China warns the EU of extensive countermeasures.

      Beijing’s commerce ministry has officially presented a 30-page document to the European Commission, cautioning that the proposed Cybersecurity Act, which would mandate the removal of vendors for the first time, could lead to retaliatory actions against European companies operating in China. China has explicitly warned the European Union that there will be repercussions if the new cybersecurity legislation results in the exclusion of Chinese firms, such as Huawei and ZTE, from critical European infrastructure.

      As reported by the South China Morning Post, the Ministry of Commerce’s document informs the European Commission that Beijing is ready to activate its Foreign Trade Law and State Council Supply Chain Security Regulations—legal frameworks that empower China to limit trade, investigate foreign entities, and impose countermeasures against European companies—should Chinese firms encounter what it regards as discriminatory treatment.

      The submission was dated April 17, and MOFCOM spokesperson He Yongqian confirmed it during a briefing on April 24, stressing that China’s primary concern lies in the draft law’s reliance on ‘non-technical risk’ criteria, which Beijing claims is a politically motivated approach that aims to exclude Chinese companies irrespective of the actual security characteristics of their technology.

      What does the EU Cybersecurity Act entail?

      The revised EU Cybersecurity Act, unveiled by the European Commission on January 20, signifies a significant shift in Brussels' strategy towards network security. Since 2020, the EU’s ‘5G toolbox’ has advised member states to steer clear of high-risk vendors in 5G networks, but this recommendation has not been uniformly adopted; only 13 out of 27 member states had complied by the time the new legislation was introduced, with major economies like Germany—where Huawei’s equipment was used in about 60% of 5G installations until late 2024—being slow to respond.

      The new legislation transitions from a recommendation to a requirement, obligating member states to eliminate equipment from suppliers classified as high-risk from their communications networks within three years of the law’s enactment. Furthermore, it establishes a mechanism for the Commission to designate an entire country as a ‘cybersecurity threat,’ resulting in exclusions that would extend beyond telecommunications into 18 critical sectors, such as energy, transport, and IT.

      Although the law does not specifically mention Huawei or ZTE, the intention is clear: EU Tech Commissioner Henna Virkkunen stated it would equip the bloc ‘with the necessary means to enhance the protection of our critical supply chains’. Data from Strand Consult indicates that Chinese suppliers account for between 33% and 40% of European 5G infrastructure, and a complete removal would represent the largest forced overhaul of telecom infrastructure in European history.

      The context that lends credibility to Beijing’s threats

      China’s threats of retaliation have a historical basis. Following Sweden’s decision to exclude Chinese vendors from its 5G networks in 2020, Ericsson's revenues in China plummeted by 46% the following year, and the company has not regained that market. Meanwhile, Nokia's presence in China has diminished, with its revenue there dropping from around €2.5 billion in 2018 to about €913 million last year. Internally, Nokia executives have indicated that the company risks a total ban in China due to national security concerns, with Nokia’s mobile networks president, Tommi Uitto, stating that the combined market share of Nokia and Ericsson in China has fallen to 3%.

      This disparity highlights how China has already imposed restrictions on Nokia and Ericsson—two companies that would benefit from a ban on Huawei—while simultaneously warning the EU about the consequences of formalizing exclusions. This double standard is increasingly being scrutinized. Nokia’s CEO, Justin Hotard, has pointed out the inconsistency in Europe’s openness to Huawei compared to restrictions faced by European firms in China, while Ericsson’s Börje Ekholm has estimated a significant revenue opportunity for the EU from replacing Chinese technology, given that Huawei and ZTE hold a substantial share of the European market.

      The Swedish case also showcases the challenges the EU faces independently of Chinese pressure. The UK has mandated phasing out Huawei from 5G networks by the end of 2027, but BT has missed the 2023 deadline for its core network. Similarly, Germany has set a deadline for removing Huawei from the 5G core by the end of 2026, despite allowing Huawei’s radio access network to remain until 2029. The feasibility of a large-scale, three-year EU-wide removal process appears ‘ambitious and compliance is uncertain,’ according to Light Reading.

      What is Beijing’s warning and the reasons behind it?

      China’s 30-page document presents four main arguments. Firstly, it contends that the ‘non-technical risk’ framework is inherently discriminatory, targeting companies based on their country of origin rather than any proven security issues. Secondly, it claims that the law contravenes WTO principles regarding non-discrimination and proportionality. Thirdly, if China is designated as a ‘country of cybersecurity concern