One of the quickest ways to derail a private 5G conversation in an industrial environment is to involve the OT team too late. Because from their point of view, the risk isn’t abstract. PLCs, controllers, and industrial protocols aren’t just “devices”, they’re tightly coupled systems that expect very specific network behaviour. Change that behaviour, even slightly, and you’re not optimising a network anymore. You’re interrupting production.
This is where many private 5G initiatives quietly stall. On paper, cellular looks attractive: mobility, coverage, reliability. In practice,OT engineers hear “Layer 3”, “IP routing”, and “wireless abstraction” and immediately see red flags, and they’re not wrong to.
The reality is that most industrial environments don’t run on neat, IP-native endpoints. They run on a mix of legacy equipment, specialised protocols, and control systems designed under very different assumptions. Protocols such as Profinet, EtherCAT, Ethernet/IP, Modbus, and Profibus generally expect devices to be in the same Layer 2 domain. They assume deterministic timing, predictable paths, and trusted transport. Traditional cellular architectures don’t naturally support that, because 5G is fundamentally a Layer 3 technology.
This mismatch is exactly where many “generic” private 5G approaches start to fall apart.
If the answer to legacy OT connectivity is “replace the devices” or “rewrite how they communicate”, adoption is dead on arrival. No operations team is going to forklift working control systems just to make a network architecture happy. The more viable approach is the opposite: adapt the network to the realities of OT, not the other way around.
That’s where industrial gateways become critical - not as a workaround, but as a deliberate architectural layer. In real deployments, these gateways sit close to the industrial devices and act as protocol and access bridges. Downstream, they speak whatever the device requires: Ethernet, serial, fieldbus, Wi-Fi, or even low-power wireless protocols. Upstream, they present traffic to the private 5G network in a controlled, secure way.
From the network’s perspective, everything behind the gateway becomes part of the private 5G environment. IP addressing, security policies, and operational visibility all extend naturally, even if the devices themselves aren’t IP-native.
The harder problem, though, isn’t just protocol translation; it’s preserving behaviour.
In many industrial control scenarios, both ends of a communication path expect to live on the same Layer 2 segment. Break that assumption, and you introduce jitter, delay, or outright failure. This is wheretraditional approaches often hit a wall.
What becomes clear is that this challenge can be addressed by tunnelling Layer 2 traffic over the private 5G network using established mechanisms like GRE or VXLAN. In simple terms, Layer 2 frames are encapsulated inside Layer 3 packets, carried securely across the 5G network, and then presented back into the enterprise network on the other side. To the PLCs and controllers, nothing has changed. They still see a trusted Layer 2 path.
This becomes especially powerful for mobile industrial use cases. Think AGVs or mobile robots with integrated gateways. These systems need to move freely across large indoor or outdoor spaces while maintaining deterministic control behaviour. By preserving Layer 2 semantics over a mobile, private 5G underlay, you get mobility without sacrificing control.
Additionally, because this runs on private 5G, it isn’t just“wireless Ethernet”. It can be combined with the same radio-level controls (prioritisation, scheduling, and quality enforcement), ensuring that critical OT traffic isn’t competing blindly with less important workloads.
The deeper point here is philosophical as much as technical. Successful private 5G deployments don’t try to drag OT into a new networking paradigm. They respect the constraints that already exist and design around them. That’s what allows enterprises to incrementally modernise: bring private 5G into the environment today, connect existing assets safely, and evolve overtime without fragmenting operations.
If private 5G forces you to choose between mobility and determinism, it’s the wrong design. The goal isn’t to make OT systems cellular-aware. It’s to make cellular invisible to OT.
What to do next:
Before dismissing private 5G as “not suitable for OT”, map out where gateways and Layer 2 preservation are required. In many cases, the barrier isn’t the technology, it’s the assumption that OT has to change to fit it.
