The Dutch government has quietly removed Google tracking tools from job listings for its intelligence services over concerns that the data would expose aspirant spies to U.S. surveillance. The intervention would put an end to Google’s processing of the data of job seekers interested in applying to spy service jobs, after members of parliament in The Hague raised security concerns. The move comes at a moment when trust between the Netherlands and the United States is fraying. It reflects wider European unease — heightened by Donald Trump’s return to the White House — about American tech giants having access to some of their most sensitive government data. The heads of the AIVD and MIVD, the Netherlands’ civilian and military intelligence services, said in October that they were reviewing how to share information with American counterparts over political interference and human rights concerns. In the Netherlands, government vacancies are listed on a central online portal, which subsequently redirects applicants to specific institutions’ or agencies’ websites, including those of the security services. The government has now quietly pulled the plug on Google Analytics for intelligence-service postings, according to security expert Bert Hubert, who first raised the alarm about the trackers earlier this year. Hubert told POLITICO the job postings for intelligence services jobs no longer contained the same Google tracking technologies at least since November. The move was first reported by Follow the Money. The military intelligence service MIVD declined to comment. The interior ministry, which oversees the general intelligence service AIVD, did not respond to a request for comment at the time of publication. In a statement, Communications Manager for Google Mathilde Méchin said: “Businesses, not Google Analytics, own and control the data they collect and Google Analytics only processes it at their direction. This data can be deleted at any time.” “Any data sent to Google Analytics for measurement does not identify individuals, and we have strict policies against advertising based on sensitive information,” Méchin said. ‘FUTURE EMPLOYEES AT RISK’ Derk Boswijk, a center-right Dutch lawmaker, raised the alarm about the tracking of job applicants in parliamentary questions to the government in January. He said that while China and Russia have traditionally been viewed as the biggest security risks, it is unacceptable for any foreign government — allied or not — to have a view into Dutch intelligence recruitment. “I still see the U.S. as our most important ally,” Boswijk told POLITICO. “But to be honest, we’re seeing that the policies of the Trump administration and the European countries no longer necessarily align, and I think we should adapt accordingly.” The government told Boswijk in February it had enabled privacy settings on data gathered by Google. The government has yet to comment on Boswijk’s latest questions submitted in November. Hubert, the cybersecurity expert, said the concerns over tracking were justified. Even highly technical data like IP addresses, device fingerprints and browsing patterns can help foreign governments, including adversaries such as China, narrow down who might be seeking a job inside an intelligence agency, he said. “By leaking job applications so broadly, the Dutch intelligence agencies put their future employees at risk, while also harming their own interests,” said Hubert, adding it could discourage sought-after cybersecurity talent that agencies are desperate to attract. Hubert previously served on a watchdog committee overseeing intelligence agencies’ requests to use hacking tools, surveillance and wiretapping.  One open question raised by Dutch parliamentarians is how to gain control over the data that Google gathered on aspiring spies in past years. “I don’t know what happens with the data Google Analytics already has, that’s still a black box to me,” said Sarah El Boujdaini, a lawmaker for the centrist-liberal Democrats 66 party who oversees digital affairs. The episode is likely to add fuel to efforts to wean off U.S. technologies — which are taking place across Europe, as part of the bloc’s “technological sovereignty” drive. European Parliament members last month urged the institution to move away from U.S. tech services, in a letter to the president obtained by POLITICO. In the Netherlands, parliament members have urged public institutions to move away from digital infrastructure run by U.S. firms like Microsoft, over security concerns. “If we can’t even safeguard applications to our secret services, how do you think the rest is going?” Hubert asked. The country also hosts the International Criminal Court, where Chief Prosecutor Karim Khan previously lost access to his Microsoft-hosted email account after he was targeted with American sanctions over issuing an arrest warrant for Israeli Prime Minister Benjamin Netanyahu. The ICC in October confirmed to POLITICO it was moving away from using Microsoft Office applications to German-based openDesk.

Sweden has asked its cyber agency to bolster security measures ahead of a general election next year, warning for what it called a “serious security situation.” Cyberattacks against Sweden are on the rise, the country’s defense ministry said Friday. “Threats in the cyber domain are increasing and Sweden is far from spared,” Civil Defense Minister Carl-Oskar Bohlin said. Sweden is holding a general election on Sept. 13 next year. Given the increase in attacks, the government has told the agency to assess the threats to Sweden, propose defenses and plan cyber exercises, it said. European countries have braced for cyber and disinformation attacks around recent votes. These hacking and disinformation campaigns have often been linked to Russia, and disruptive cyberattacks against official websites and IT infrastructure are now common. Romania cancelled a presidential election outcome in December due to Russian interference, while Moldova recently called in EU assistance ahead of an election featuring cyberattacks it pinned on Moscow.  The Swedish cyber agency will report its initial findings to the defense ministry by March next year. 

