Interviews | Economy | East Asia

EU Cybersecurity Act: Increased Scrutiny of China-Based Supply Chains 

Insights from Martin Catarata.

The Diplomat author Mercy Kuo regularly engages subject-matter experts, policy practitioners, and strategic thinkers across the globe for their diverse insights into U.S. Asia policy. This conversation with Martin Catarata – project leader and lead researcher specializing in China-U.S./EU geoeconomic strategy, export controls, and high-tech supply chains at Sinolytics in Berlin – is the 498th in “The Trans-Pacific View Insight Series.”

Explain the regulatory significance of the EU Cybersecurity Act. 

The significance of the EU Cybersecurity Act lies in its use as a strategic instrument of economic security. It broadens the legal architecture that allows Brussels to restrict or condition market access for vendors deemed “high-risk.” This category is widely understood to apply especially to certain China-based ICT suppliers.

By strengthening ENISA [the European Union Agency for Cybersecurity] and establishing EU-wide cybersecurity certification schemes, the Act reduces member states’ discretion to set their own security thresholds. That harmonization is crucial in the China context: it prevents Beijing-facing suppliers from leveraging divisions within the EU single market. The revised framework enables Brussels to embed geopolitical risk assessment into technical certification processes.

Examine the proposed bill’s objective to de-risk the supply chain of ICT infrastructure. 

The Commission’s recent revision proposals pursue a deliberate objective to de-risk ICT infrastructure supply chains by identifying “high-risk” suppliers and creating a legal path to exclude them from critical sectors. The proposal replaces purely national patchwork remedies with a risk-based EU framework that standardizes risk assessment, creates lists of high-risk suppliers, and sets enforceable mitigation (including phased removal) obligations for operators in 18 critical sectors. This approach aims to reduce systemic dependence, accelerate coordinated “rip-and-replace” activity where needed, and lower cross-border fragmentation of security rules so that procurement, incident response, and resilience measures are interoperable across the single market. 

Analyze the scope and scale of Brussels’ increased scrutiny of China-based supply chains. 

Brussels’ increased scrutiny of China-based supply chains is wide in both scope and potential impact. The draft targets not only telecoms equipment but spans 18 critical sectors including electricity, water, cloud, medical devices, satellites, semiconductors, and connected vehicles, applying to both new procurement and in many cases existing network components with multi-year phase-out timetables. 

The scale is across the EU: the Commission proposes EU-level designation and mitigation........

© The Diplomat