Key Takeaways:
- The European Commission has announced new cybersecurity measures to phase out components and equipment from high-risk suppliers in critical sectors.
- The measures are expected to affect Chinese tech companies, including Huawei, and are part of the EU’s efforts to reduce its dependence on third-country technology suppliers.
- The new measures will apply to 18 key sectors, including detection equipment, connected and automated vehicles, and cloud computing services.
- The phase-out of high-risk equipment will be implemented over a period of 36 months for mobile telecoms operators, with a later announcement for fixed networks and satellite networks.
- The updated Cybersecurity Act will need to be agreed with EU countries and the European Parliament before it can become law.
Introduction to the European Commission’s New Cybersecurity Measures
The European Commission has announced new cybersecurity measures aimed at phasing out components and equipment from high-risk suppliers in critical sectors. The move is expected to affect Chinese tech companies, including Huawei, and is part of the EU’s efforts to reduce its dependence on third-country technology suppliers. The measures, set out in revisions to the EU’s Cybersecurity Act, follow an increase in cyber and ransomware attacks and growing worries over foreign interference, espionage, and Europe’s dependence on third-country technology suppliers.
Background and Context
The European Union has been hardening its stance on the use of Chinese equipment, with Germany recently appointing an expert commission to rethink trade policy towards Beijing and banning the use of Chinese components from future 6G networks. The United States banned approvals of new telecommunications equipment from Huawei and ZTE in 2022 and has encouraged Europe to do the same. The EU’s new measures are seen as a response to these concerns and an attempt to create a more secure and sovereign technological environment. The Commission’s executive, however, did not name any company nor country, but the move is widely seen as targeting Chinese tech companies.
Details of the New Measures
The new measures will apply to 18 key sectors identified by the Commission, including detection equipment, connected and automated vehicles, electricity supply systems, and drones and counter-drone systems. Cloud computing services, medical devices, surveillance equipment, space services, and semiconductors are also listed as critical sectors. The Commission already adopted a toolbox of security measures for 5G networks in 2020 to curb the use of so-called high-risk vendors such as Huawei due to concerns about possible sabotage or espionage. Some countries have yet to remove high-risk equipment, however, due to the heavy costs of doing so.
Implementation and Timeline
The phase-out of high-risk equipment will be implemented over a period of 36 months for mobile telecoms operators, with a later announcement for fixed networks and satellite networks. The Commission said that restrictions on suppliers from countries posing cybersecurity concerns will only kick in after a risk assessment initiated either by the Commission or at least three EU countries. Any measures taken would be based on market analysis and impact assessment. The updated Cybersecurity Act will still need to be agreed with EU countries and the European Parliament in the coming months before it can become law.
Reactions and Implications
China’s foreign ministry has responded to the plans, calling restricting Chinese firms without legal basis "naked protectionism" and urging the EU to provide a fair, transparent, and non-discriminatory business environment for Chinese companies. The EU’s tech chief, Henna Virkkunen, has said that the new measures will create more safety and tech sovereignty for the EU, and that the Commission will have the means in place to better protect critical information and communications technology supply chains and combat cyber attacks decisively. The implications of the new measures are significant, and it remains to be seen how they will be implemented and what impact they will have on the EU’s technological landscape.
Conclusion and Future Outlook
In conclusion, the European Commission’s new cybersecurity measures are a significant step towards creating a more secure and sovereign technological environment in the EU. The measures are expected to affect Chinese tech companies, including Huawei, and are part of the EU’s efforts to reduce its dependence on third-country technology suppliers. The implementation of the new measures will be closely watched, and it remains to be seen how they will impact the EU’s technological landscape. As the EU continues to navigate the complex and evolving cybersecurity landscape, it is clear that the new measures are an important step towards creating a safer and more secure digital environment for all EU citizens.
