The EU’s soft approach towards Chinese technology suppliers seems to have reached its limit.
After years of diplomacy, recommendations and voluntary guidelines often ignored by national capitals, the European Commission is ready to impose a decisive change of course.
The objective is to secure the Old Continent’s critical infrastructure, excluding from the 5G networks the Chinese giants such as Huawei and ZTE.
The move, anticipated with a new legislative proposal on cybersecurity, marks the transition from a strategy of persuasion to a legal imposition, raising questions about national security and future trade relations between Brussels and Beijing.
Ban Huawei and ZTE from 5G networks: the end of the “voluntary” era
At the heart of the issue is Brussels’ dissatisfaction with how Member States have managed the security of their networks to date. In 2020, the EU introduced the so-called “5G Toolbox”, a package of measures advising governments to limit the use of suppliers deemed high risk.
However, adherence to these directives has been patchy. Many European capitals, fearing economic reprisals from China or delays in the network’s development, have hesitated to impose total bans.
Henna Virkkunen, Executive Vice-President of the Committee on Technology Policy and Security, has clearly expressed the commission’s disapproval.
In a recent statement, she stressed that high-risk vendors are still present in key parts of European infrastructure, making it necessary to abandon voluntary guidelines in favor of stricter and binding rules.
The new cybersecurity law proposal, therefore, will not only advise, but will by law establish that risky suppliers must be blocked. As early as 2023, the then-Commissioner Thierry Breton had defined Huawei and ZTE as carriers of “materially higher” risk than other competitors, laying the political groundwork for the current regulatory tightening.
A hefty bill and geopolitical tensions
The transition to networks without Chinese equipment will be neither immediate nor painless. According to the EU executive’s estimates, the economic impact of replacing high-risk suppliers’ equipment will amount to between 3 and 4 billion euros.
To mitigate this shock for telecom operators, the Commission foresees a three-year transition period from the law’s entry into force.
However, the financial cost could be only the tip of the iceberg. The initiative is strongly supported by the security hawks, worried that Chinese technology could pose an existential threat to Europe, especially at a time when Member States are investing heavily in defense.
On the other hand, Beijing’s reaction did not wait. Linlin Liang, of the Chinese Chamber of Commerce in the EU, warned that blocking technology based on its origin will do nothing but discourage Chinese investments in the continent.
This standoff takes place in an already fragile global context, with Europe navigating between internal security pressures and the risk of trade conflicts, including a potential friction with the United States on other strategic fronts.
Beyond telecommunications: a broader surveillance network
If the immediate focus is on 5G, the new Cybersecurity Act looks much further ahead. The regulatory proposal aims to define how authorities can assess risk across various critical sectors, spanning from energy to transport.
Beyond Huawei and ZTE, other Chinese companies could come under the radar such as Nuctech (airport scanners), Hikvision (surveillance cameras) and manufacturers of solar panel components or connected cars.
There is, however, a fundamental technical distinction: while for the telecommunications sector risk analysis has already been completed and defined, allowing quick decisions to block suppliers, for other sectors the work is still in progress.
The Commission recognizes that it is not yet possible to formalize bans beyond 5G until specific evaluations are conducted. However, the principle is set: if a component manufacturer is based in a country deemed unfriendly to the EU, the risk of market exclusion becomes real.
The difficult legislative path
The Commission’s proposal represents only the beginning of a complex bureaucratic process. The text will need to be negotiated with the European Parliament and, above all, with the EU Council.
Here is where the hardest battle is expected: many national governments view with suspicion any Brussels attempt to interfere in policies of national security, considered an exclusive competence of the Member States. Additionally, it remains to clarify who will have the final authority to draw up and update the list of banned suppliers.
Curiously, draft texts seem to have avoided a clash with another global tech giant: the United States.
The legislation, in fact, does not appear to include restrictions on the American cloud for storing sensitive data, a thorny issue that for years slowed discussions on European digital sovereignty.
Now, with the focus decisively turned toward the East, Europe seeks to build its own digital shield, hoping that the price to pay (economic and political) will not be too high.
