EU Proposes Mandatory Phase-Out of High-Risk Telecom Suppliers
The European Union has announced plans to implement a mandatory phase-out of telecom equipment supplied by companies based in what it terms "high-risk" countries. This significant move aims to secure critical infrastructure, including high-speed telecommunications networks, and is widely perceived as targeting Chinese technology giants such as Huawei and ZTE.
Addressing Cybersecurity Vulnerabilities
Brussels' proposed measures to tighten cybersecurity come in response to growing concerns that the bloc's 27 member states are increasingly vulnerable. These vulnerabilities stem from both the dominance of Chinese high-tech manufacturing and the pervasive influence of U.S. Big Tech services. The draft legislation, released by the EU's executive commission, stipulates that telecom equipment from high-risk suppliers in third countries must be phased out within a strict three-year timeframe.
While the proposals do not explicitly name any specific countries or companies, the term "high risk" has historically been used to refer to nations like China, which is home to Huawei, the world's largest manufacturer of networking equipment. Huawei has faced long-standing bans in the United States, and in 2023, the EU's executive body justified member states in restricting or excluding both Huawei and ZTE, another Chinese tech firm sanctioned by the U.S., due to perceived higher risks.
Transition from Voluntary to Mandatory Measures
Previous EU measures for 5G cybersecurity were only recommended or voluntary, leading to inconsistent application across the bloc. This resulted in a patchwork approach, with some countries continuing to purchase Chinese gear while others avoided it entirely. Under the new rules, these cybersecurity measures will become mandatory, ensuring a unified and robust defence across all member states.
Huawei has responded to the proposals by asserting its rights as a "legally operating company in Europe." In a statement, the company argued that a legislative proposal to limit or exclude non-EU suppliers based on country of origin, rather than factual evidence and technical standards, violates fundamental EU legal principles. These principles include fairness, non-discrimination, and proportionality, as well as the EU's obligations under the World Trade Organization.
Broadening the Scope of Protection
The proposed restrictions extend beyond telecom networks to encompass equipment in other vital sectors. This includes security scanners used at border checkpoints, water supply systems, and health and medical devices, highlighting a comprehensive approach to safeguarding critical infrastructure.
European Commission Vice President Henna Virkkunen emphasised the proposal's core objective during a presentation to lawmakers at the European Parliament in Strasbourg, France. "Our proposal is about protecting EU citizens and businesses by securing the ICT supply chains that support the critical sectors of our economy and society," she stated. The proposals will now require approval from the European Parliament to become law, marking a pivotal step in the EU's cybersecurity strategy.
