EU Moves to Phase Out High-Risk Technology Suppliers Huawei Across Critical Sectors

Brussels | Jan 20 (GeokHub) The European Union is preparing to gradually remove technology components and equipment from suppliers deemed “high risk” across key industries, under proposed revisions to the bloc’s Cybersecurity Act released on Tuesday.

The draft measures, put forward by the European Commission, aim to strengthen Europe’s digital defenses amid a rise in cyberattacks, ransomware incidents, and concerns over foreign interference and espionage, while reducing the EU’s dependence on non-European technology providers.

Although the proposal does not explicitly name companies or countries, Chinese technology giant Huawei is expected to be among those most affected. The move aligns with broader efforts across Europe and the United States to tighten scrutiny of Chinese-made telecoms and digital infrastructure.

Strengthening Tech Sovereignty

EU officials said the updated cybersecurity framework would give authorities stronger tools to protect critical information and communications technology supply chains and respond more decisively to cyber threats.

“With this new cybersecurity package, Europe will be better equipped to safeguard its critical systems and reinforce technological sovereignty,” said Henna Virkkunen, the EU’s commissioner responsible for technology policy.

The new rules would apply to 18 strategically important sectors, including telecommunications, cloud services, medical devices, electricity and water systems, connected vehicles, drones, surveillance technology, space services, and semiconductors.

Industry Pushback

Huawei criticised the proposal, arguing that restrictions based on a supplier’s country of origin rather than technical evidence would undermine principles of fairness and non-discrimination and could conflict with global trade rules.

The company said it would closely monitor the legislative process and defend its interests as discussions progress.

Telecoms industry group Connect Europe also warned that the proposed changes could significantly increase compliance costs for operators, potentially amounting to billions of euros, particularly where existing infrastructure would need to be replaced.

Implementation Timeline

Under the draft plan, mobile network operators would have 36 months after the publication of an official high-risk supplier list to remove key components from their networks. Timelines for fixed-line infrastructure, including fibre-optic, submarine cables and satellite systems, will be defined later.

Any restrictions would only take effect following a formal cybersecurity risk assessment, triggered either by the European Commission or at least three EU member states, and would be supported by market and impact studies.

The revised Cybersecurity Act will now enter negotiations with EU governments and the European Parliament before it can become law.