{"id":180701,"date":"2026-01-22T14:44:00","date_gmt":"2026-01-22T19:44:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/22\/europes-new-cyber-rules-target-china-and-us\/"},"modified":"2026-01-22T15:10:11","modified_gmt":"2026-01-22T20:10:11","slug":"europes-new-cyber-rules-target-china-and-us","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/22\/europes-new-cyber-rules-target-china-and-us\/","title":{"rendered":"Europe\u2019s New Cyber\u00a0Rules Target China\u00a0\u2014\u00a0and US\u00a0"},"content":{"rendered":"<p><a href=\"https:\/\/cepa.org\/article\/europes-new-cyber-rules-target-china-and-us\/\">Europe\u2019s New Cyber\u00a0Rules Target China\u00a0\u2014\u00a0and US\u00a0<\/a><\/p>\n<p><a href=\"https:\/\/cepa.org\/article\/europes-new-cyber-rules-target-china-and-us\/\">https:\/\/cepa.org\/article\/europes-new-cyber-rules-target-china-and-us\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-01-22 14:44:00<\/a><\/p>\n<p>Source Domain: <a href=\"cepa.org\">cepa.org<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>Europe depends on Chinese and American tech\u00a0\u2014\u00a0and worries about the safety of its critical telecom and IT systems. A new\u00a0cybersecurity proposal\u00a0focuses on protecting against not only cyberattacks, but against what European Commission Executive Vice-President for Technological Sovereignty, Security and Democracy Henna Virkkunen calls \u201ccritical ICT supply chains.\u201d\u00a0<\/p>\n<p>If approved, the proposal would trigger binding rules for countries to force telecom operators to phase out Chinese vendors Huawei and ZTE. Gentle recommendations\u00a0made\u00a0in a\u00a02020 security toolbox\u00a0to achieve this goal have failed. One-third of Europe\u2019s 5G sites use Chinese equipment\u00a0\u2014\u00a0a figure unchanged since 2022.\u00a0Germany relies on Chinese vendors for 59% of its 5G\u00a0network.\u00a0<\/p>\n<p>But\u00a0there\u2019s\u00a0a twist. The new rules\u00a0could\u00a0also\u00a0hit US tech: Virkkunen mentions cloud services and satellite technology as two areas of potential security risks. Microsoft, Google, and Amazon dominate cloud computing, controlling\u00a070% of the European market. Starlink enjoys a near monopoly over satellite communication. Given deteriorating transatlantic relations, many Europeans now see these dependencies as dangerous as their reliance on Chinese telecom equipment.\u00a0\u00a0<\/p>\n<p>Yet\u00a0Europe\u2019s hope of\u00a0loosening the\u00a0Chinese American stranglehold remains dark. Consider the first Cybersecurity Act\u2019s record. It made big promises and thick documents, yet politics and internal divisions slowed genuine progress.\u00a0Brussels adopted only one certification approval in five years.<\/p>\n<p>\t\t\tGet the Latest\t\t<\/p>\n<p>\t\t\tSign up to receive regular Bandwidth emails and stay informed about CEPA&#8217;s work.\t\t<\/p>\n<p>The modernized cybersecurity regulation promises to accelerate progress. It includes\u00a0an\u00a081.5% budget increase, 118\u00a0additional\u00a0staff, and modular certification designed to reduce compliance burdens. The hope is that moving decision-making to \u201cneutral\u201d technical certification schemes will allow quick action.\u00a0<\/p>\n<p>Good luck. Europe\u2019s influential telecom incumbents have\u00a0already signaled\u00a0opposition. Their main lobby, Connect Europe,\u00a0called on\u00a0legislators to \u201ccorrect\u201d the proposal to phase out low-cost Chinese vendors, warning against \u201cpolicies that would significantly weaken the very sector they aim to safeguard.\u201d A Huawei spokesperson said in a statement that laws to block suppliers based on their country of origin violate the EU\u2019s \u201cbasic legal principles of fairness, non-discrimination and proportionality,\u201d as well as its World Trade Organization obligations.\u00a0\u00a0<\/p>\n<p>Another key unanswered debate\u00a0remains\u00a0about how much the geographic origin of a supplier should be\u00a0considered. The long-running battle over cloud cybersecurity requirements revealed the unpleasant\u00a0truth\u00a0\u00a0\u2014\u00a0no consensus\u00a0exists\u00a0in Europe. France, Germany, Spain, and Italy demanded \u201cHigh+\u201d requirements: EU headquarters, EU infrastructure,\u00a0and\u00a0immunity from US surveillance laws. The Netherlands, Poland, Ireland, and Sweden opposed this, having partnered with American\u00a0hyperscalers.