EU phase-out of high-risk tech targets Huawei

The European Union plans to phase out components and ​equipment from ⁠high-risk suppliers in critical sectors, according to a draft proposal released by the European Commission, a move expected to affect Huawei and other Chinese tech companies.

The measures, set out in revisions to the EU's Cybersecurity Act, follow an increase in ‌cyber and ransomware attacks and growing worries over foreign interference, espionage ⁠and ‌Europe's dependence on third-country technology suppliers.

The Commission, the 27-nation bloc's ‍executive, did not name any company nor country.

Europe, however, has been ⁠hardening its stance on the use of Chinese equipment, with Germany, for example, recently appointing an expert commission to rethink trade policy towards Beijing and banning the use of Chinese components from future 6G networks.

The United States banned approvals of new telecommunications ‍equipment from Huawei and ZTE in 2022 and has encouraged Europe to do the same.

"With the new cyber security ‌package, we will have the means in place to better protect our critical (information and communications technology) supply chains but also to combat cyber attacks decisively," EU tech chief Henna Virkkunen said in a statement.

China's foreign ministry, responding to an earlier report on the plans, called restricting Chinese firms without legal basis "naked protectionism" and urged the EU to provide a fair, transparent and non-discriminatory business environment for Chinese companies.

The new measures will apply to 18 key sectors identified by the commission, including detection equipment, connected and automated vehicles, electricity supply systems and electricity storage, water supply systems, and drones and counter-drone systems.

Cloud computing services, medical devices, surveillance equipment, space services and semiconductors are also listed as critical sectors.

The commission already adopted a toolbox of security measures for 5G networks in 2020 ‌to curb the use of so-called high-risk vendors such as Huawei due to concerns about possible sabotage or espionage. ‌

Some countries have yet to remove high-risk equipment, however, due to the heavy costs of doing so.

In its new proposals, the commission said mobile telecoms operators will now have 36 months from the publication of the list of ‌high-risk suppliers to phase out key components from these vendors.

The phase-out time for fixed networks, including fibre optics and submarine cables, as well as satellite networks will be announced later.

"This is an important step in securing our European technological sovereignty and ensuring a greater safety ​for all," Virkkunen said.

Restrictions on suppliers from countries posing cybersecurity concerns will only kick in after a risk assessment initiated either by the commission or at least three EU countries, the draft proposal said.

Any measures taken ⁠would be based ​on market analysis and impact assessment. 

The updated Cybersecurity Act will still need to be agreed with EU countries and the European Parliament in the coming months before it ‌can become law.