Two of the world’s most prolific state-linked cybercrime groups — Russia’s Gamaredon and North Korea’s Lazarus collective — have been spotted sharing resources, new research showed on Thursday. Experts at cybersecurity firm Gen Digital found overlapping tactics and shared infrastructure between the two groups. The discovery is “unprecedented,” said Director of Threat Intelligence at Gen Digital Michal Salat. “I don’t recall two countries working together on [Advanced Persistent Threat] attacks,” he said, referring to attacks that are sophisticated, long-term campaigns often conducted by nation-state actors. If confirmed, it would mark a new level of coordination between Moscow and Pyongyang. The Gamaredon cybercrime group is linked to Russia’s Federal Security Service and has aggressively targeted Ukrainian government networks since the start of the invasion in 2022, mostly for intelligence collection. Lazarus, a well-known North Korean threat group, conducts everything from espionage to financially motivated cybercrime. While tracking Gamaredon’s use of Telegram channels to share the servers controlling its malware, analysts discovered that one of those servers was also being used by Lazarus. One Gamaredon-run server was also found hosting a hidden version of malware linked to Lazarus. The file closely matched Lazarus’ typical tools. Nation-state hacking groups rarely host or distribute one another’s malware. Researchers believe the findings indicate the two groups are likely sharing systems, and could very well be cooperating directly. At a minimum, it shows that one group is deliberately imitating the other. Salat added that Gamaredon may be studying Lazarus’ methods, too. Lazarus is known for using fake job offers to trick victims and for stealing cryptocurrency, a key revenue source for North Korea, which is under heavy global sanctions. Moscow and Pyongyang have increased cooperation, including among their militaries, in previous years. Western security services believe Pyongyang has sent thousands of North Korean soldiers to Russia to support the war in Ukraine. Ukrainian authorities last month said North Korean troops were flying drones across the border, and Ukrainian military intelligence said last week North Korea would send thousands of workers to Russia to manufacture drones.

BRUSSELS — The EU is flipping its script on artificial intelligence amid a global race to win cash and influence. The European Commission is on Wednesday expected to postpone the implementation of landmark AI restrictions by at least a year as part of sweeping changes to digital rules aimed at staying competitive with the U.S. and China. For years EU policymakers focused on making regulations to ensure the technology can be trusted. Now, in a year that saw major advances in artificial intelligence and Donald Trump reenter office, the EU is letting go of its dream of being the global leader on regulating AI. The Artificial Intelligence Act, which took years to negotiate, is not even fully in place yet. Throughout 2025 a growing chorus of national governments and executives from tech companies and industry lobby groups have called for a delay of a part of the law, putting the issue at the center of a wider fight in Brussels over how the EU should balance regulation and innovation. Wednesday’s proposal will see industry voices win out, with the announcement made under the same Commission president that heralded the original law as a “historic moment” to make people safer. While the EU executive will present the proposal as a technical adjustment that will ultimately make the EU’s regulation more effective — on the basis that changes will help industry to comply — it follows an intense lobbying effort by the Trump administration in Washington and from corporate lobbies in Brussels against the bloc’s digital rules. “A part of the message that Europe is giving to the rest of the world is that it is open to pressure from tech companies and other nations,” said Natali Helberger, a professor of law and digital technology at the University of Amsterdam. “I would say this harms the credibility.” Under the plans expected Wednesday, a series of AI practices that are classified as high risk — for example using artificial intelligence in recruitment, to assess people’s suitability to get loans or to score exams — won’t face obligations for at least a year longer than planned. A big part of the justification for the decision has been concerns that the regulations will prevent Europe from being competitive at a time when it needs to level up. Tech lobbies have slammed the foreseen timeline as “unworkable.” “If we only could take the foot off the brake and give innovation a bit more chance, I think that’s all we need,” Germany’s Digital Minister Karsten Wildberger said Tuesday when asked about the Commission’s upcoming proposal. The plans are prompting pushback from civil society. “The Commission seems intent on destroying fundamental rights safeguards and setting us up for months, if not years of infighting and legal uncertainty without any tangible gains for EU competitiveness,” said Daniel Leufer, senior policy analyst at AccessNow. Other changes expected Wednesday would exempt more companies from certain rules altogether, and would also give industry a grace period on new rules for watermarking visual content made by AI. TOO AMBITIOUS? The bloc’s AI rulebook was adopted in August 2024 but the rules were always intended to take effect gradually. Some AI practices that carry an “unacceptable risk” such as predictive policing or social scoring have been forbidden since February. The most complex AI models, such as OpenAI’s GPT, have also had to play by a separate set of rules since August. The rules