Beijing’s commerce ministry has formally submitted a 30-page document to the European Commission warning that a draft Cybersecurity Act that would force vendor removal could lead to retaliatory measures against European companies in China.
China has formally threatened the European Union with retaliation if a new cyber security law leads to the exclusion of Chinese firms including Huawei and ZTE from Europe’s critical infrastructure.
The Chinese Ministry of Commerce submitted the 30-page document to the European Commission South China Morning PostBeijing has publicly warned it is ready to introduce the Foreign Trade Law and the State Council’s Supply Chain Security Regulations, legal frameworks that allow China to restrict trade, investigate foreign entities and impose reciprocal bans on European companies if Chinese firms face what it calls discriminatory treatment.
The document was submitted to the Commission on April 17. MOFCOM spokesman He Yongqian confirmed the introduction at a press briefing on April 24, dismissing China’s main objection as the bill’s use of “non-technical risk” factors, a mechanism Beijing claims is a subjective political tool designed to exclude Chinese companies regardless of the actual safety features of their equipment.
What does the EU Cybersecurity Act offer?
Revised EU Cyber Security ActAnnounced by the European Commission on January 20, it represents a fundamental change in Brussels’ approach to network security. From 2020, the EU’s “5G toolbox” advises member states to avoid high-risk suppliers in 5G networks.
💜 of EU technology
The latest rumblings from the EU tech scene, a story from our wise founder Boris and some questionable AI art. Free in your inbox every week. Register now!
The recommendation has been met unevenly: by the time the new law was announced, only 13 of the 27 member states had acted on it, and several of the bloc’s most important economies had been slow to act, including Germany, where Huawei supplies around 60% of 5G sites by the end of 2024.
The new law changes the legal framework from a recommendation to an obligation. It will require member states to remove equipment from communications networks of suppliers designated as high-risk suppliers within three years of the law’s entry into force.
It also creates a mechanism by which the Commission can designate an entire country as a “cybersecurity threat,” which would lead to exemptions in 18 critical sectors, including energy, transportation and information technology beyond telecommunications.
The law doesn’t explicitly name Huawei or ZTE, but the intent is unequivocal: EU Technical Commissioner Henna Virkkunen said it would give the bloc “the means to better protect our critical supply chains,” and Chinese vendors account for between 33% and 40% of European 5G infrastructure, according to Strand Consult. A complete rollout would be the largest forced replacement of telecommunications infrastructure in European history.
A precedent that makes Beijing’s threat believable
China has a documented history of retaliatory threats. When Sweden banned Chinese vendors from 5G networks in 2020, Ericsson’s revenue in China fell 46% the following year.
The company never recovered the job. Nokia has maintained a small footprint Chinese marketChina saw its revenues fall from about 2.5 billion euros in 2018 to about 913 million euros last year.
Nokia executives have said the company faces a total ban in China for internal security reasons, while Nokia’s president of mobile networks, Tommy Whitto, has revealed that both Nordic vendors’ share of the Chinese market has fallen to 3%.
Asymmetry is marked. China is already restricting Nokia and Ericsson, the two European companies that benefit most from the Huawei ban, while warning the EU that it will face consequences if it formalizes its own exemptions.
This double standard sounds more and more. Nokia CEO Justin Hotard compared Europe’s continued openness to Huawei to China’s restrictions on European suppliers, and Ericsson’s Börje Ekholm estimated the EU’s revenue potential by replacing the Chinese set in “huge” numbers, given the combined European market share of Huawei and ZTE.
The Swedish precedent also illustrates the enforcement challenge the EU faces regardless of Chinese pressure. The UK has ordered Huawei to be removed from its 5G networks by the end of 2027. BT has missed the 2023 deadline for its core network.
Germany has ordered Huawei to withdraw from the 5G core by the end of 2026, a deadline that did not even exist when the rules governing Huawei’s part of the network were announced, while allowing Huawei to maintain its radio access network until 2029. The practical reality of rip-and-replace on a three-year EU scale is not certain to Light Reading because Light Reading is not certain.
What is Beijing threatening and why?
China’s 30-page submission argues four grounds. First, the ‘non-technical risk’ framework is discriminatory on its face, targeting companies by country of origin rather than by demonstrated security flaw. Second, the law violates the WTO principles of non-discrimination and proportionality.
Third, the designation of China as a “country of cyber security concern,” if enacted, would extend far beyond telecommunications to clean energy, automotive, and industrial supply chains, where Chinese companies are deeply entrenched in European markets.
Fourth, European companies operating in China, German car manufacturers with annual exports of 90 billion euros, Dutch chip manufacturers, French luxury and aerospace firms will face mutual market access restrictions.
The legal mechanisms cited, China’s Foreign Trade Law and the State Council’s Supply Chain Security Regulations, are the same frameworks used by Beijing in previous technology trade disputes. They allow for retaliatory trade restrictions, procurement bans, investigations of foreign entities and entity list designations that mirror the US model that China has openly criticized.
A spokesman’s assertion that China “still views cooperative dialogue as the right path” is a standard diplomatic hedge that accompanies such formal binding submissions.
A geopolitically charged moment
The Trump administration is simultaneously pressuring the EU to speed up Huawei’s removal, while also threatening tariffs on US tech companies over the EU’s measures.
The EU is operating in a position where it faces pressure from Washington to act against Huawei and pressure from Beijing not to, while trying to maintain economic ties with both.
Germany, the member state most at risk in terms of exposure to the Chinese market for both Huawei infrastructure and the automotive sector, has been the most cautious about the pace of implementation.
The stakes for Nokia and Ericsson are direct. Both were among the companies expected to meet with EU leaders on Europe’s technological competitiveness and strategic supply chain policy.
A full European Huawei ban would represent the biggest new revenue opportunity for Nordic vendors in years. The key question now is whether the EU will actually follow through, given the reluctance of member states, the timetable for implementation and Beijing’s apparent threat.
The Cybersecurity Act still needs to be discussed with EU governments and the European Parliament before becoming law. No timeline for this process has been confirmed.
China’s official presentation is designed to influence those talks, and the governments most exposed to China’s trade retaliation, Germany, the Netherlands and France, are also the most limited in implementing the existing 5G toolbox.
