EU unveils new plans to tackle Huawei, ZTE as China alleges protectionism

Steven

EU unveils new plans to tackle Huawei, ZTE as China alleges protectionism

Summary

The European Commission this week published draft revisions to the Cybersecurity Act and the NIS (Network and Information Systems) Directive that would force member states to phase out so-called high-risk suppliers from critical national infrastructure. The proposals introduce clearer testing and certification requirements for IT suppliers and give telecom operators up to three years to remove components deemed a significant cybersecurity risk.

The move is framed as a response to a rise in ransomware, state-sponsored hacking, supply-chain threats and the broader geopolitics around foreign interference. China criticised the measures as protectionist, and companies such as Huawei have warned the rules would discriminate against non-EU suppliers without objective technical evidence. The package could sharpen tensions with China and the US and prompt legal and trade disputes while reshaping procurement and vendor strategies across Europe.

Key Points

  • The Commission proposes revisions to the Cybersecurity Act and the NIS Directive to strengthen supply‑chain security across the EU.
  • Member states would be required to phase out high‑risk suppliers from critical national infrastructure, with telecoms given up to three years to remove problematic components.
  • New certification and clearer testing rules are intended to establish a framework for trusted suppliers and reduce supply-chain vulnerabilities.
  • China has publicly criticised the proposal as protectionist; Huawei says exclusion based on origin breaches EU legal principles and WTO obligations.
  • Past national measures (and the EU’s voluntary guidance) already targeted suppliers such as Huawei and ZTE; the new rules would make EU-wide action more systematic.
  • The proposals could trigger legal challenges, trade friction with China and push changes in procurement, vendor diversification and on‑premise/certified-supplier strategies.
  • US technology and political actions also factor into EU concerns about foreign risk, complicating transatlantic industry relations and antitrust dynamics.

Context and relevance

This is part of a broader trend: governments moving from ad-hoc restrictions to formal legal frameworks that treat supplier origin and dependencies as security risks alongside technical vulnerabilities. For telcos, cloud providers, equipment vendors and national security planners, these proposals signal tougher compliance demands, likely higher certification costs and potential disruption to existing contracts. For policymakers and procurement teams, it increases the emphasis on supply‑chain due diligence and certified alternatives.

Why should I read this?

Quick take: if you work in telecoms, security, procurement or run infrastructure that depends on network kit or cloud services, this could change who you can buy from — and how fast you need to rip and replace kit. Politics and cyber risk are finally being bundled into law, so it’s worth knowing what’s coming before suppliers start ringing your inbox.

Author style

Punchy: This isn’t a minor tweak — it’s a policy shift that could reshape vendor markets and procurement rules across Europe. Read the detail if your organisation buys network or IT kit, runs critical services, or advises on security and compliance.

Source

Source: https://therecord.media/eu-unveils-new-plans-to-tackle-huawei-zte