EU efforts to ban Huawei from 5G networks won the backing of a top court advisor Thursday, in a legal opinion that is likely to galvanize security hawks seeking to restrict Chinese tech in Europe. A lawyer for the EU’s top court in Luxembourg said rules blocking telecom operators from using risky suppliers can be set by the EU, not just national governments. They also said telecom operators don’t need to be compensated for the cost of replacing Huawei equipment. It’s a blow for Europe’s telecom giants, which have pushed back against banning China’s Huawei from 5G procurement and have told EU officials that large-scale bans are an “act of self-harm” that could even bring down networks. It is a win for China hawks, who have fought to impose tougher measures against Huawei — with strong backing from Washington. The EU has spent years trying to persuade national governments to voluntarily kick out Huawei and ZTE over concerns that their presence in European telecom networks could enable large-scale spying and surveillance by the Chinese government. It is now working on broader rules that seek to reduce the bloc’s reliance on foreign “high-risk” suppliers and limit foreign government control over its digital networks. The case was brought by Estonian telecom operator Elisa, which is seeking compensation for the costs of removing Huawei and is challenging whether the EU has the competence to ask for restrictions on Chinese vendors. Thursday’s opinion said national security authorities can follow EU guidance when imposing bans on Huawei. The Court of Justice is expected to issue its final ruling on the case later this year, and may take the opinion from Advocate General Tamara Ćapet into account. Laszlo Toth, head of Europe at global telecom lobby association GSMA, said in reaction that “blanket rip-and-replace mandates are an unreasonable approach to what is a highly nuanced situation.” The industry considers national security measures should remain the responsibility of national governments, he said. Huawei said the opinion “recognizes that all restrictive measures with regards to telecom equipment must be subject to judicial review, under a strict standard of proportionality” and that “decisions cannot rest on general suspicion … but must be based on a specific assessment.” “We expect EU or national restrictions to be scrutinized under this principle,” Huawei said. BOON FOR BRUSSELS Progress towards an EU-wide ban has been sluggish, with many national governments dragging their feet, in part due to fears of Chinese trade retaliation. European Commission Executive Vice President Henna Virkkunen told POLITICO in January that she is “not satisfied” with voluntary efforts by EU capitals to kick out Huawei. The EU executive now wants binding rules, laid out in a proposal in January. Large telecom players in Europe have pushed back hard against restrictions on Huawei, arguing that blocking risky vendors is a national security measure — an area handled exclusively by national governments. Efforts to clamp down on risky vendors should respect “the competence of member states for national security matters,” industry group Connect Europe said in January. Thursday’s opinion suggests operators will have a harder time fighting the bans.  It also bodes badly for operators hoping to get compensated for ripping out Huawei equipment. Many have sought financial support and compensation for the measures, which they say add massive unexpected costs to network rollouts. The EU executive previously estimated that phasing out “specific high-risk equipment” would cost between €3.4 billion and €4.3 billion per year for three years. Only if the burden for replacing Huawei is “disproportionately heavy,” could telcos seek compensation, according to the opinion. Elisa said it welcomed the legal recommendation that all decisions made on the grounds of national security should still be subject to judicial review. It said the restrictions in Estonia “amounted to a deprivation of its ownership rights … as the impacted equipment has become unusable” and that Elisa “already swapped the majority of its network equipment to Nokia.” Chinese vendor ZTE, the smaller rival of Huawei, did not respond to a request for comment. Mathieu Pollet contributed reporting.

