Key Takeaways
- The European Commission’s draft revision of the Cybersecurity Act creates a legal basis to label “third countries posing cybersecurity concerns” and to classify their suppliers as “high‑risk,” a mechanism that could effectively bar Chinese equipment from EU telecom networks.
- Although the text does not name China, Huawei, or ZTE, analysts expect the regulation to lead to a gradual exclusion of Chinese gear from mobile, fixed, and satellite infrastructure across the bloc.
- The move reflects a broader strategic shift in Europe—dubbed a “European awakening”—driven by the war in Ukraine and growing concerns over China’s digital Silk Road ambitions.
- Beijing warned of reciprocal measures if the EU designates China as a cybersecurity risk, demanding the removal of the relevant provisions and asserting a lack of technical evidence for security threats.
- Some European experts argue the regulation is not aimed at China per se but at imposing uniform cybersecurity standards; firms that meet those standards—regardless of origin—would retain market access.
- National approaches remain uneven: Germany plans a phase‑out by end‑2026, France has already reduced Huawei’s share to 13 %, Italy reviews contracts case‑by‑case, while Spain deepened ties with Huawei in 2025, drawing criticism from the United States.
- The EU’s stance aligns with similar actions taken by the United States, which barred Huawei and ZTE from its mobile networks in 2019, signalling a coordinated Western effort to curb perceived security risks from Chinese telecommunications vendors.
Proposed Revision of the Cybersecurity Act
On January 20 the European Commission unveiled a draft revision of its Cybersecurity Act in Strasbourg. The proposal introduces, for the first time, a legal instrument that enables the Commission to designate “third countries posing cybersecurity concerns” and to label suppliers from those jurisdictions as “high‑risk.” While the document avoids explicit mention of China, Huawei, or ZTE, the mechanism is widely interpreted as a pathway to gradually exclude Chinese equipment from the EU’s mobile, fixed, and satellite networks.
Legal Mechanism and Anticipated Impact
Under the draft, once a country is flagged as a cybersecurity concern, the Commission can impose restrictions on the procurement and use of its technology in critical communications infrastructure. This would empower Brussels to overrule individual member‑state reservations that have so far hindered a bloc‑wide ban on Chinese suppliers. If adopted by the European Parliament, the EU would join the United States, which barred Huawei and ZTE from American mobile networks back in 2019, creating a transatlantic front against perceived security threats from Chinese telecom vendors.
Expert View: An “European Awakening”
Emmanuel Lincot, a sinologist and professor at the Catholic Institute of Paris, described the regulation as a belated but necessary step. He told The Epoch Times that many experts have long warned of the dangers inherent in relying on Huawei, whose intentions may not be benign. Lincot characterized the measure as a declaration that “recess is over” for Beijing, urging Chinese firms either to change their conduct or leave the European market. He linked the shift to a broader awakening of a true European identity, noting that the war in Ukraine acted as a catalyst for heightened vigilance toward external strategic challenges, including China’s digital Silk Road initiatives.
Geopolitical Framing: Economic War and Ideological Rivalry
Lincot further argued that Europe is now engaged in an economic war against China, set against a backdrop of strong ideological rivalries. He emphasized that, on sensitive issues, the precautionary principle has been elevated, serving as a warning to Chinese authorities. The push to exclude Chinese suppliers coincides with mounting scrutiny of Huawei in Brussels, where the company faces a corruption investigation alleging bribery of European Parliament members, leading to a ban on Huawei lobbyists accessing Commission and Parliament premises.
Beijing’s Response and Threats of Reciprocity
In mid‑April China’s Ministry of Commerce submitted a formal response to the Commission, warning that broad retaliation would be on the table if Huawei and ZTE were penalized. Beijing asserted that any designation of China as a cybersecurity risk or classification of its entities as high‑risk would be politically motivated, lacking technical proof of security threats. The Chinese ministry demanded the deletion of the relevant section, threatening to launch investigations into European firms and to adopt reciprocal measures should the EU proceed with the proposed restrictions.
Commission’s Silence on Chinese Protests
The European Commission has not publicly responded to China’s submission nor to requests for comment from The Epoch Times. This silence underscores the EU’s determination to advance the regulatory agenda despite Beijing’s objections, reflecting confidence in the legal and strategic justification for the measure.
Standards‑Based Perspective: Sébastien Garnault’s Analysis
Sébastien Garnault, founder of the Paris Cyber Summit, contended that the regulation should not be read as a direct attack on China. He argued that the core question is which security standards are imposed for market entry, not the nationality of the supplier. In his view, Chinese companies that comply with European cybersecurity standards would retain access to the EU market, just as any foreign firm must meet local conditions to operate.
Non‑Discrimination and Precedent
Garnault noted that the principle of non‑discrimination on grounds of nationality, invoked by Beijing, applies only to relations among EU member states. He pointed out that EU law does not prohibit discrimination against foreign countries; such distinctions are inherent in tariffs and external trade regulation. He likened the EU’s approach to longstanding practices in China, where foreign retailers like Carrefour must partner with local firms to gain market access—demonstrating that market‑entry conditions are a normal facet of international trade.
Risk‑Based Justification and ANSSI Findings
Citing France’s National Cybersecurity Agency (ANSSI), Garnault highlighted that China is identified alongside Russia as a leading state‑sponsored technological threat to French networks. He argued that framing the regulation as a mitigation of a geographically originated risk—rather than a ban on a specific company—strengthens its legal defensibility. By targeting the risk itself, the EU sidesteps accusations of nationality‑based discrimination, focusing instead on the security implications of the supplier’s origin.
Underlying Legal Concerns in China
Garnault acknowledged that European worries are grounded in Chinese law, which obliges domestic companies to cooperate with state intelligence services. He observed that similar obligations exist in many jurisdictions, including the United States, and that Europe’s regulatory response is simply an expression of its own risk assessment. Companies, therefore, must decide whether the investment required to meet EU standards justifies continued participation in the European market.
Patchwork Retreat: Huawei’s Diminishing Footprint in Europe
Huawei employs roughly 10,000 people across Europe, but its commercial position is eroding. According to Strand Consult, equipment from high‑risk suppliers—predominantly Huawei—accounted for about 30 % of installed 5G hardware in Europe at the start of 2026. National responses vary: Germany still sources 59 % of its 5G antennas from Chinese suppliers but has announced a ban on Huawei and ZTE components, aiming to phase them out of the network core by the end of 2026. Italy has avoided an outright ban, reviewing contracts case‑by‑case; France’s 2019 law on national defense interests forced operators to dismantle thousands of Chinese antennas, reducing Huawei’s market share to 13 % by 2024 and cutting its French revenue from €1.4 billion to €695 million. In stark contrast, Spain’s Socialist government signed a €12 million contract with Huawei in 2025 to store sensitive judicial data from wiretaps, a move that has drawn criticism from U.S. lawmakers who accuse Madrid of jeopardizing allied security.
Transatlantic Implications and Outlook
The EU’s evolving stance mirrors actions taken by the United States, reinforcing a coordinated Western effort to limit perceived security risks posed by Chinese telecommunications vendors. While the regulation’s final form remains subject to parliamentary debate, its adoption would signal a decisive shift toward a more protectionist, risk‑based approach to critical infrastructure. The outcome will shape not only the competitive landscape for Huawei and ZTE but also the broader dynamics of EU‑China relations, influencing trade, technology cooperation, and strategic autonomy in the years ahead.