Brussels – The European Union is moving to tighten its grip on the digital infrastructure that underpins the continent's economy, sparking a heated response from Chinese tech giant Huawei. A draft proposal, released Tuesday by the European Commission, outlines plans to phase out components and equipment from suppliers deemed "high-risk" across critical sectors. While the proposal avoids naming specific companies or countries, the measures are widely seen as targeting Chinese firms like Huawei and ZTE.

The EU's executive arm insists the move is necessary to combat rising cyber threats, ransomware attacks, and concerns about foreign interference and espionage. European policymakers are increasingly uneasy about the bloc's dependence on non-EU technology. Henna Virkkunen, the EU tech chief, stated the Cybersecurity Package will provide the means to better protect critical ICT supply chains and decisively combat cyber attacks.

The proposal is a revision of the EU's Cybersecurity Act and builds upon the 5G security "toolbox" adopted in 2020, which aimed to reduce reliance on vendors perceived as high-risk. However, these earlier measures were largely voluntary, leading to inconsistent implementation across member states. The new rules would make cybersecurity measures mandatory.

The plan stipulates that mobile operators will have 36 months from the publication of a high-risk supplier list to phase out key components. Timelines for fixed networks, including fiber-optic cables, submarine cables, and satellite networks, are expected to be announced later. The critical sectors covered by the proposal include telecoms, cloud services, energy systems, medical devices, transport, surveillance, space services, and semiconductors.

Huawei has reacted strongly, arguing that limiting or excluding non-EU suppliers based on their country of origin, rather than factual evidence and technical standards, violates the EU's basic legal principles of fairness, non-discrimination, and proportionality, as well as its WTO obligations. A Huawei spokesperson stated the company will continue to provide secure and trusted products and services in Europe and will closely monitor the legislative process to safeguard its interests. China's foreign ministry has also criticized the plan, calling it "naked protectionism" that lacks legal basis. A spokesperson stated that Chinese companies operate in Europe in compliance with laws and regulations and have never endangered Europe's national security.

The GSMA, a mobile industry trade body, shares the Commission's objective of reinforcing cybersecurity. However, the GSMA argues that the measures must be strictly risk-based and operationally workable to avoid undermining European operators' ability to upgrade networks and meet connectivity ambitions.

The EU's proposal needs to be negotiated with EU governments and the European Parliament before it can become law. If approved, member states will have one year to implement the directive into national law. The move mirrors actions taken by the U.S. in 2022, when the Federal Communications Commission banned new telecommunications equipment from Huawei and ZTE.