Poland is looking into whether an attempted cyberattack on a nuclear research facility was carried out by Iran, the government said on Thursday. The country’s digital minister Krzysztof Gawkowski said in an emailed statement that Poland had “identified an attempted cyberattack on the servers of the National Centre for Nuclear Research,” which authorities had thwarted. He told local media that the attack was carried out “in the past few days,” Reuters reported.  The nuclear center said in a statement that “all safety systems operated according to procedures.” A reactor is “operating safely and smoothly at full power,” Jakub Kupecki, the center’s director said in the statement. The facility carries out research into nuclear energy; Poland does not have nuclear weapons of its own.  Polish cybersecurity services and the energy ministry are working with the facility, Gawkowski said.  The minister told local media that there are early signals suggesting the attack came from Iran, Reuters reported. “The first identifications of the entry vectors … are related to Iran,” he said, adding that more investigation is required.  Gawkowski added that hackers could also have used indicators linking the attack to Iran in efforts to hide their real origins. Poland has faced a huge number of Russian cyberattacks since the war in Ukraine began in 2022. Western cyber and intelligence agencies have warned critical entities to be on high alert for Iranian cyberattacks following the start of the conflict in late February. The Iranian embassy in Warsaw did not immediately respond to a request for comment.

Hackers from the Kremlin have mounted a “large-scale global cyber campaign” targeting civil servants, military personnel and other notable figures via messaging applications WhatsApp and Signal, Dutch intelligence services warned on Monday. The Russian operation aims to trick victims into revealing PIN codes for secure messaging apps Signal and WhatsApp, the Netherlands’ military intelligence service and domestic intelligence agency said in a joint public advisory. The bulletin did not indicate when the deception campaign began. Hackers are posing as a fake Signal support chatbot to persuade users to share their codes, allowing them to take over an account to read incoming communications and group chats. The culprits were also found to have exploited the “linked devices” feature of the apps, which lets them connect another device to the victim’s account and quietly monitor messages. The campaign has targeted government personnel as well as individuals of interest to the Russian government, including journalists, the Dutch authorities said. They also emphasized that individual accounts have been compromised, not the messaging apps as a whole. Signal is used widely by public officials as a secure and independent communications channel, and has been the recommended application for EU officials to use for external comms since 2020. “Despite their end-to-end encryption option, messaging apps such as Signal and WhatsApp should not be used as channels for classified, confidential or sensitive information,” said the director of the Dutch military intelligence service, Peter Reesink. United States Secretary of Defense Pete Hegseth and other top U.S. officials came under fire last year for using the app to exchange classified information in an incident known as Signalgate. WhatsApp’s communication director, Joshua Breckman, said the company continues “to build ways to protect people from online threats ,” adding that users should never share their six-digit code with others. Signal did not immediately respond to a request for comment. The Russian government did not immediately respond to a request for comment.

Chinese technology giant Huawei is participating in 16 projects funded by the European Commission’s Horizon Europe research and innovation program despite being dubbed a high-risk supplier. The Commission restricted Huawei from accessing Horizon projects in 2023 after saying that it (and another Chinese telecom supplier, ZTE) posed “materially higher risks than other 5G suppliers” in relation to cybersecurity and foreign influence. However, public data reviewed by POLITICO’s EU Influence newsletter shows that Huawei still takes part in several projects, many of which are in sensitive fields like cloud computing, 5G and 6G telecom technology and data centers. These projects mean Huawei has been working alongside universities and tech companies in Spain, France, Sweden, Denmark, the Netherlands, Germany, Belgium, Finland and Italy. It also has access to the intellectual property generated by the projects, as the contracts require the sharing of information as well as joint ownership of the results between partners. A Commission spokesperson confirmed that of the 16 projects, 15 were signed before the restrictions took place. The remaining project “was signed in 2025 and was assessed as falling outside the scope of the existing restrictions.” Many of the projects started in January 2023, with the contracts running out at the end of this year, while others will last until 2027, 2028 and 2030. “Huawei participates in and implements projects funded under Horizon Europe in a lawful and compliant manner,” a company spokesperson said. One of the projects is to develop data privacy and protection tools in the fields of AI and big data, along with Italy’s National Research Council, the University of Malaga, the University of Toulouse, the University of Calabria, and a Bavarian high-tech research institute for software-intensive systems. Huawei received €207,000 to lead the work on “design, implementation, and evaluation of use cases,” according to the contract for that project, seen by POLITICO. COMMISSION CRACKDOWN Last month the Commission proposed a new Cybersecurity Act that would restrict Huawei from critical telecoms networks under EU law, after years of asking national capitals to do so voluntarily. “I’m not satisfied [with] how the member states … have been implementing our 5G Toolbox,” the Commission’s executive VP for tech and security policy, Henna Virkkunen, told POLITICO at the time, referring to EU guidelines to deal with high-risk vendors. “We know that we still have high-risk vendors in our 5G networks, in the critical parts … so now we will have stricter rules on this.” The Commission is also working on measures to cut Chinese companies out of lucrative public contracts. Bart Groothuis, a liberal MEP working on the Cybersecurity Act, told POLITICO that the Commission should “honor the promises and commitments” it made “and push them out.” “They should be barred from participating. Period.” Huawei was also involved in an influence scandal last year, with Belgian authorities investigating whether the tech giant exerted undue influence over EU lawmakers. The scandal led to Huawei’s being banned from lobbying on the premises of the European Commission and the European Parliament.

