EU Cybersecurity Act tightens vendor access
- Reporting says the EU Cybersecurity Act will phase Huawei and ZTE out of critical infrastructure over a three-year period. - The phased removal is said to affect telecoms, energy and other critical sectors, underlining digital sovereignty aims. - Vendor exclusion timelines like this change procurement norms and could push buyer blocs to align on vendor and standards policies (x.com).
The European Commission has proposed a law that would force European Union countries to remove high-risk telecom gear from critical networks within three years. (digital-strategy.ec.europa.eu) The proposal was published on January 20, 2026 as part of a broader cybersecurity package and a revision of the 2019 Cybersecurity Act. The Commission said the new framework would let the European Union and member states act together on “strategic risks of undue foreign interference” in critical information and communications technology supply chains. (digital-strategy.ec.europa.eu) The Commission’s question-and-answer document says operators of electronic communications networks would no longer be allowed to rely on high-risk suppliers for critical assets. Reporting on the draft says the three-year phaseout is aimed in practice at Huawei and ZTE, even though the text does not name companies. (digital-strategy.ec.europa.eu) (politico.eu) Brussels is moving from guidance to law after years of uneven enforcement. The European Union’s 5G Toolbox, adopted in 2020, urged governments to restrict risky vendors, but those measures were voluntary and some countries kept large amounts of Chinese equipment in their networks. (politico.eu) (usnews.com) The Commission had already hardened its position before this bill. In a September 17, 2025 parliamentary answer, it said Huawei and ZTE present “materially higher risks” than other 5G suppliers and said member-state decisions to restrict or exclude them were justified under the toolbox. (europarl.europa.eu) The new proposal reaches beyond mobile networks. Reporting on the draft says the restrictions would affect other critical sectors including energy, transport, security equipment, water systems and some health and medical devices. (politico.eu) (yahoo.com) The push sits inside a wider European Union effort to cut dependence on foreign infrastructure. A February 2025 European Parliament research note said 42% of 5G communications in Europe were carried through radio equipment from high-risk vendors, and tied that exposure to the bloc’s technology-sovereignty agenda. (europarl.europa.eu) Huawei rejected the approach after the draft was released. The company said a law that limits or excludes non-European Union suppliers by country of origin rather than technical evidence would violate principles of fairness, non-discrimination and proportionality, and said it would protect its legitimate interests. (yahoo.com)
