it flag go to the original language article
This article has been translated by Artificial Intelligence (AI). The news agency is not responsible for the content of the translated article. The original was published by ANSA.

EU clampdown on high-risk suppliers from critical infrastructure

by AI | 21.Jan 2026 | Europe in brief AI

Tightening of the European Union on suppliers from third countries considered high risk for critical infrastructures. With the new Cybersecurity Act, proposed by the EU Commission, the guidelines of the “5G Toolbox” become binding. Brussels will now be able to impose the exclusion of suppliers, such as Huawei and Zte, from critical infrastructures.

The logo of the Chinese technology company Huawei adorns the facade of its French headquarters in Boulogne-Billancourt, on the outskirts of Paris, on January 6, 2025. (Photo: Martin LELIEVRE / AFP)

Brussels (ANSA) – The European Union is tightening rules on suppliers from third countries considered high risk for critical infrastructure. With the new Cybersecurity Act, proposed by the EU Commission, the guidelines of the “5G Toolbox” become binding. Brussels will now be able to impose the exclusion of suppliers, such as Huawei and Zte, from critical infrastructure.

The restrictions do not concern only 5G networks, but extend to other critical technologies such as fiber optics, systems for solar energy and security scanners. A gradual phase-out of already installed equipment is planned. The proposed revision of the Cybersecurity Act, presented today by the European Commission in Strasbourg, aims to strengthen the EU’s cybersecurity ecosystem in order to cope with the intensification of cyber threats.

The cornerstone of the new regulation is the set of measures aimed at strengthening the security of the Ict supply chain. The regulation does not introduce an explicit ban, but a mechanism that will allow the EU and Member States to identify and mitigate risks in 18 critical sectors of the EU, also taking into account economic impacts and market supply. Through this mechanism, it will first be possible to proceed with the identification – on the basis of strict criteria – of countries that pose cybersecurity risks, and then with the identification of key assets in Ict supply chains.

The next step is to propose mitigation measures to address the identified risks, including the ban on using Ict components from high-risk suppliers, on the basis of a market analysis and an economic impact assessment. The proposal also provides for simplification measures to help companies comply with cybersecurity obligations.

The EU Agency for Cybersecurity (Enisa) will receive new resources and a broader mandate to coordinate the response to large-scale cyber crises and support the implementation of cybersecurity policies. Finally, a reform of the European cybersecurity certification framework (Eccf) is proposed to simplify procedures, broaden the scope (including “managed security services” and the “cyber posture” of entities) and facilitate the development of certification schemes, reducing fragmentation in the digital single market.