BRUSSELS — European Parliament members on Monday slammed the Spanish government for using Huawei to store judicial wiretaps, with one leading lawmaker warning Madrid is putting its “crown jewels” at risk. The Spanish government has drawn criticism since the summer after it awarded a multimillion euro contract to Huawei for the storage of judicial wiretaps — a move that led the United States to threaten to cease intelligence sharing with Madrid. The outcry over Spain’s use of the Chinese tech giant for sensitive services lays bare how Europe continues to grapple with how to secure its digital systems against security threats. The European Union considers Huawei to be a high-risk supplier and wants to crack down on countries that still afford it broad market access. The EU proposed new draft cybersecurity legislation last month that, if approved, would force EU member countries to kick Huawei out of their telecoms networks, after years of trying to get capitals to ban the Chinese vendor voluntarily.  Lawmakers from several political groups said Spain’s contract with the Chinese tech giant could endanger the EU as a whole.  “We cannot operate in a union where one of the states actively strips high-risk vendors from its networks while another entrusts them with the crown jewels of its law enforcement,” said Markéta Gregorová, a Czech Pirate Party lawmaker who is part of the Greens group. Gregorová leads negotiations on a cyber bill that would give the EU the power to force Huawei and other — often Chinese — suppliers out of critical infrastructure in Europe. “When you introduce a high-risk vendor … we do not just risk a localized data breach, we risk poisoning the well of European intelligence sharing,” she said on Monday. Juan Ignacio Zoido Álvarez, a member of Spain’s center-right opposition party, said the decision puts “the entirety of the EU at risk.” The Spanish government has defended the contract it struck for storing wiretaps. Spain’s Interior Ministry said in a statement that the government had awarded a contract to “European companies,” which then bought storage products. “There is no risk to security, technological and legal sovereignty, nor is there any foreign interference or threat to the custody of evidence,” the ministry said. Interior Minister Fernando Grande-Marlaska told the Spanish parliament last September that Telefónica, the country’s telecom champion, operated a state surveillance system called SITEL and that storage “cabinets” had been integrated into that system.   Bloomberg reported last July that Huawei equipment is not used for classified information, with one government official saying the storage “represents a minor part of a watertight, audited, isolated and certified system.” On Monday, Juan Fernando López Aguilar, a prominent member of the European Parliament for the Socialists and Democrats group and a member of Prime Minister Pedro Sanchéz’s party in Spain, defended Madrid’s contract and pushed back on EU moves to intervene on the issue. In terms of “security, espionage, or violation of technological sovereignty,” there is “no risk,” Aguilar said. Huawei did not respond to a request for comment.