that the EU executive is now pressing pause on — those that pose a risk to people’s health, safety or fundamental rights — were slated to take effect in August next year. Countries and companies argued a delay was necessary due to a delay in the technical standards, designed to help companies comply with the requirements. Standardization bodies missed the deadline to deliver on them twice, and now the standards won’t be ready until 2026. The timeline to come up with standards was a “bit ambitious from the start,” a representative from the standardization bodies told POLITICO in September. By branding it as a technical delay due to the lack of guidance, some in favor of a pause are choosing not to label it as a retreat, but instead to suggest a little more time is needed to get things right. “Many companies would welcome this,” said Wildberger. “But equally important is that we use the time to get certain things right. It’s not just: we postpone it. No, we have some work to do.” Germany and France came out publicly in favor of a one-year pause on Tuesday. Sweden, Poland, the Czech Republic and Denmark all called for a pause or a grace period before. Countries had a stake in delaying the process. “It is also motivated by the fact that so far, a lot of member states haven’t assigned and equipped their national regulatory authorities that must enforce the AI Act,” said Helberger. Hitting pause “will give them more time to get their act together at the national level,” she said. Wednesday’s proposal will need approval from EU countries and by the European Parliament before becoming final. There’s a hard deadline of August 2026 when the rules were set to apply. Within Parliament, even critics of the pause have privately conceded defeat and are now focused on keeping the delay as short as possible and avoiding further pushback. “Unfortunately, a pause now seems inevitable given the delay in developing the standards,” Irish Renew lawmaker Michael McNamara said last week after POLITICO first reported that the rules would be delayed by at least a year. McNamara warned that there should be “no further delays,” because “if there were, it would undermine regulation and rule of law beyond just the AI Act.” Mathieu Pollet contributed to this report.

The German government is set to get new powers to bar risky Chinese technology suppliers from its critical infrastructure. Lawmakers in the federal Bundestag parliament on Thursday approved legislation that would give new tools to the Interior Ministry to ban the use of components from specific manufacturers in critical sectors over cybersecurity risks. The measures resemble what European countries have done in the telecom sector, but the new German bill applies to a much wider range of sectors, including energy, transport and health care. The law comes as German Chancellor Friedrich Merz on Thursday signaled a tougher stance against Chinese tech giant Huawei, telling a business conference in Berlin that he “won’t allow any components from China in the 6G network.” Merz is set to discuss the issue at a major digital sovereignty summit co-hosted by Germany and France next week. The fresh scrutiny for supply chain security in the EU’s largest economy — a manufacturing powerhouse with a complex relationship with China — comes at a time when the European Union is considering how best to tackle cyber risks in supply chains dominated by Chinese firms. Governments are looking beyond the telecom sector, pushing for action in areas such as solar power and connected cars. European cybersecurity officials are finalizing an ICT Supply Chain Toolbox to help governments mitigate the risks, and the European Commission is preparing an overhaul of its Cybersecurity Act to address the issue, expected in January. The German legislation implements the EU’s NIS2 Directive, a critical infrastructure cybersecurity law. The Bundesrat, Germany’s upper legislative chamber, still has to sign off on the bill, which is expected next Friday. The key question is whether Germany is willing to use its powers, said Noah Barkin, a senior advisor at Rhodium Group, a think tank. On telecoms, “this helps lay the groundwork for pushing Huawei out of the 5G network, but it doesn’t guarantee that the political will will be there to take that decision,” he said.  The Interior Ministry could already block telecom operators from using particular components under an existing German IT security law. The law’s 2021 revision was widely seen as an attempt to get Chinese firms like Huawei and ZTE out of telecom network due to fears of cybersecurity and security risks. The Interior Ministry intervened in 2024, but it has never formally blocked the use of specific components under that law. For its new cyber law, the government originally proposed to extend the measures applying to the telecom industry to the electricity sector as well. But parliament’s version now applies to all critical sectors, which under the EU’s NIS2 law includes areas such as transport, health care and digital infrastructure.  German center-left lawmaker Johannes Schätzl, the digital policy spokesperson for the SPD, said this is a “logical step, because cyber and hybrid threats do not stop at sectoral boundaries.” The Interior Ministry will be required to consult with other arms of government when considering bans or blocks of certain suppliers, the bill said. In the past, some ministries like the digital and economy departments have been more reluctant to banning Chinese components, in part due to fears of economic retaliation from Beijing. Industry, too, could resist the new measures. German technology trade association Bitkom on Thursday said that the new rules could be unpredictable and therefore “detrimental.”

