India has a framework; whether an enterprise can obtain directly assigned spectrum is still contested at time of writing.

The practical upshot: before you cost anything else, find your country's column in Figure 1. The licensing model decides whether private 5G is a £80-a-year form (UK rural), a transparent four-figure fee (Germany), a free-by-rule GAA tier with a SAS subscription (US), or a still-open policy question (India).

Getting devices on: Rel-17 onboarding and why slices don't stop radios

Once you have spectrum, the next engineering problem is getting devices authenticated onto a network that may have no pre-provisioned subscriptions and no PLMN relationship.

Rel-17 SNPN onboarding (the eNPN work item). Release 17 added three things to SNPN, captured in TS 23.501 clause 5.30.2. First, support for credentials owned by a separate entity (a "Credentials Holder") — your factory's SNPN can authenticate devices against a third party's credential store rather than re-issuing everything itself. Second, UE onboarding and remote provisioning: a device with only default credentials attaches to an Onboarding Network (ONN), is authenticated against a Default Credentials Server (DCS), and pulls its real SNPN subscription from a Provisioning Server (PVS), after which it re-registers with the target SNPN. Third, IMS voice and emergency services in SNPN. Figure 2 walks the onboarding handshake end to end.
Figure 2: Rel-17 SNPN onboarding — a UE with default credentials attaches to an Onboarding Network, authenticates against a Default Credentials Server, pulls its subscription from a Provisioning Server, then re-registers with the target SNPN.
Figure 2: Rel-17 SNPN onboarding — a UE with default credentials attaches to an Onboarding Network, authenticates against a Default Credentials Server, pulls its subscription from a Provisioning Server, then re-registers with the target SNPN.

This is what removes the "every device needs a physical SIM cut for this exact network" friction that plagued early private deployments — it is the difference between bootstrapping a thousand sensors over the air and shipping a thousand SIM cards. (One caveat for spec pedants: verify the precise sub-clause numbering against the downloaded Rel-17 TS 23.501 before you cite it in a design document — clause 5.30.2 is the safe reference.)

CAG: cell-level access control for PNI-NPN. On the PNI-NPN side, the access-control tool is the Closed Access Group (CAG). A CAG identifies a group of subscribers permitted to access one or more CAG cells; the AMF hands NG-RAN the UE's Allowed CAG list (and an optional "CAG-cells-only" indication) as a mobility restriction. The RAN side lives in TS 38.300 clause 16.7. CAG is a Release 16 feature — do not confuse it with the Rel-17 onboarding work above.

The reason CAG exists is the single most useful sentence in this whole topic, and it is worth internalising before anyone tries to sell you slicing as access control. 3GPP's own rationale: network slicing does not prevent UEs from attempting to access the network in areas where the slice is not available to them. A slice is a logical partition of an already-admitted connection; it cannot stop an unauthorised radio from trying to register on your cell. Only cell-level access control can. So if your requirement is "no device outside my organisation may camp on these cells," that is a CAG problem, not a slicing problem.

This is exactly where the network slicing and NSSF slice-selection machinery gets misapplied. Slicing (and the NSSF that steers S-NSSAIs to the right slice) is the right tool for isolating traffic classes and tenants on an operator-hosted PNI-NPN. It is the wrong tool for keeping strangers off your radios. Engineer the two requirements separately. Credential handling on the SNPN side — 5G-AKA/EAP-AKA′, the SUPI/SUCI privacy story, and where your root keys live — follows the same model as the macro network; the 5G security architecture guide covers the key hierarchy you will inherit.

The 2026 market, past the hype trough

With the engineering framed, here is the honest read of where the market actually sits — useful both for sizing your own build and for sanity-checking a vendor's pitch.

Two analyst houses count the market, and they count different things — so quote them with their definitions and never average them into one number:

  • GSA (Private Mobile Networks, February 2026): 1,953 organisations worldwide with private-mobile-network contracts above €100,000, across 84 countries at the end of Q4 2025, with referenceable customers growing at a 51% CAGR since 2017.
  • Berg Insight (February 2026): 6,500 private LTE/5G networks worldwide at end-2025 excluding PoCs (up from 4,700), a market worth US$2.4bn in 2025, forecast to reach US$12.0bn by 2030 (38% CAGR). Berg ranks Nokia the largest vendor (~960 customers, 2,000+ deployments).

The first is a count of high-value referenceable customers; the second is a count of networks on a broader definition. They are not contradictory and they are not interchangeable.

Three things from the GSA data shape real designs. Top verticals are manufacturing, then education and academic research, then mining — heavy, fixed, often RF-hostile sites where you control the premises. Top countries are the US, Germany, and the UK, tracking spectrum-regime openness exactly. And — the one that should change a buying decision — LTE is still around half the installed base. Against the 5G branding, a large share of deployed private networks are 4G/LTE, because for many sensor-and-scanner use cases a mature device ecosystem on CBRS Band 48 is cheaper and entirely sufficient. (Verify the precise LTE share against GSA's full report; the public page states only that 5G accounts for more than half of deployments announced since 2022.) The honest guide tells you when 4G is still the right answer, and for a warehouse full of barcode scanners it frequently is.

So who actually builds these? The full on-prem end-to-end vendors are Ericsson, Nokia, Huawei, Samsung, and ZTE, alongside specialists like Celona, HPE (Athonet core), AsiaInfo, and QCT (Omdia's 2025 Market Radar assessed nine E2E vendors). The cloud hyperscalers, as covered up top, have left the explicit "private 5G as a SKU" business. Operator PNI-NPN/slice offerings are the third path — but verify current operator product pages before you name a specific offering, because that part of the market churns fastest.

