The European Commission has unveiled a plan to phase out components from high-risk suppliers in critical sectors. This draft proposal updates the EU’s Cybersecurity Act to address rising cyber threats and foreign interference. Consequently, the move directly targets Chinese technology giants like Huawei. The Commission did not name specific companies or countries, but the context is clear. Europe has been tightening scrutiny of Chinese technology for years. This proposal represents a significant escalation in that strategy.
The plan follows a 2020 EU “toolbox” to curb high-risk 5G vendors. Some member states have been slow to remove existing equipment due to high costs. The new rules aim to enforce a mandatory phase-out timeline. Mobile operators would have 36 months to remove key components once authorities publish a high-risk supplier list. Fixed and satellite network deadlines will follow later. EU tech chief Henna Virkkunen stated the measures will enhance safety and technological sovereignty. However, the proposal immediately sparked a fierce reaction from Huawei and Chinese officials.
Huawei and China Condemn Proposal as Protectionist
Chinese technology giant Huawei strongly criticized the EU’s proposed rules. A company spokesperson argued the plan violates core EU legal principles. Specifically, Huawei cited breaches of fairness, non-discrimination, and proportionality. The spokesperson also claimed the proposal contradicts World Trade Organization obligations. Huawei stated it will monitor the legislative process closely. Furthermore, the company reserved all rights to protect its legitimate interests. This language suggests potential legal or trade challenges ahead.
China’s foreign ministry echoed this condemnation. Spokesperson Guo Jiakun stated Chinese companies operate in Europe in full compliance with local laws. He asserted they have never endangered European national security. Guo urged the EU to avoid “going further down the wrong path of protectionism.” This coordinated response highlights the proposal’s diplomatic sensitivity. It positions the EU’s cybersecurity concerns against China’s accusations of unfair trade barriers. The debate will likely intensify as the legislation advances.
Scope and Implementation of the New Cybersecurity Rules
The proposed measures cover a broad range of eighteen critical sectors. These include telecommunications, cloud services, and semiconductors. The list also encompasses connected vehicles, electricity grids, water supply systems, and medical devices. Additionally, drones, surveillance equipment, and space services fall under the rules. This wide scope reflects a comprehensive approach to securing essential infrastructure.
Implementation will follow a specific process. Restrictions on high-risk suppliers will only take effect after a formal risk assessment. Either the Commission or at least three EU countries can initiate this assessment. Authorities must base any measures on detailed market analysis and impact assessments. This structured approach aims to ensure proportionality and evidence-based action. However, the telecoms industry warns of heavy burdens. Lobby group Connect Europe predicts additional regulatory costs in the billions of euros for operators.
Broader Context of EU-China Tech Relations
This proposal fits into a wider pattern of European strategic recalibration. Germany recently appointed an expert commission to reassess trade policy toward Beijing. It also banned Chinese components from its future 6G networks. Similarly, the United States has long banned new equipment from Huawei and ZTE. American officials consistently urge European allies to adopt similar restrictions. Therefore, the EU’s move aligns with a transatlantic trend of technological decoupling from China.
The EU frames the issue around resilience and sovereignty. Executive Vice President Virkkunen stated the package is “an important step in securing our European technological sovereignty.” This language underscores a desire to reduce critical dependencies. The reliance on non-EU suppliers, particularly in telecoms infrastructure, is now a core security concern. The phase-out plan is a policy tool to actively reshape supply chains. Ultimately, it seeks to bolster Europe’s strategic autonomy in a contested digital landscape.
Industry Concerns and Legislative Path Forward
Telecommunications operators express significant concern about the proposal’s practical impact. Connect Europe warns it will increase the regulatory burden dramatically. The cost of replacing existing network hardware is substantial. Operators argue that rushed mandates could disrupt services and increase consumer prices. These economic arguments will likely feature prominently in upcoming negotiations.
The draft legislation now enters a complex decision-making process. The European Parliament and EU member states must negotiate and approve the updated Cybersecurity Act. This process typically takes many months and involves amendments. Key battles will focus on the phase-out timelines, the criteria for “high-risk” designation, and financial support for operators. The final law will reflect a compromise between security imperatives and economic realities. Its passage will signal Europe’s definitive stance on high-risk tech in its critical infrastructure.
