Beijing’s commerce ministry has formally submitted a 30-page document warning the European Commission that its draft Cybersecurity Act, which would make vendor removal mandatory for the first time, could trigger reciprocal measures against European companies in China.
China has formally threatened the European Union with retaliation if a sweeping new cybersecurity law leads to the exclusion of Chinese firms, including Huawei and ZTE, from European critical infrastructure.
The Chinese Ministry of Commerce submitted a 30-page document to the European Commission, reported earlier by the South China Morning Post, explicitly warning that Beijing is prepared to invoke its Foreign Trade Law and State Council Supply Chain Security Regulations, legal frameworks that allow China to restrict trade, investigate foreign entities, and impose reciprocal bans on European companies, if Chinese firms face what it calls discriminatory treatment.
The document was submitted on April 17 to the Commission. MOFCOM spokesperson He Yongqian confirmed the submission at a press briefing on April 24, framing China’s core objection as the draft law’s use of ‘non-technical risk’ factors, a mechanism Beijing argues is a subjective political tool designed to exclude Chinese companies regardless of the actual security properties of their equipment.
What the EU Cybersecurity Act proposes?
The revised EU Cybersecurity Act, announced by the European Commission on January 20, represents a fundamental shift in how Brussels approaches network security. Since 2020, the EU’s ‘5G toolbox’ has recommended that member states avoid high-risk vendors in 5G networks.
That recommendation has been implemented unevenly: only 13 of 27 member states had acted on it by the time the new law was announced, and several of the bloc’s most significant economies, including Germany, where Huawei provided equipment across approximately 60% of 5G sites as recently as late 2024, had been slow to act.
The new law changes the legal basis from recommendation to obligation. It would require member states to remove equipment from vendors designated as high-risk suppliers from communications networks within three years of the law entering into force.
It also creates a mechanism under which the Commission can designate an entire country as a ‘cybersecurity threat,’ which would trigger exclusions extending beyond telecoms into 18 critical sectors, including energy, transport, and information technology.
The law does not name Huawei or ZTE explicitly, but the intent is unambiguous: EU Tech Commissioner Henna Virkkunen said it would give the bloc ‘the means to better protect our critical supply chains,’ and Strand Consult data puts Chinese vendors’ share of European 5G infrastructure at between 33% and 40%. A full removal would be the largest forced replacement of telecoms infrastructure in European history.
The precedent that makes Beijing’s threat credible
China’s retaliation threats have a documented track record. When Sweden banned Chinese vendors from its 5G networks in 2020, Ericsson’s revenues in China fell 46% the following year.
The company has never recovered that business. Nokia, which has maintained a small footprint in the Chinese market, has watched its China revenues fall from roughly €2.5 billion in 2018 to approximately €913 million last year.
Nokia executives have told the company internally that it faces a total ban in China for national security reasons, with Nokia’s president of mobile networks, Tommi Uitto, publicly stating that the combined China market share of both Nordic vendors has dropped to 3%.
The asymmetry is pointed. China has already been restricting Nokia and Ericsson, the two European companies that stand to benefit most from a Huawei ban, while simultaneously warning the EU that it will face consequences if it formalises its own exclusions.
That double standard is increasingly being called out. Nokia CEO Justin Hotard has contrasted Europe’s continued openness to Huawei with China’s restrictions on European vendors, and Ericsson’s Börje Ekholm has estimated the EU revenue opportunity from replacing Chinese kit at a ‘sizeable’ number given Huawei and ZTE’s combined European market share.
The Swedish precedent also illustrates the implementation challenge the EU faces independently of Chinese pressure. The UK mandated the removal of Huawei from 5G networks by the end of 2027. BT missed the 2023 deadline for its core network.
Germany ordered Huawei removed from the 5G core by the end of 2026, a deadline that applies to a part of the network Huawei was not even present in when the rules were announced, while allowing retention of Huawei’s radio access network until 2029. The practical reality of a three-year EU-wide rip-and-replace at scale is, as Light Reading noted, ‘ambitious and compliance is not certain.’
What Beijing is threatening and why?
China’s 30-page submission argues on four grounds. First, the ‘non-technical risk’ framework is discriminatory on its face, targeting companies by country of origin rather than by demonstrated security flaw. Second, the law violates WTO principles of non-discrimination and proportionality.
Third, that designating China as a ‘country of cybersecurity concern’ would, if triggered, extend exclusions far beyond telecoms into clean energy, automotive, and industrial supply chains where Chinese companies are deeply embedded in European markets.
Fourth, that European companies operating in China, German automakers with €90 billion in annual exports, Dutch chipmakers, French luxury and aerospace firms, would face reciprocal market access restrictions.
The legal mechanisms cited, China’s Foreign Trade Law and the State Council’s Supply Chain Security Regulations, are the same frameworks Beijing has used in previous technology trade disputes. They permit retaliatory trade restrictions, procurement bans, investigations into foreign entities, and entity list designations that mirror the US model China publicly decries.
The spokesperson’s framing, that China ‘still views cooperative dialogue as the correct path’, is the standard diplomatic hedging that accompanies formal coercive submissions of this kind.
A geopolitically loaded moment
The Trump administration has simultaneously been pressuring the EU to accelerate Huawei removal while threatening tariffs over EU enforcement actions against US tech companies.
The EU is navigating a position in which it faces pressure from Washington to act on Huawei and pressure from Beijing not to, while also trying to maintain economic relationships with both.
Germany, the member state with the most at stake both in terms of Huawei infrastructure and Chinese market exposure for its automotive sector, has been the most cautious about implementation pace.
For Nokia and Ericsson, the stakes are direct. Both were among the companies expected to meet EU leadership precisely around the question of European tech competitiveness and strategic supply chain policy.
A full European Huawei ban would represent the single largest new revenue opportunity the Nordic vendors have had in years. Whether the EU actually follows through, given member state reluctance, the implementation timeline, and Beijing’s explicit threat, is now the central question.
The Cybersecurity Act must still be negotiated with EU governments and the European Parliament before it becomes law. No timeline for that process has been confirmed.
China’s formal submission is designed to influence that negotiation, and the governments most exposed to Chinese trade retaliation, Germany, the Netherlands, and France, are also the ones whose implementation of the existing 5G toolbox has been most limited.
You must be logged in to post a comment Login