Architecture: on-prem vs hybrid vs operator slice

There are three architectures, and the choice is a function of latency tolerance, data sovereignty, WAN-failure survivability, who must hold the SIMs/credentials, and your opex appetite. Figure 3 is the decision triptych.

Figure 3: Private 5G architecture trade-offs — full on-prem vs hybrid (cloud control plane, on-prem UPF) vs operator slice (PNI-NPN with CAG), scored on data residency, WAN-failure survivability, latency, credential ownership, and opex model.
Figure 3: Private 5G architecture trade-offs — full on-prem vs hybrid (cloud control plane, on-prem UPF) vs operator slice (PNI-NPN with CAG), scored on data residency, WAN-failure survivability, latency, credential ownership, and opex model.
Full on-prem (RAN + core + UPF on site). Everything runs in your building. Best data residency, survives a WAN cut, lowest and most deterministic latency (the user plane never leaves the premises), and you hold the SIMs and credentials. The cost is capex and the operational burden of running a 5G core yourself. Typical of Ericsson Private 5G and Nokia (Digital Automation Cloud / MX Industrial Edge) deployments. This is the default for manufacturing, mining, and anywhere a WAN outage cannot be allowed to stop the radios. Hybrid (cloud/managed control plane, on-prem UPF). The control and management plane sits in the cloud; the user plane stays on-site, so data-plane traffic and its latency remain local even though orchestration is remote. Lower operational burden than full on-prem, but survivability now depends on how the design degrades when the WAN to the control plane drops — interrogate that failure mode hard. Celona ("5G LAN," cloud orchestration with on-prem edge) and HPE Athonet are the named examples. Cautionary overlay: the fully cloud-hosted variant of this pattern is exactly what the hyperscalers retired in 2025 (AWS, May; Azure AP5GC, September). Keeping the UPF — and ideally a survivable control-plane fallback — on-premises is the lesson those exits teach. Operator slice (PNI-NPN with CAG). The operator hosts a slice (optionally with an on-prem UPF) and fences your cells with CAG. Lowest operational burden and an opex model, but the weakest data residency and the operator holds the credential relationship. Suits sites where the operator already has coverage and the requirement is logical isolation rather than physical sovereignty. This is where slicing and CAG do their proper jobs — slicing for tenant/traffic isolation, CAG for keeping non-members off the cells.

There is no universally right answer; there is a right answer for your latency budget, your data-sovereignty obligation, and your tolerance for running infrastructure. Score the three columns against those five rows for your site and the choice usually makes itself.

An engineer's deployment checklist

The order that actually works on a real project:

  1. Spectrum application — do this first. It is the long pole and the gating item (see Figure 1). File for your country's regime before you design anything else: a German BNetzA local licence, a UK Shared Access licence, a US SAS/CBRS arrangement (GAA needs only a SAS subscription; PAL is auctioned), a Japanese per-station plan, a French 3.8–4.2 GHz application, or — in India — a watch on whether direct assignment opens at all.
  1. RF design. Mid-band TDD (3.4–4.2 GHz, depending on country) is the workhorse: enough bandwidth for the throughput, enough propagation for indoor/campus coverage without mmWave's site density. Plan for the RF-hostile reality of the top verticals — metal racking, concrete, moving machinery. The 5G frequency band trade-offs (sub-6 coverage vs mmWave capacity) apply unchanged here; private networks just live almost entirely in mid-band.
  1. Core sizing. Decide on-prem vs hybrid vs operator slice (Figure 3) and size the core to the device count and PDU-session load, not to a carrier-scale template. A single-site SNPN core is a fraction of a public 5GC.
  1. SIM/credential strategy. For an SNPN, choose between physical SIMs, eSIM profiles, externally held credentials (Credentials Holder), and Rel-17 over-the-air onboarding (Figure 2) — driven by device count and how often the fleet churns. For a PNI-NPN, you inherit the operator's machinery and define CAG membership.
  1. OT integration. This is where private-5G projects actually succeed or fail. Wire the network into the existing operational-technology estate — PLCs, MES, the plant's segmentation and security model. The 5G network is rarely the hard part; making it a well-behaved citizen of an existing industrial network is.

A note on cost, in keeping with the evidence standard of this guide: there are no analyst-grade (Dell'Oro/Omdia/Analysys Mason) per-site cost ranges we could verify. Vendor and integrator blogs float figures — small sites around $50k, multi-campus builds $1M+, $10k–$50k per small cell — but those are vendor-sourced anecdote, not market data, and we will not present them as anything else. Budget by the levers you can reason about: radio count, the core licensing model, and the integration share (frequently the largest line and the most underestimated). Get a real quote against a real RF design rather than trusting a per-site rule of thumb.

Where to start

If you want to internalise the decisions above by building one, work through the SNPN-vs-PNI-NPN choice, spectrum, core sizing, and SIM strategy hands-on. To map a use case to a slice and QoS profile before you architect, the 5G use-case catalogue shows how operators translate requirements into 5QI and slice types. And if private 5G turns out to be the wrong layer for your decision — you only needed the definitions — the private 5G primer is the lighter read.

You can start a free 7-day trial (no card) and run the private-5G labs end to end.