NATO countries’ restrained response to hybrid attacks is at odds with public opinion, new polling shows: Broad swaths of the public in key allied countries say actions such as cyberattacks on hospitals should be considered acts of war. The POLITICO Poll, conducted in the United States, Canada, France, Germany and the United Kingdom, showed a majority of people agreed that a cyberattack that shuts down hospitals or power grids constitutes an act of war. Canadians felt the strongest about the issue, with 73 percent agreeing. Respondents from all five countries also rallied behind the idea that sabotaging undersea cables or energy pipelines — which has occurred more frequently in recent years — should be considered be an act of war. The online survey was conducted from Feb. 6 to 9 by the independent London-based polling company Public First. State-backed hackers — often linked to Russia — have increasingly targeted critical sectors in recent years. But NATO allies are struggling to respond effectively. In 2024, a Russia-based ransomware gang conducted a massive cyberattack on U.S.-based medical bill clearinghouse, Change Healthcare, which exposed sensitive data on more than 190 million people. The U.K.’s National Health Service confirmed last year that a cyberattack on its systems, also committed by a Russian hacking group, contributed to a patient’s death. And in 2022, the Federal Bureau of Investigation accused Iranian government-backed hackers of attempting to infiltrate the Boston Children’s Hospital computer network. While these actions have not been officially labeled as acts of war, global governments are taking attacks on critical systems more seriously. NATO in 2014 said that a foreign cyberattack could trigger the alliance’s mutual defense clause, Article 5, effectively calling for multilateral action in response to hacks. But a NATO official said in 2022 that it’s unclear how severe a cyberattack would have to be to trigger a response, which could include “diplomatic and economic sanctions, cyber measures or even conventional forces, depending on the nature of the attack.” Security services in Europe have also more firmly called out the Kremlin for orchestrating digital attacks in the West, most recently targeting Poland’s energy infrastructure. But views on Russia as a global threat vary greatly between Europe and North America. A majority of respondents in Germany, France and the U.K. said Russia represents the biggest threat to peace, while fewer in the U.S. (39 percent) and Canada (29 percent) agreed. While the people surveyed in these five countries overwhelmingly considered major cyberattacks by adversaries against public infrastructure as acts of war, they felt less strongly about smaller-scale acts of digital sabotage. Less than half of the respondents across all five countries said that hacking and leaking the private conversations of political leaders should be considered an act of war. Even fewer considered spreading misinformation to influence an election to be an act of war. Still, there is a clear understanding that governments need to incorporate cyber capabilities and AI into their defense strategies. A plurality of respondents from all countries said that cyber, AI and traditional military power all matter equally. At least a third of respondents in each country agreed that cybersecurity and defense against cyber attacks should be among their countries’ highest priorities for defense spending. “Just being resilient alone, you can’t absorb all threats,” Dag Baehr, Vice President of Germany’s federal intelligence service (BND), said at the Munich Cyber Security Conference last week. “You need to be active in defending.” U.S. officials are pushing for more offensive military responses to cyberattacks, particularly following the massive 2024 hack of global telecommunications networks by the China-linked hacking group Salt Typhoon. The White House is due to release a new national cyber strategy in the coming weeks that would encourage the U.S. to be less “reactive” in cyberspace. National Cyber Director Sean Cairncross told an audience at the Munich Security Conference last week that a “mindset change” was needed to make it harder for attackers to succeed. In recent months, the Trump administration has become more vocal about using its cyber strength to attack, revealing that U.S. cyber forces helped turn off the lights in Caracas during the January strikes that resulted in the capture of former Venezuelan President Nicolás Maduro. U.S. Cyber Command and the National Security Agency were also involved in last year’s U.S. missile strikes on Iranian nuclear facilities, and reportedly helped to disable Iranian air defense systems. In Germany, the government is preparing an overhaul of its intelligence and cybersecurity powers to strike back against foreign hackers and spies.

