The European Union has unveiled stringent cybersecurity legislation requiring the systematic removal of telecommunications equipment from suppliers deemed ‘high-risk’ within critical infrastructure networks. This decisive move, announced by the European Commission on Tuesday, specifically targets technology originating from certain non-EU countries without explicitly naming China or its leading tech corporations.
The proposed regulations mandate that EU member states eliminate such equipment from high-speed telecom networks within a three-year timeframe. While previous cybersecurity guidelines for 5G networks remained voluntary, resulting in inconsistent implementation across the bloc, these new measures establish legally binding requirements for all 27 member nations.
European Commission Vice President Henna Virkkunen emphasized the proposal’s objective to ‘protect EU citizens and businesses by securing the ICT supply chains that support critical sectors of our economy and society.’ The legislation extends beyond telecommunications to encompass security scanners at border checkpoints, water supply systems, and medical devices.
The development follows the EU’s 2023 assessment that justified restrictions against Chinese technology giants Huawei and ZTE based on security concerns. Huawei responded to the proposal by asserting its status as a ‘legally operating company in Europe’ and reserving the right to protect its legitimate interests. The company criticized the approach as violating fundamental EU legal principles of fairness and non-discrimination, as well as World Trade Organization obligations.
The legislation now requires approval from the European Parliament in Strasbourg, marking a significant shift in the EU’s strategy to safeguard its digital infrastructure against perceived geopolitical risks and technological dependencies.