Beijing’s Commerce Ministry formally submitted a 30-page document warning the European Commission that its draft Cybersecurity Law, which would make supplier removal mandatory for the first time, could trigger reciprocal measures against European companies in China.
China has formally threatened the European Union with retaliation if a sweeping new cybersecurity law leads to the exclusion of Chinese companies, including Huawei and ZTE, from European critical infrastructure.
The Chinese Ministry of Commerce submitted a 30-page document to the European Commission, previously reported by the South China Morning Postexplicitly warning that Beijing is willing to invoke its Foreign Trade Law and the State Council’s Supply Chain Security Regulations — legal frameworks that allow China to restrict trade, investigate foreign entities and impose reciprocal bans on European companies — if Chinese companies face what it calls discriminatory treatment.
The document was presented on April 17 to the Commission. MOFCOM spokesman He Yongqian confirmed the filing at a press conference on April 24, framing China’s main objection as the bill’s use of “non-technical risk” factors, a mechanism that Beijing says is a subjective political tool designed to exclude Chinese companies regardless of the actual safety properties of their equipment.
What does the EU Cybersecurity Law propose?
The revised EU Cybersecurity Lawannounced by the European Commission on January 20, represents a fundamental change in the way Brussels approaches network security. Since 2020, the EU’s ‘5G toolbox’ has recommended that member states avoid high-risk providers in 5G networks.
The 💜 of EU technology
The latest rumors from the EU tech scene, a story from our wise founder Boris and some questionable AI art. It’s free, every week, in your inbox. Register now!
That recommendation has been implemented unevenly: Only 13 of the 27 member states had acted on it when the new law was announced, and several of the bloc’s largest economies, including Germany, where Huawei provided equipment at about 60% of 5G sites by the end of 2024, had been slow to act.
The new law changes the legal basis from recommendation to obligation. It would require member states to remove equipment from vendors designated as high-risk vendors from communications networks within three years of the law coming into force.
It also creates a mechanism under which the Commission can designate an entire country as a ‘cybersecurity threat’, triggering exclusions that would extend beyond telecommunications to 18 critical sectors, including energy, transportation and information technology.
The law does not explicitly name Huawei or ZTE, but the intention is unambiguous: EU Technology Commissioner Henna Virkkunen said it would give the bloc “the means to better protect our critical supply chains,” and Strand Consult data puts Chinese suppliers’ share of European 5G infrastructure at between 33% and 40%. A complete removal would be the largest forced replacement of telecommunications infrastructure in European history.
The precedent that makes Beijing’s threat credible
China’s threats of retaliation have a documented history. When Sweden banned Chinese providers from accessing its 5G networks in 2020, Ericsson’s revenue in China fell 46% the following year.
The company has never recovered that business. Nokia, which has maintained a small presence in the chinese markethas seen its revenue in China fall from around €2.5 billion in 2018 to around €913 million last year.
Nokia executives have told the company internally that it faces an outright ban in China for national security reasons, and Nokia’s president of mobile networks, Tommi Uitto, has publicly stated that the combined market share of both Nordic suppliers in China has fallen to 3%.
The asymmetry is pointed. China has already been restricting Nokia and Ericsson, the two European companies that stand to benefit most from a Huawei ban, while warning the EU that it will face consequences if it formalizes its own exclusions.
This double standard is increasingly denounced. Nokia CEO Justin Hotard has contrasted Europe’s continued openness to Huawei with China’s restrictions on European suppliers, and Ericsson’s Börje Ekholm has estimated the EU revenue opportunity from replacing Chinese equipment at a “considerable” figure given the combined European market share of Huawei and ZTE.
The Swedish precedent also illustrates the implementation challenge the EU faces regardless of Chinese pressure. The UK ordered Huawei removed from 5G networks by the end of 2027. BT missed the 2023 deadline for its core network.
Germany ordered that Huawei be removed from the 5G core by the end of 2026, a deadline that applies to a part of the network where Huawei was not even present when the rules were announced, while allowing the retention of Huawei’s radio access network until 2029. The practical reality of a three-year, EU-wide teardown and replacement is, as Light Reading noted, “ambitious and its compliance is not certain.”
What is Beijing threatening and why?
China’s 30-page submission is based on four grounds. First, the “non-technical risk” framework is discriminatory on its face, targeting companies by country of origin rather than by demonstrated security flaws. Second, the law violates the WTO principles of non-discrimination and proportionality.
Third, designating China as a “country of cybersecurity concern” would, if triggered, expand exclusions well beyond telecommunications, into clean energy, automotive and industrial supply chains, where Chinese companies are deeply embedded in European markets.
Fourth, European companies operating in China, German automakers with €90 billion in annual exports, Dutch chipmakers, and French aerospace and luxury companies would face reciprocal market access restrictions.
The legal mechanisms cited, China’s Foreign Trade Law and the State Council’s Supply Chain Security Regulations, are the same frameworks Beijing has used in previous technology trade disputes. They allow retaliatory trade restrictions, procurement bans, investigations into foreign entities, and entity list designations that mirror the U.S. model that China publicly condemns.
The spokesperson’s formulation, that China “still views cooperative dialogue as the right path,” is the standard diplomatic protection that accompanies formal coercive introductions of this kind.
A moment charged with geopolitics
The Trump administration has been simultaneously pressuring the EU to accelerate the removal of Huawei while also threatening to impose tariffs over the EU’s actions against US tech companies.
The EU is navigating a position where it faces pressure from Washington to act on Huawei and pressure from Beijing not to do so, while trying to maintain economic relations with both.
Germany, the member state with the most at stake both in terms of Huawei’s infrastructure and its automotive sector’s exposure to the Chinese market, has been the most cautious about the pace of rollout.
For Nokia and Ericsson, the stakes are straightforward. Both were among the companies expected to deliver on EU leadership precisely around the issue of European technological competitiveness and strategic supply chain policy.
An outright ban on Huawei in Europe would represent the biggest new revenue opportunity Nordic suppliers have had in years. The central question now is whether the EU actually delivers on what it promised, given the reluctance of member states, the implementation schedule and the explicit threat from Beijing.
The Cybersecurity Law still needs to be negotiated with EU governments and the European Parliament before it becomes law. No timeline for that process has been confirmed.
China’s formal presentation is designed to influence that negotiation, and the governments most exposed to Chinese trade retaliation, Germany, the Netherlands and France, are also those whose implementation of the existing 5G toolbox has been most limited.
