BRUSSELS 鈥 The EU plans to phase out components and equipment from high-risk suppliers in critical sectors, according to a draft proposal released by Brussels on Tuesday – a move criticized by China鈥檚 Huawei, which is set to be among the companies affected.
The measures, set out by the European Commission in revisions to the EU鈥檚 Cybersecurity Act, follow a rise in cyber and ransomware attacks and growing concerns over foreign interference, espionage and Europe鈥檚 reliance on non-EU technology suppliers.
The Commission, the 27-nation bloc鈥檚 executive arm, did not name any companies or countries.
Europe has, however, been tightening scrutiny of Chinese technology. Germany recently appointed an expert commission to reassess trade policy toward Beijing and has banned the use of Chinese components in future 6G telecoms networks.
The US banned approvals of new telecoms equipment from Huawei and Chinese rival ZTE in 2022 and has urged European allies to follow suit.
鈥淐hinese companies have long operated in Europe in compliance with laws and regulations and have never endangered Europe鈥檚 national security,鈥 Guo Jiakun, a spokesperson for China鈥檚 foreign ministry, said on Wednesday. He urged the EU to avoid 鈥済oing further down the wrong path of protectionism鈥.
NEW MEASURES CREATE MORE SAFETY, TECH SOVEREIGNTY, EU SAYS
鈥淲ith the new Cybersecurity Package, we will have the means in place to better protect our critical (information and communications technology) supply chains but also to combat cyber attacks decisively,鈥 EU tech chief Henna Virkkunen said in a statement.
Huawei echoed criticism from China鈥檚 foreign ministry.
鈥淎 legislative proposal to limit or exclude non-EU suppliers based on country of origin, rather than factual evidence and technical standards, violates the EU鈥檚 basic legal principles of fairness, non-discrimination, and proportionality, as well as its WTO (World Trade Organization) obligations,鈥 a Huawei spokesperson said.
鈥淲e will closely monitor the subsequent development of the legislative process and reserve all rights to safeguard our legitimate interests,鈥 she said.
The new measures will apply to 18 key sectors identified by the Commission, including detection equipment, connected and automated vehicles, electricity supply and storage systems, water supply systems, and drones and counter鈥慸rone systems. Cloud services, medical devices, surveillance equipment, space services and semiconductors are also classified as critical.
The EU adopted a 5G security 鈥渢oolbox鈥 in 2020 to curb the use of perceived high-risk vendors such as Huawei over concerns about sabotage or espionage. Some countries have yet to remove such equipment due to its high replacement cost.
Under Tuesday鈥檚 proposals, mobile operators will have 36 months from the publication of the high-risk supplier list to phase out key components. Phase-out periods for fixed networks, including fiber-optic and submarine cables, as well as satellite networks, will be announced later.
鈥淭his is an important step in securing our European technological sovereignty and ensuring greater safety for all,鈥 Ms. Virkkunen said.
Restrictions on suppliers from countries deemed to pose cybersecurity risks would take effect only after a formal risk assessment initiated by the Commission or at least three EU countries. Any measures would be based on market analysis and impact assessments.
Telecoms lobby group Connect Europe warned that the proposals would increase the burden on the industry, with additional regulatory costs running into the billions of euros.
The updated Cybersecurity Act must still be negotiated with EU governments and the European Parliament in the coming months before it becomes law. 鈥 Reuters
