EU phase-out of high-risk tech targets Huawei, Chinese companies

By Foo Yun Chee

 

BRUSSELS, Jan 20 (Reuters) - The European Union plans to phase out components and equipment from high-risk suppliers in critical sectors, according to a draft proposal released by the European Commission on Tuesday, a move expected to affect Huawei and other Chinese tech companies.

 

The measures, set out in revisions to the EU’s Cybersecurity Act, follow an increase in cyber and ransomware attacks and growing worries over foreign interference, espionage and Europe’s dependence on third-country technology suppliers.

The Commission, the 27-nation bloc’s executive, did not name any company nor country.

 

Europe, however, has been hardening its stance on the use of Chinese equipment, with Germany, for example, recently appointing an expert commission to rethink trade policy towards Beijing and banning the use of Chinese components from future 6G networks.

 

The United States banned approvals of new telecommunications equipment from Huawei and ZTE in 2022 and has encouraged Europe to do the same.

 

NEW MEASURES CREATE MORE SAFETY, TECH SOVEREIGNTY, EU SAYS

 

"With the new Cybersecurity Package, we will have the means in place to better protect our critical (information and communications technology) supply chains but also to combat cyber attacks decisively," EU tech chief Henna Virkkunen said in a statement.

 

China’s foreign ministry, responding to an earlier report on the plans, called restricting Chinese firms without legal basis "naked protectionism" and urged the EU to provide a fair, transparent and non-discriminatory business environment for Chinese companies.

 

The new measures will apply to 18 key sectors identified by the Commission, including detection equipment, connected and automated vehicles, electricity supply systems and electricity storage, water supply systems, and drones and counter-drone systems.

 

Cloud computing services, medical devices, surveillance equipment, space services and semiconductors are also listed as critical sectors.

 

The Commission already adopted a toolbox of security measures for 5G networks in 2020 to curb the use of so-called high-risk vendors such as Huawei due to concerns about possible sabotage or espionage. Some countries have yet to remove high-risk equipment, however, due to the heavy costs of doing so.

 

In Tuesday’s proposals, the Commission said mobile telecoms operators will now have 36 months from the publication of the list of high-risk suppliers to phase out key components from these vendors.

 

The phase-out time for fixed networks, including fibre optics and submarine cables, as well as satellite networks will be announced later.

"This is an important step in securing our European technological sovereignty and ensuring a greater safety for all," Virkkunen said.

 

Restrictions on suppliers from countries posing cybersecurity concerns will only kick in after a risk assessment initiated either by the Commission or at least three EU countries, the draft proposal said. And any measures taken would be based on market analysis and impact assessment. 

 

The updated Cybersecurity Act will still need to be agreed with EU countries and the European Parliament in the coming months before it can become law.

 

(Reporting by Foo Yun Chee; Editing by Joe Bavier)