Convicted sex offender Jeffrey Epstein for years communicated with experts in the cybersecurity community and expressed interest in attending two of the largest hacker conventions in the world, according to documents released by the Justice Department. It’s unclear if Epstein ever attended either DEFCON or Black Hat, where thousands of hackers and researchers gather annually in Las Vegas to discuss the latest cyber vulnerabilities and trends. According to his emails with several prominent researchers and business people, his interest in cybersecurity and cryptography appeared to be widespread, ranging from discussions about removing information about himself from online search engines to network security. Jeff Moss, founder of both the Black Hat and DEFCON conferences, told POLITICO in a statement that it’s unlikely Epstein actually made it to the conferences. “As far as we can tell, he wanted to attend, but never did,” Moss said of Epstein. “It looks like there were a lot of plans and I’m just waiting for some sort of evidence that he followed through on them.” According to the released emails, Epstein first made plans to attend DEFCON for a few hours in August 2013 to meet with Pablos Holman, who at the time worked on various tech and cyber projects at private equity company Intellectual Ventures. It’s unclear whether Epstein and almost a dozen of his guests obtained tickets to DEFCON or if Epstein attended. It appears that Epstein and Holman had been in touch since 2010, according to emails. Epstein in 2010 emailed cryptography researcher Ian Goldberg and said Holman “suggested we speak.” Holman also planned to stay in Epstein’s apartment while visiting New York City in 2013 and advised Epstein on how to bury “negative stuff” online. A spokesperson for the University of Waterloo, where Goldberg works within the School of Computer Science, confirmed to POLITICO that Goldberg turned down the offer from Epstein in 2010 to fund his work at the university. Holman, who currently serves as a general partner at venture capital group Deep Future, did not respond to multiple requests for comment. Joi Ito, the current president of Japan’s Chiba Institute of Technology and former director of the Massachusetts Institute of Technology’s Media Lab, appears to have introduced entrepreneur and researcher Vincenzo Iozzo via email to Epstein in 2014, according to the emails. Ito stepped down from his role at MIT in 2019 when previous disclosures revealed Ito had accepted about $1.7 million from Epstein for the lab and his own investment funds. Spokespersons for Chiba Institute of Technology did not respond to a request for comment on Ito’s connections to Epstein. Ito previously apologized for his association with Epstein and stressed that he was “never involved in, never heard him talk about and never saw any evidence of the horrific acts that he was accused of.” According to the emails, Iozzo, who currently serves as CEO of identity management company SlashID, discussed obtaining tickets for Epstein to attend DEFCON conferences in Las Vegas in 2016 and 2018. Iozzo previously served in roles at cybersecurity company CrowdStrike and as a board member for the annual Black Hat conference. He also planned to meet with Epstein at his New York City home on at least five occasions in 2014, 2015, 2016, 2017 and 2018. One email sent by Epstein to Iozzo ahead of the 2016 conferences noted he wanted to bring guests, including former Israeli Prime Minister Ehud Barak, American billionaire Tom Pritzker and “four girls.” It’s not clear if Epstein attended the conference that year or met with Barak, Pritzker or Iozzo. A spokesperson for Barak told POLITICO that the former prime minister “did not attend DEFCON in 2016,” and further noted that Epstein never asked him to attend. The spokesperson stressed that Barak “has repeatedly and publicly stated that he deeply regrets having any association with Jeffrey Epstein.” Separate spokespersons for Hyatt Hotels — where Pritzker serves as executive chairman of the board of directors — and for the Pritzker Organization did not respond to a request for comment. Epstein again discussed attending DEFCON in 2018, which Iozzo also offered to procure tickets for, according to the emails. Ahead of the 2018 convention, Epstein requested to meet with “founder” of Black Hat, but Iozzo wrote in an email that this person had turned down the meeting due to “what’s out there online” about Epstein. The founder, however, was “happy” to provide Epstein with tickets to the event, Iozzo wrote. It’s unclear if Epstein was referring to Moss or someone else. Moss told POLITICO in a statement that he “turned down Vincenzo’s badge request” for Epstein, and “advised Vincenzo to stay clear” of the disgraced financier. Moss noted that it’s possible Iozzo bought passes to the conference separately. An FBI file released by the Justice Department — first reported by TechCrunch — suggested that Epstein had a “personal hacker” who developed “offensive cyber tools” that were sold to several unnamed governments. It’s unclear if the