Brussels reiterates its warning regarding Huawei and is set to ensure its enforcement.

      The European Commission has officially advised member states to exclude Huawei and ZTE from their connectivity infrastructure. This recommendation is progressing toward becoming legally binding. China has already warned of potential retaliation.

      When the European Commission initially urged its member states to prohibit Huawei and ZTE from their 5G networks in the 2020 5G Cybersecurity Toolbox, it was merely a suggestion. Six years later, on 4 May 2026, the Commission reiterated this stance.

      According to Reuters, Brussels has formally recommended that its 27 member states avoid using equipment from the two Chinese companies in their connectivity infrastructure, expanding the request beyond mobile networks to encompass the broader telecom and digital systems on which the Union relies.

      While it may seem that the Commission is reiterating its position, it is doing so with a specific intent. The recent recommendation is meant to be a public supplement to a more significant structural change.

      The same restrictions are transitioning, via a draft cybersecurity law introduced in January, into mandatory obligations for member states, accompanied by procedures for violations. The voluntary approach, as acknowledged by Brussels, has proven ineffective.

      What the recommendation actually states and what it does not

      The Commission's text from 4 May reaffirms its long-held belief that Huawei and ZTE present substantially greater risks than other suppliers within the EU's connectivity framework, instructing member-state governments and telecom operators to refrain from using their equipment in critical network infrastructure.

      The recommendation is non-binding as published, allowing national regulators to maintain authority over their own procurement decisions. Member states that wish to continue utilizing the two vendors are not legally barred from doing so.

      What has changed is that the recommendation is no longer the Commission's key tool. On 20 January 2026, Henna Virkkunen, the EU’s Executive Vice-President for Tech Sovereignty, introduced a cybersecurity package specifically aimed at transforming this soft directive into a more enforceable one.

      Under the proposed legislation, components from designated high-risk suppliers must be removed from essential network infrastructure within 36 months after the rules come into effect; member states failing to comply would face infringement procedures and potential financial repercussions.

      “It didn’t work on a voluntary basis,” Virkkunen remarked at the time, a statement widely cited by Euronews and CNBC.

      In this context, Monday’s recommendation can be seen as a temporary measure: an affirmation of the overall policy direction while the legislative mechanism that will enforce it is developed through co-decision.

      Why the voluntary phase did not work

      Statistical evidence illustrates the issue. As reported by Euronews, by February 2024, only 11 of the EU's 27 member states had enacted solid 5G security measures against Huawei and ZTE. By the time the Commission unveiled its January 2026 package, that number had only increased to 13.

      This indicates that, despite six years of consistent regulatory pressure, slightly fewer than half of the member states had followed through on a recommendation that has now been reiterated.

      The reasons for this are rooted in both economic and political factors. Germany, the EU's largest market, emerged as the most prominent holdout: estimates indicated that Huawei equipment was present in about 60 percent of German 5G sites as recently as late 2024, and the costs and complexities involved in replacing it have been viewed by Berlin as a gradual, locally driven endeavor. Several Eastern European member states have shown similar reluctance.

      The Commission’s frustration with this trend is widely regarded as the immediate political motivation for pushing legislation.

      Member states with strong domestic suppliers, such as France with Nokia’s Alcatel-Lucent and Sweden with Ericsson, have aligned more closely with Brussels's stance from the beginning. Sweden notably barred Huawei and ZTE from its 5G network back in October 2020.

      The impact of this decision was significant: Ericsson's revenue from China fell by 46 percent in the year following the Swedish ban, and the company has not recuperated that market since. Capitals analyzing the Commission’s draft law are aware of this context.

      What the connectivity-infrastructure framing adds

      Until now, the Commission’s primary focus has centered on mobile networks: 5G core, radio access, and the equipment determining citizen connectivity.

      The recent recommendation expands the terminology to encompass “connectivity infrastructure” more broadly, and the Commission has indicated that the forthcoming binding framework will include fixed networks, fiber-optic and submarine cables, and satellite networks. Details on phase-out periods for these categories will be released later.

      The extension to submarine cables is especially strategically significant. We have previously discussed the geopolitical tensions surrounding underwater cable infrastructure, which carries the majority of the EU's intercontinental internet traffic and has recently been a target of suspected sabotage incidents in the Baltic and Red Seas. Removing high-risk suppliers from this layer of infrastructure presents different challenges compared to excluding them from a base station, and is deemed by most experts to be more urgent.

      China’s reaction was predictably firm. Beijing has labeled the cybersecurity package as