The move is widely expected to affect Huawei and other Chinese technology companies.. The European Union is preparing to phase out components and equipment supplied by high-risk vendors in critical sectors, according to a draft proposal released by the European Commission on Tuesday (Jan 20).
The proposed measures are part of revisions to the EU’s Cybersecurity Act and come amid a rise in cyberattacks and ransomware incidents, as well as growing concerns over foreign interference, espionage, and Europe’s reliance on technology suppliers from outside the bloc.
While the Commission, the executive arm of the 27-member EU, did not name specific companies or countries, Europe has increasingly tightened its approach toward Chinese technology. Germany, for instance, has recently set up an expert commission to reassess its trade policy toward Beijing and has barred Chinese components from future 6G networks.
The United States took similar action in 2022 by banning approvals of new telecommunications equipment from Huawei and ZTE, and has since urged European countries to follow suit.
New Measures Aim to Boost Security and Tech Sovereignty Huawei
“With the new Cybersecurity Package, we will have the tools to better protect our critical ICT supply chains and to respond more decisively to cyberattacks,” EU tech chief Henna Virkkunen said in a statement.
China’s foreign ministry, responding to earlier reports on the plan, criticized restrictions on Chinese companies without a legal basis as “naked protectionism,” and called on the EU to ensure a fair, transparent, and non-discriminatory business environment.
The proposed rules would apply to 18 critical sectors identified by the Commission, including detection equipment, connected and automated vehicles, electricity supply and storage systems, water supply infrastructure, and drones and counter-drone technologies.
Other sectors classified as critical include cloud computing services, medical devices, surveillance equipment, space services, and semiconductors.
In 2020, the Commission introduced a 5G security toolbox aimed at limiting the use of so-called high-risk vendors such as Huawei, citing concerns over potential sabotage or espionage. However, several EU countries have yet to fully remove such equipment due to the high financial costs involved.
Under the latest proposals, mobile telecommunications operators would be given 36 months from the publication of a list of high-risk suppliers to phase out key components from those vendors. Timelines for fixed networks—such as fibre-optic and submarine cables—as well as satellite networks will be announced at a later stage.
“This is a crucial step toward strengthening European technological sovereignty and improving overall security,” Virkkunen said.
According to the draft, restrictions on suppliers from countries deemed to pose cybersecurity risks would only be imposed following a risk assessment initiated by either the Commission or at least three EU member states. Any resulting measures would be based on market and impact analyses.
The revised Cybersecurity Act must still be negotiated with EU member states and approved by the European Parliament in the coming months before it can become law. Tuna55