Elisabeth Braw is a senior fellow at the Atlantic Council, the author of the award-winning “Goodbye Globalization” and a regular columnist for POLITICO. Over the past two years, state-linked Russian hackers have repeatedly attacked Liverpool City Council — and it’s not because the Kremlin harbors a particular dislike toward the port city in northern England. Rather, these attacks are part of a strategy to hit cities, governments and businesses with large financial losses, and they strike far beyond cyberspace. In the Gulf of Finland, for example, the damage caused to undersea cables by the Eagle S shadow vessel in December incurred costs adding up to tens of millions of euros — and that’s just one incident. Russia has attacked shopping malls, airports, logistics companies and airlines, and these disruptions have all had one thing in common: They have a great cost to the targeted companies and their insurers. One can’t help but feel sorry for Liverpool City Council. In addition to looking after the city’s half-million or so residents, it also has to keep fighting Russia’s cyber gangs who, according to a recent report, have been attacking ceaselessly: “We have experienced many attacks from this group and their allies using their Distributed Botnet over the last two years,” the report noted, referring to the hacktivist group NoName057(16), which has been linked to the Russian state. “[Denial of Service attacks] for monetary or political reasons is a widespread risk for any company with a web presence or that relies on internet-based systems.” Indeed. Over the past decades, state-linked Russian hackers have targeted all manner of European municipalities, government agencies and businesses. This includes the 2017 NotPetya attack, which brought down “four hospitals in Kiev alone, six power companies, two airports, more than 22 Ukrainian banks, ATMs and card payment systems in retailers and transport, and practically every federal agency,” as well as a string of multinationals, causing staggering losses of around $10 billion. More recently, Russia has taken to targeting organizations and businesses in other ways as well. There have been arson attacks, including one involving Poland’s largest shopping mall that Prime Minister Donald Tusk subsequently said was definitively “ordered by Russian special services.” There have been parcel bombs delivered to DHL; fast-growing drone activity reported around European defense manufacturing facilities; and a string of suspicious incidents damaging or severing undersea cables and even a pipeline. The costly list goes on: Due to drone incursions into restricted airspace, Danish and German airports have been forced to temporarily close, diverting or cancelling dozens of flights. Russia’s GPS jamming and spoofing are affecting a large percentage of commercial flights all around the Baltic Sea. In the Red Sea, Houthi attacks are causing most ships owned by or flagged in Western countries to redirect along the much longer Cape of Good Hope route, which adds costs. The Houthis are not Russia, but Russia (and China) could easily aid Western efforts to stop these attacks — yet they don’t. They simply enjoy the enormous privilege of having their vessels sail through unassailed. The organizations and companies hit by Russia have so far managed to avert calamitous harm. But these attacks are so dangerous and reckless that people will, sooner or later, lose their lives. There have been arson attacks, including one involving Poland’s largest shopping mall that Prime Minister Donald Tusk subsequently said was definitively “ordered by Russian special services.” | Aleksander Kalka/Getty Images What’s more, their targets will continue losing a lot of money. The repairs of a subsea data cable alone typically costs up to a couple million euros. The owners of EstLink 2 — the undersea power cable hit by the Eagle S— incurred losses of nearly €60 million. Closing an airport for several hours is also incredibly expensive, as is cancelling or diverting flights. To be sure, most companies have insurance to cover them against cyber attacks or similar harm, but insurance is only viable if the harm is occasional. If it becomes systematic, underwriters can no longer afford to take on the risk — or they have to significantly increase their premiums. And there’s the kicker: An interested actor can make disruption systematic. That is, in fact, what Russia is doing. It is draining our resources, making it increasingly costly to be a business based in a Western country, or even a city council or government authority, for that matter. This is terrifying — and not just for the companies that may be hit. But while Russia appears far beyond the reach of any possible efforts to convince it to listen to its better angels, we can still put up a steely front. The armed forces put up the literal steel, of course, but businesses and civilian organizations can practice and prepare for any attacks that Russia, or other hostile countries, could decide to launch against them. Such preparation would limit the possible harm such attacks can lead to. It begs the question, if an attack causes minimal disruption, then what’s the point of instigating it in the first place? That’s why government-led gray-zone exercises that involve the private sector are so important. I’ve been proposing them for several years now, and for every month that passes, they become even more essential. Like the military, we shouldn’t just conduct these exercises — we should tell the whole world we’re doing so too. Demonstrating we’re ready could help dissuade sinister actors who believe they can empty our coffers. And it has a side benefit too: It helps companies show their customers and investors that they can, indeed, weather whatever Russia may dream up.

