Systems and methods described herein enforce access controls for network slices via proxy in a secure enclave of a user equipment (UE) device. A UE device executes, in a rich execution environment (REE), a function or application designated for using one or more secure network slices of a telecommunications network. The UE device executes, in a trusted execution environment (TEE), a slice admission control proxy (SACP) to perform admission control for the one or more secure network slices, and forces network traffic for the function or application through the SACP.