information provided by the unnamed informant to the FBI is accurate. The name of the hacker is redacted in the file but a description of the person — including that they had a company that was acquired by CrowdStrike in 2017 and found vulnerabilities in Blackberry and iOS devices — matches Iozzo. Iozzo strongly denied that he was the so-called personal hacker for Epstein and issued a lengthy statement to POLITICO refuting the claims made by the FBI informant, including his alleged past work for foreign governments. Iozzo said that his interactions with Epstein “were limited to business opportunities that never materialized, as well as discussion of the markets and emerging technologies.” “The latest release of files contains a document with fabricated claims made about me to an FBI agent over eight years ago,” Iozzo said, noting that neither the FBI nor any other government agency ever contacted him about the file. “These accusations are false and defamatory. For the avoidance of doubt, it should go without saying that I have never been involved in any illegal or unethical activity.” Iozzo also said that he did not provide Epstein with “exclusive access” to the DEFCON and Black Hat conferences and did not know if Epstein actually attended either event. “I unfortunately knew Epstein for professional reasons,” Iozzo said. “I wish I did not. We were introduced by people whom I trusted and admired when I was 25 fundraising for my startup in 2014. Because of this, I failed to ask the right questions — questions that, in retrospect, seem obvious. I foolishly accepted the narrative that was presented to me by others that greatly minimized the magnitude of his horrific actions.” “I regret the past association and take full responsibility for not exercising greater judgment at the time,” he added. Epstein’s interest in the Black Hat and DEFCON conventions began years after he had been convicted of and jailed for soliciting sex from minors in 2008. Following his incarceration, Epstein reportedly took steps to scrub references to his conviction from the internet with the help of cyber professionals. Epstein was again arrested and charged with sex trafficking minors in 2019, though the federal case was formally dismissed in August 2019 following his death by suicide in jail while awaiting trial.

MUNICH, Germany — U.S. officials have countered Europe’s push for technology sovereignty from America with a clear message: It’s China you should worry about, not us. The European Union is rolling out a strategy to reduce its reliance on foreign technology suppliers. Donald Trump’s return to office has put the focus on American cloud giants, companies like Elon Musk’s Starlink and X and others — with European officials increasingly concerned that Washington has too much control over Europe’s digital infrastructure. As political leaders and security and intelligence officials met in Germany for the Munich Security Conference, Washington sought to calm nerves. The idea that Trump can pull the plug on the internet is not “a credible argument,” the United States’ National Cyber Director Sean Cairncross told an audience Thursday. Europe and the U.S. “face the same sort of threat and the same threat actors,” said Cairncross, who advises Trump on cybersecurity policy. Rather than weaning off America, wean off China, he said: “There is a clean tech stack. It is primarily American. And then there is a Chinese tech stack.” Claiming that U.S. tech is as risky as Chinese tech is “a giant false equivalency,” according to Cairncross. “Personal data doesn’t get piped to the state in the United States,” he said, referencing concerns that the Beijing government has laws requiring firms to hand over data for Chinese surveillance and espionage purposes. The attempt to quell concerns is notable even if it may not change the direction of travel in Europe. The European Commission wants to boost homegrown technology with a “tech sovereignty” package this spring. It presented a cybersecurity proposal in January that, if approved, could be used to root out suppliers that pose security risks — including from America. “We want to ensure that we don’t have risky dependencies when it comes to critical sectors,” the Commission’s Executive Vice President Henna Virkkunen told POLITICO in an interview in Munich on Friday. “We see this in AI, quantum technologies and semiconductors — we must have a certain level of capacity ourselves.” Europe’s attempt to pivot away from U.S. dependencies, while not new, has gained support in past months as the transatlantic alliance creaked. The POLITICO Poll conducted in February showed far more people described the U.S. as an unreliable ally than a reliable one across four countries, including half the adults polled in Germany and 57 percent in Canada. “The leadership claim of the U.S. is being challenged, perhaps already lost,” German Chancellor Friedrich Merz told the conference Friday. REBALANCING ACT Europe is still working out what a forceful attempt to build technology sovereignty would look like, as it reforms everything