\u00a0\u00a0<\/p>\n<p>The new cybersecurity rules had the chance to\u00a0resolve this question. They could have empowered\u00a0rigorous certification,\u00a0enabling choice between providers meeting transparent standards\u00a0\u2014\u00a0EU or non-EU\u2014\u00a0plus investment,\u00a0making European alternatives competitive. Instead, sovereignty requirements vanished. The Commission made everything voluntary and promised nothing about investing in European capacity.\u00a0<\/p>\n<p>A comparison with Ukraine, where I work,\u00a0is revealing. Ukraine\u2019s wartime cyber resilience came from near-real-time threat intelligence sharing,\u00a0clear guidance to cloud providers, and ruthless prioritization of recovery over documentation. It required none of the certification schemes or five-year evaluation cycles. It required operational capability under pressure.\u00a0Data was moved offshore to protect it. Firms were chosen based on their operational capabilities, not because of their nationality. US firms, from Microsoft to Broadcom, proved key.\u00a0<\/p>\n<p>Europe has rejected such an approach. Member\u00a0States\u00a0have\u00a0refused to give up their\u00a0powers. Instead of strong centralized leadership with firm rules, the new\u00a0cyber\u00a0proposal calls for \u201ccontinuous operational cooperation.\u201d It preserves that \u201cnational security remains the sole responsibility of each Member State.\u201d\u00a0<\/p>\n<p>The sovereignty battle reveals an unpleasant truth. This incoherence makes a strong certification essential. If Europe\u00a0can\u2019t\u00a0agree on \u201csovereignty requirements,\u201d it will pass those discussions to future debates. Europe\u00a0once again\u00a0risks getting neither improved security nor reduced dependency on China and the US.\u00a0\u00a0<\/p>\n<p>Ieva Ilves has more than two decades of experience in digital transformation,\u00a0cybersecurity, and international affairs. Her career spans high-level roles in Latvia, Estonia, and internationally, including as Digital Policy Advisor to Latvia\u2019s President. She led Latvia\u2019s first national cybersecurity strategy and the project to\u00a0establish\u00a0NATO\u2019s Strategic Communications Centre of Excellence in Riga. She\u00a0advisesUkraine\u2019s Ministry of Digital Transformation and\u00a0WithSecure, a Finnish cybersecurity company. She has a\u00a0master\u2019s\u00a0from Johns Hopkins University SAIS.\u00a0<\/p>\n<p>Bandwidth is CEPA\u2019s online journal dedicated to advancing transatlantic cooperation on tech policy. All opinions expressed on Bandwidth are those of the author alone and may not represent those of the institutions they represent or the Center for European Policy Analysis.\u00a0CEPA maintains a strict intellectual independence policy across all its projects and publications.<\/p>\n<p>\t\t\t\t\t\t\t\t\tExplore the latest from the conference.<\/p>\n<p>\t\t\t\t\t\t\t\t\tLearn More\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/p>\n<p>\t\t\tRead More From Bandwidth\t\t<\/p>\n<p>\t\t\tCEPA\u2019s online journal dedicated to advancing transatlantic cooperation on tech policy.\t\t<\/p>\n<p>\t\t\t\tRead More\t\t\t<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Europe\u2019s New Cyber\u00a0Rules Target China\u00a0\u2014\u00a0and US\u00a0 https:\/\/cepa.org\/article\/europes-new-cyber-rules-target-china-and-us\/ Publish Date: 2026-01-22 14:44:00 Source Domain: cepa.org Author:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":180702,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/cepa.org\/wp-content\/uploads\/2026\/01\/2024-11-03T000000Z_2119911028_MT1NURPHO000ZWLQ77_RTRMADP_3_WARSAW-CORPORATIONS-SIGNAGE-LOGOS-scaled.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24],"class_list":["post-180701","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/180701"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=180701"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/180701\/revisions"}],"predecessor-version":[{"id":180703,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/180701\/revisions\/180703"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/180702"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=180701"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=180701"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=180701"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}