BRUSSELS — Huawei was rushed back into the EU’s most influential solar panel lobby after threatening legal action in reaction to its earlier expulsion over its alleged involvement in a bribery and corruption scandal.   That’s outraging other solar power companies, worried that creating a special membership category for Huawei could undermine the ability of SolarPower Europe to effectively represent the industry in Brussels.  “The conduct reported … specifically the handling of Huawei’s membership has seriously undermined both my personal confidence and that of our organization in the governance of SPE,” Elisabeth Engelbrechtsmüller-Strauß, CEO of Austrian company Fronius, wrote in a letter to SPE, which was obtained by POLITICO.  Lawyers for Huawei and SolarPower Europe met at the end of May for negotiations, an industry insider told POLITICO, which culminated in SPE sending a final agreement to the Chinese company at the beginning of September.   Huawei argued that the European Commission’s decision to ban its lobbyists from any meetings with the executive or the European Parliament was unlawful and did not warrant a full expulsion from SPE, said the insider, who spoke on condition of being granted anonymity over fears of retaliation for speaking out.  The ban on Huawei lobbyists was put in place in March after Belgian authorities accused the company of conducting a cash-for-influence scheme and bribing MEPs to ensure their support of Huawei’s interests.  At the time, Huawei maintained it has a “zero-tolerance stance against corruption.”  During the Sept. 29 meeting to reinstate Huawei’s membership, SPE told its board of directors that the organization wanted to avoid a lawsuit and a potentially costly trial.  Instead, SPE proposed making Huawei a passive member that would not actively participate in the group’s workstreams — an option the board accepted, POLITICO reported earlier this month.   Huawei did not respond to a request for comment about its legal threat.  SPE acknowledged the threat in a letter to Fronius, one of its board members, on Thursday. “Based on legal advice and with the assistance of external lawyers, SolarPower Europe held discussions with Huawei with a view to avoiding litigation and protracted legal uncertainty regarding Huawei’s membership status, while preserving SolarPower Europe’s uninterrupted and unrestricted access to the EU Institutions and other relevant stakeholders,” reads the letter obtained by POLITICO.  The SPE’s letter was a response to an Oct. 20 letter from the Austrian solar panel manufacturer sent to the lobby after POLITICO’s story was published on Oct. 9. Fronius called for full transparency over the reinstatement of Huawei and action against any appearance of corruption.  The Austrian company’s concern is that SPE will be “unable to effectively represent” the sector given the EU’s ban on direct contact with Huawei or groups that lobby on its behalf, Engelbrechtsmüller-Strauß told POLITICO in an email.   Fronius is also raising questions about whether SPE can designate a company as a passive member — a status that does not exist in the organization’s bylaws.  “To our knowledge, SPE’s status do not include such a membership category,” Fronius’s letter to SPE reads. “We request a clear explanation of what this form of membership is based on.”  SPE did not raise the issue of member status in its response to Fronius.   The lobbying practices of Huawei and other Chinese companies are under a microscope over concerns around the influence they wield over crucial technologies, including renewable energy and 5G mobile data networks.  While it is better known as a telecom giant, Huawei is also a leader in manufacturing inverters, which turn solar panels’ electricity into current that flows into the energy grid.  Cybersecurity experts warn inverters offer a back door for bad actors to hack into the grid and tamper with or shut it down through remote access.  Two members of the European Parliament sent a letter to the European Commission earlier this month warning of such risks and urging the executive to restrict high-risk vendors like Huawei from investing in Europe’s critical infrastructure.  “Inverters are the brain of a [solar panel] system, connected to the internet and must be remotely controllable for updates. This applies regardless of who the manufacturer is,” Engelbrechtsmüller-Strauß said. “If European legislation does not address the ‘manufacturer risk,’ then energy security in Europe will be jeopardized, which I consider critical.” 

