China warns the EU of extensive reprisals.

      The commerce ministry of Beijing has officially presented a 30-page document to the European Commission, cautioning that its proposed Cybersecurity Act, which would mandate the removal of vendors for the first time, could lead to retaliatory actions against European companies operating in China. China has issued a formal warning to the European Union about potential retaliation if a new extensive cybersecurity law results in the exclusion of Chinese firms, such as Huawei and ZTE, from European critical infrastructure.

      The Chinese Ministry of Commerce delivered a detailed 30-page document to the European Commission, as reported earlier by the South China Morning Post. This document clearly indicates that Beijing is ready to implement its Foreign Trade Law and State Council Supply Chain Security Regulations, which provide legal bases for trade restrictions, investigations into foreign entities, and reciprocal bans on European companies if they perceive discriminatory treatment against Chinese firms.

      The document was presented to the Commission on April 17, with MOFCOM spokesperson He Yongqian confirming its submission during a press conference on April 24. He characterized China's primary objection as stemming from the draft law's employment of 'non-technical risk' factors, which Beijing argues is a subjective political mechanism aimed at excluding Chinese companies, irrespective of the actual security characteristics of their products.

      What does the EU Cybersecurity Act entail?

      The revised EU Cybersecurity Act, introduced by the European Commission on January 20, marks a significant transformation in Brussels' approach to network security. Since 2020, the EU's ‘5G toolbox’ has advised member states to avoid engaging high-risk vendors in 5G networks. However, this recommendation has not been uniformly enacted; by the time the new law was announced, only 13 of the 27 member states had responded, with several major economies, including Germany—where Huawei supplied equipment to about 60% of 5G sites until late 2024—lagging in implementation.

      The new legislation transitions the basis from recommendations to mandatory obligations. It will require member states to eliminate equipment from vendors classified as high-risk suppliers from communications networks within three years after the law comes into effect. Additionally, it establishes a process through which the Commission can identify an entire nation as a ‘cybersecurity threat,’ resulting in exclusions that would extend to 18 critical sectors, including energy, transportation, and information technology.

      Although the law does not specifically mention Huawei or ZTE, the intent is clear: EU Tech Commissioner Henna Virkkunen stated that it would provide the bloc with better tools to protect its critical supply chains. Data from Strand Consult estimates that Chinese vendors hold between 33% and 40% of the European 5G infrastructure market, and a comprehensive removal would represent the most extensive forced replacement of telecommunications infrastructure in European history.

      The precedent supporting Beijing’s threat

      China's threats of retaliation have precedent. Following Sweden's ban on Chinese vendors from its 5G networks in 2020, Ericsson saw its revenues in China plummet by 46% in the subsequent year, never recovering that business. Meanwhile, Nokia, which retains a minor presence in the Chinese market, experienced a significant revenue decline from around €2.5 billion in 2018 to about €913 million last year. Internally, Nokia executives have indicated that the company may face a total ban in China due to national security concerns, with Tommi Uitto, Nokia’s president of mobile networks, revealing that the combined market share of both Nordic companies has diminished to 3%.

      The situation is notably imbalanced. China has already been imposing restrictions on Nokia and Ericsson—two European firms that would benefit significantly from a Huawei ban—while simultaneously warning the EU of consequences for formalizing exclusions. This double standard is increasingly drawing scrutiny, with Nokia CEO Justin Hotard contrasting Europe's ongoing openness to Huawei with China's limitations on European vendors, and Ericsson’s Börje Ekholm estimating that replacing Chinese equipment could present a ‘sizeable’ revenue opportunity for the EU.

      The case of Sweden highlights the challenges the EU may face, independent of Chinese pressure. The UK set a mandate to eliminate Huawei from its 5G networks by the end of 2027, but BT failed to meet its 2023 target for its core network. Germany ordered Huawei's removal from the 5G core by the end of 2026, but this deadline applied to parts of the network where Huawei was not present when the regulations were announced, allowing for Huawei’s radio access network to remain until 2029. The practicalities of a three-year EU-wide large-scale removal are, as noted by Light Reading, ‘ambitious and compliance is uncertain.’

      What China is threatening and why

      In its 30-page submission, China argues four main points. First, the ‘non-technical risk’ framework is inherently discriminatory, targeting companies based on their country rather than any demonstrated security concerns. Second, the law contravenes WTO principles regarding non-discrimination and proportionality. Third, if China were designated as a ‘country of cybersecurity concern,’