from industrial policy programs to procurement rules and data and cybersecurity requirements on companies and governments. Top European cyber officials in Munich told POLITICO that technological sovereignty does not mean cutting ties with trusted partners. Vincent Strubel, director of France’s cybersecurity agency ANSSI, said sovereignty means avoiding being bound by rules set elsewhere. “It’s about identifying what leverage non-European countries may have based on the technology they provide,” Strubel said in an interview. “It’s not about being friendly or unfriendly with any country — it’s about recognizing that we [currently] have no say in how that leverage might be used.” Claudia Plattner, head of Germany’s cybersecurity agency BSI, said, “We need to become more independent. We need to strengthen our local and European industries … We need to become digitally successful — that is essential to economic strength and to security.” The BSI plans to test sovereign cloud offerings from several large tech companies, including AWS and Google. The testing will examine whether European services can operate independently from parent systems and will help inform Germany’s national cloud strategy. Critics of Europe’s efforts to turn away from the U.S. say it is bound to lead to worse security. Christopher Ahlberg, the CEO of threat intelligence firm Recorded Future, said he understood that things like military command and control must remain national, “but if you start choosing sub-par cyber products just to achieve sovereignty, you’re going to be target No. 1 because threat actors will discover the vulnerabilities.” COMMON GROUND ON CHINA While tensions persist over the U.S.’s dominant position, Washington and European capitals have common ground when it comes to caution over Chinese tech. The EU is drafting legal requirements to cut out Chinese tech from critical supply chains including telecom networks, energy grids, security systems and railways. That move drew the ire of the Chinese government, which called it “blatant protectionism.” Many of the measures mirror what U.S. authorities have done in the past decade. “The U.S. understands what national security is. They don’t want to hear: ‘The U.S. is a threat.’ But they understand resilience,” said Sébastien Garnault, a prominent French cyber policy consultant. Trump “is putting America first, and the same goes in cyberspace,” Cairncross said. But, he added, “we don’t want it to be America alone. We want that partnership.” Laurens Cerulus contributed reporting.

China’s foreign ministry on Wednesday said a new European Commission proposal to restrict high-risk tech vendors from critical supply chains amounted to “blatant protectionism,” warning European officials that Beijing will take “necessary measures” to protect Chinese firms. Beijing has “serious concerns” over the bill, Chinese foreign ministry spokesperson Guo Jiakun told reporters, according to state news agencies’ reports. “Using non-technical standards to forcibly restrict or even prohibit companies from participating in the market, without any factual evidence, seriously violates market principles and fair competition rules,” Guo said. The European Commission on Tuesday unveiled its proposal to revamp the bloc’s Cybersecurity Act. The bill seeks to crack down on risky technology vendors in critical supply chains ranging across energy, transport, health care and other sectors. Though the legislation itself does not name any specific countries or companies, it is widely seen as being targeted at China. 5G suppliers Huawei and ZTE are in the EU’s immediate crosshairs, while other Chinese vendors are expected to be hit at a later stage. European Commission spokesperson Thomas Regnier responded to the Chinese foreign ministry, saying Europe has allowed high-risk vendors from outside the EU in strategic sectors for “far too long.” “We are indeed radically changing this. Because we cannot be naive anymore,” Regnier said in a statement. The exclusion of high-risk suppliers will always be based on “strong risk assessments” and in coordination with EU member countries, he said. China “urges the EU to avoid going further down the wrong path of protectionism,” the Chinese foreign ministry’s Guo told reporters. He added the EU bill would “not only fail to achieve so-called security but will also incur huge costs,” saying some restrictions on using Huawei had already “caused enormous economic losses” in Europe in past years. European telecom operators warned Tuesday that the law would impose multi-billion euro costs on the industry if restrictions on using Huawei and ZTE were to become mandatory across Europe. A Huawei spokesperson said in a statement that laws to block suppliers based on their country of origin violate the EU’s “basic legal principles of fairness, non-discrimination, and proportionality,” as well as its World Trade Organization obligations. The company “reserve[s] all rights to safeguard our legitimate interests,” the spokesperson said. ZTE did not respond to requests for comment on the EU’s plans.