BRUSSELS — First it was telecom snooping. Now Europe is growing worried that Huawei could turn the lights off. The Chinese tech giant is at the heart of a brewing storm over the security of Europe’s energy grids. Lawmakers are writing to the European Commission to urge it to “restrict high-risk vendors” from solar energy systems, in a letter seen by POLITICO. Such restrictions would target Huawei first and foremost, as the dominant Chinese supplier of critical parts of these systems. The fears center around solar panel inverters, a piece of technology that turns solar panels’ electricity into current that flows into the grid. China is a dominant supplier of these inverters, and Huawei is its biggest player. Because the inverters are hooked up to the internet, security experts warn the inverters could be tampered with or shut down through remote access, potentially causing dangerous surges or drops in electricity in Europe’s networks. The warnings come as European governments have woken up to the risks of being reliant on other regions for critical services — from Russian gas to Chinese critical raw materials and American digital services. The bloc is in a stand-off with Beijing over trade in raw materials, and has faced months of pressure from Washington on how Brussels regulates U.S. tech giants. Cybersecurity authorities are close to finalizing work on a new “toolbox” to de-risk tech supply chains, with solar panels among its key target sectors, alongside connected cars and smart cameras. Two members of the European Parliament, Dutch liberal Bart Groothuis and Slovak center-right lawmaker Miriam Lexmann, drafted a letter warning the European Commission of the risks. “We urge you to propose immediate and binding measures to restrict high-risk vendors from our critical infrastructure,” the two wrote. The members had gathered the support of a dozen colleagues by Wednesday and are canvassing for more to join the initiative before sending the letter mid next week.   According to research by trade body SolarPower Europe, Chinese firms control approximately 65 percent of the total installed power in the solar sector. The largest company in the European market is Huawei, a tech giant that is considered a high-risk vendor of telecom equipment. The second-largest firm is Sungrow, which is also Chinese, and controls about half the amount of solar power as Huawei. Huawei’s market power recently allowed it to make its way back into SolarPower Europe, the solar sector’s most prominent lobby association in Brussels, despite an ongoing Belgian bribery investigation focused on the firm’s lobbying activities in Brussels that saw it banned from meeting with European Commission and Parliament officials. Security hawks are now upping the ante. Cybersecurity experts and European manufacturers say the Chinese conglomerate and its peers could hack into Europe’s power grid.  “They can disable safety parameters. They can set it on fire,” Erika Langerová, a cybersecurity researcher at the Czech Technical University in Prague, said in a media briefing hosted by the U.S. Mission to the EU in September.  Even switching solar installation off and on again could disrupt energy supply, Langerová said. “When you do it on one installation, it’s not a problem, but then you do it on thousands of installations it becomes a problem because the … compound effect of these sudden changes in the operation of the device can destabilize the power grid.”  Surges in electricity supply can trigger wider blackouts, as seen in Spain and Portugal in April. | Matias Chiofalo/Europa Press via Getty Images Surges in electricity supply can trigger wider blackouts, as seen in Spain and Portugal in April. Some governments have already taken further measures. Last November, Lithuania imposed a ban on remote access by Chinese firms to renewable energy installations above 100 kilowatts, effectively stopping the use of Chinese inverters. In September, the Czech Republic issued a warning on the threat posed by Chinese remote access via components including solar inverters. And in Germany, security officials already in 2023 told lawmakers that an “energy management component” from Huawei had them on alert, leading to a government probe of the firm’s equipment. CHINESE CONTROL, EU RESPONSE  The arguments leveled against Chinese manufacturers of solar inverters echo those heard from security experts in previous years, in debates on whether or not to block companies like video-sharing app TikTok, airport scanner maker Nuctech and — yes — Huawei’s 5G network equipment. Distrust of Chinese technology has skyrocketed. Under President Xi Jinping, the Beijing government has rolled out regulations forcing Chinese companies to cooperate with security services’ requests to share data and flag vulnerabilities in their software. It has led to Western concerns that it opens the door to surveillance and snooping. One of the most direct threats involves remote management from China of products embedded in European critical infrastructure. Manufacturers have remote access to install updates and maintenance. Europe has also grown heavily reliant on Chinese tech suppliers, particularly when it comes to renewable energy, which is powering an increasing proportion of European energy. Domestic manufacturers of solar panels have enough supply to fill the gap that any EU action to restrict Chinese inverters would create, Langerová said. But Europe does not yet have enough battery or wind manufacturers — two clean energy sector China also dominates. China’s dominance also undercuts Europe’s own tech sector and comes with risks of economic coercion. Until only a few years ago, European firms were competitive, before being undercut by heavily subsidized Chinese products, said Tobias Gehrke, a senior policy fellow at the European Council on Foreign Relations. China on the other hand does not allow foreign firms in its market because of cybersecurity concerns, he said. The European Union previously developed a 5G security toolbox to reduce its dependence on Huawei over these fears. It is also working on a similar initiative, known as the ICT supply chain toolbox, to help national governments scan their wider digital infrastructure for weak points, with a view to blocking or reduce the use of “high-risk suppliers.” According to Groothuis and Lexmann, “binding legislation to restrict risky vendors in our critical infrastructure is urgently required” across the European Union. Until legislation is passed, the EU should put temporary measures in place, they said in their letter.  Huawei did not respond to requests for comment before publication. This article has been updated.

