EU to Phase Out High-Risk Tech Suppliers in Critical Sectors Under New Cybersecurity Rules
The European Union plans to gradually remove components and equipment supplied by high-risk vendors from critical sectors, according to a draft proposal published by the European Commission on Tuesday. The measures, set out in revisions to the EU’s Cybersecurity Act, are aimed at bolstering digital resilience and reducing dependence on foreign technology suppliers such as Huawei and other Chinese firms.
The new framework follows a rise in ransomware and cyberattacks across Europe, alongside mounting concerns over espionage and foreign interference. Although the Commission avoided naming specific companies or countries, the policy is expected to primarily affect Chinese manufacturers. Several EU members, including Germany, have already tightened scrutiny of Chinese technology, with Berlin banning Chinese components from future 6G networks and launching a policy review of trade ties with Beijing.
The United States, which banned new telecommunications equipment from Huawei and ZTE in 2022, has also urged Europe to restrict Chinese vendors from key infrastructure.
Strengthening Technological Sovereignty
“With the new Cybersecurity Package, we will have the means in place to better protect our critical information and communications technology supply chains and to combat cyber attacks decisively,” said EU technology chief Henna Virkkunen.
The proposed rules will apply to 18 strategic sectors, including automated vehicles, electricity systems and storage, water supply, drones, and counter-drone systems. Other affected areas include cloud computing, medical devices, surveillance technology, space services and semiconductors.
The Commission said mobile operators will have 36 months from the publication of the high-risk supplier list to remove key components linked to those vendors. The timeline for phasing out such equipment in fixed networks, satellite systems and submarine cables will be set later.
“This is an important step in securing our European technological sovereignty and ensuring a greater safety for all,” Virkkunen added.
Balancing Security and Market Impact
China’s foreign ministry criticised the EU’s plans, calling the restrictions “naked protectionism” and urging the bloc to maintain a fair and non-discriminatory business environment.
According to the draft proposal, restrictions on suppliers from countries posing cybersecurity concerns will only take effect following a formal risk assessment initiated by the Commission or by at least three EU member states. Any subsequent action would rely on market analysis and an impact assessment to balance security with economic interests.
The Commission previously adopted a security toolbox for 5G networks in 2020 to address risks from so-called high-risk vendors. However, progress has been uneven across the bloc, as several member states delayed replacing existing Huawei equipment due to high costs.
The updated Cybersecurity Act must still be debated and approved by EU governments and the European Parliament before it can come into force. The initiative marks a key step in the EU’s broader strategy to strengthen digital autonomy and reduce reliance on non-European suppliers.
with inputs from Reuters