BRUSSELS — Call it a digital love triangle. When EU leaders back a “sovereign digital transition” at a summit in Brussels this Thursday, their words will mask a rift between France and Germany over how to deal with America’s overwhelming dominance in technology. The bloc’s founding members have long taken differing approaches to how far the continent should seek to go in detoxing from U.S. giants. In Paris, sovereignty is about backing local champions and breaking reliance on U.S. Big Tech. In Berlin the focus is on staying open and protecting Europe without severing ties with a major German trading partner. The EU leaders’ statement is a typical fudge — it cites the need for Europe to “reinforce its sovereignty” while maintaining “close collaboration with trusted partner countries,” according to a near-final draft obtained by POLITICO ahead of the gathering.    That plays into the hands of incumbent U.S. interests, even as the bloc’s reliance on American tech was again brought into sharp focus Monday when an outage at Amazon cloud servers in Northern Virginia disrupted the morning routines of millions of Europeans.   As France and Germany prepare to host a high-profile summit on digital sovereignty in Berlin next month, the two countries are still seeking common ground — attendees say preparations for the summit have been disorganized and that there is little alignment so far on concrete outcomes. When asked about his expectations for the Nov. 18 gathering, German Digital Minister Karsten Wildberger told POLITICO he wanted “to have an open debate around what is digital sovereignty” and “hopefully … have some great announcements.”  In her first public appearance following her appointment this month, France’s new Digital Minister Anne Le Hénanff, by comparison, promised to keep pushing for solutions that are immune to U.S. interference in cloud computing — a key area of American dominance.   CONTRASTING PLAYBOOKS   “There are indeed different strategic perspectives,” said Martin Merz, the president of SAP Sovereign Cloud. He contrasted France’s “more state-driven approach focusing on national independence and self-sufficiency in key technologies” with Germany’s emphasis on “European cooperation and market-oriented solutions.”  A recent FGS Global survey laid bare the split in public opinion as well. Most French respondents said France “should compete globally on its own to become a tech leader,” while most Germans preferred to “prioritize deeper regional alliances” to “compete together.” The fact that technological sovereignty has even made it onto the agenda of EU leaders follows a recent softening in Berlin, with Chancellor Friedrich Merz becoming increasingly outspoken about the limits of the American partnership while warning against “false nostalgia.” The coalition agreement in Berlin also endorsed the need to build “an interoperable and European-connectable sovereign German stack,” referring to a domestically controlled digital infrastructure ecosystem.  The fact that technological sovereignty has even made it onto the agenda of EU leaders follows a recent softening in Berlin, with Chancellor Friedrich Merz becoming increasingly outspoken about the limits of the American partnership while warning against “false nostalgia.” | Ralf Hirschberger/AFP via Getty Images Yet Germany — which has a huge trade deficit with the U.S — is fundamentally cautious about alienating Washington.   “France has been willing to accept some damage to the transatlantic relationship in order to support French business interests,” said Zach Meyers, director of research at the CERRE think tank in Brussels.   For Germany, by contrast, the two are “very closely tied together, largely because of the importance of the U.S. as an export market,” he said.   Berlin has dragged its feet on phasing out Huawei from mobile networks over fears of Chinese retaliation, against its car industry in particular.   The European Commission itself is walking a similar tightrope — dealing with U.S. threats against EU flagship laws that allegedly target American firms, while fielding growing calls to unapologetically back homegrown tech. STUCK ON DEFINITION  “Sovereignty is not a clearly defined term as it relates to technology,” said Dave Michels, a cloud computing law researcher at Queen Mary University of London.   He categorized it into two broad interpretations: technical sovereignty, or keeping data safe from foreign snooping and control, and political sovereignty, which focuses on strategic autonomy and economic security, i.e safeguarding domestic industries and supply chains.  “Those things can align, and I do think they are converging around this idea that we need to support European alternatives, but they don’t necessarily overlap completely. That’s where you can see some tensions,” Michels said.  Leaders will say in their joint statement that “it is crucial to advance Europe’s digital transformation, reinforce its sovereignty and strengthen its own open digital ecosystem.” “We don’t really have a shared vocabulary to define what digital sovereignty is. But we do have a shared understanding of what it means not to have digital sovereignty,” said Yann Lechelle, CEO of French AI company Probabl. Berlin isn’t the only capital trying to convince Europe to ensure its digital sovereignty remains open to U.S. interests.   Austria, too, wants to take “a leading role” in nailing down that tone, State Secretary Alexandre Pröll previously told POLITICO. The country has been on a mission to agree a “common charter” emphasizing that sovereignty should “not be misinterpreted as protectionist independence,” according to a draft reported by POLITICO. That “will create a clear political roadmap for a digital Europe that acts independently while remaining open to trustworthy partners,” Pröll said.   Next month’s Berlin gathering will be crucial in setting a direction. French President Emmanuel Macron and Merz are both expected to attend. “The summit is intended to send a strong signal that Europe is aware of the challenges and is actively advancing digital sovereignty,” a spokesperson for the German digital ministry said in a statement, adding that “this is not about autarky but about strengthening its own capabilities and potential.” “One summit will not be enough,” said Johannes Schätzl, a Social Democrat member of the German Bundestag. “But if there will be an agreement saying that we want to take the path toward greater digital sovereignty together, that alone would already be a very important signal.” Mathieu Pollet reported from Brussels, Emile Marzolf reported from Paris and Laura Hülsemann and Frida Preuß reported from Berlin.

BRUSSELS — Montenegro wants the EU’s help in fighting Russian disinformation as the Balkan nation moves toward membership of the bloc. The small country, which has set an ambitious goal to join the EU by 2028, is increasingly a target for disinformation from those hoping to disrupt its membership bid, Montenegrin President Jakov Milatović told POLITICO in an exclusive interview in Brussels. “I’m very much hoping that in the future we would be getting bigger support from the EU to really fight disinformation and misinformation,” Milatović said, adding he had pitched the idea to EU policymakers and member countries. Moldova, another EU candidate country, has been a favorite target of the Kremlin’s meddling, including vote-buying and disinformation. That led the EU to deploy last month its new cyber reserve — a team of private-sector cybersecurity experts — to Chişinǎu and allocate millions in funding for a hub to fight disinformation. Milatović, who was in Brussels to meet with European Council President António Costa, said “malign influence from third countries” could pose a risk to Montenegro’s accession, and urged the EU to be proactive in countering such threats. “Sometimes, I feel that pro-European politicians in the region of the Western Balkans are a bit left alone by the partners in the EU,” he said, adding that he encountered disinformation “on a daily basis.” ‘END OF THE RACE’ Montenegro applied to join the EU in 2008 and was granted candidate status in 2010. It has closed seven of 33 accession chapters since then and is on track to close five more by December, a senior Montenegrin diplomat confirmed to POLITICO. With a population of 600,000, the tiny Adriatic nation has sought to position itself as the obvious next member of the 27-nation bloc. But it faces potential obstacles, including pro-Serb parties in its parliament, tensions with neighboring Croatia and skepticism in some corners of the EU about enlargement. Tellingly, the issue is not even on the agenda of next week’s European Council summit. French President Emmanuel Macron called in 2023 for the EU to reform itself before letting in new members. But Milatović said that behind closed doors, Macron had come around to the idea of Montenegro’s membership. “I believe that two years ago, before President Macron started speaking with me, he had … one opinion,” Milatović said. “After so many discussions that I had with him,” however, Macron was now “optimistic … about Montenegro’s position in the EU.” “And I believe this is the case also with all the other EU leaders,” Milatović added. “Montenegro is now perceived as a front-runner. But … I do want to see the end of the race, in a sense.” Another potential sticking point is the country’s reliance on Russian tourists and investors. Montenegro has yet to introduce visas for Russians, who can enter the country visa-free for 30 days, and Russians remain the largest foreign investors. “What we are trying to do is sort of postpone it [visas] as much as we can, so that we still keep our tourism sector alive,” Milatović said, adding he was “absolutely” concerned by the influx of Russian cash. “We are a bit in a vacuum now because … we don’t have full access to EU funds.” That said, Montenegro will align its visa regime with the EU “very soon,” he said. Ultimately, while much of the onus is on Podgorica to unite its political forces and deliver promised reforms, the EU also needs to prove “enlargement is alive” and “reforms pay off,” Milatović warned. “The last country that entered was Croatia more than 10 years ago. And in the meantime, the United Kingdom left,” Milatović said. “So this is why I believe that now is the time to revive the process, to also revive a bit the idea of the EU as a club that still has a gravity toward it.”