China’s trade promotion agency on Friday expressed firm opposition to the EU’s planned introduction of “non-technical risk” factors, which directly link enterprises from specific countries or with specific national backgrounds to cybersecurity risks and exclude them from relevant EU supply chains, into the draft of its Cybersecurity Act. 

In response to the EU’s ongoing efforts to advance the Cybersecurity Act, which would prohibit Chinese enterprises from participating in the construction of Europe’s critical infrastructure, a spokesperson from the China Council for the Promotion of International Trade (CCPIT) said that the China Chamber of International Commerce has, on behalf of the Chinese business community, submitted comment opinions to the EU, deeming that the draft contains obvious unreasonable elements. 

On one hand, concepts such as “non-technical risks,” “countries posing cybersecurity concerns,” and “high-risk suppliers” have vague criteria for determination, which do not conform to the requirements of modern rule of law regarding legal clarity, procedural transparency, and predictability. On the other hand, measures such as imposing market access restrictions on suppliers from specific countries, requiring replacement of existing equipment, and excluding certification qualifications clearly exceed the limits necessary for maintaining cybersecurity. 

“These measures conflict with the basic rules of the WTO, international commitments on services trade, and investment protection rules,” the spokesperson noted.

From the perspective of industry and business cooperation, if specific country suppliers are comprehensively excluded under generalized security pretexts, it will not only harm the legitimate rights and interests of relevant market entities, including Chinese enterprises, but will also weaken the EU’s open, fair, and predictable business environment, the spokesperson noted.

EU enterprises will face practical pressures such as rising costs, reduced procurement options, decreased supply chain stability, and extended technology adaptation cycles. Ultimately, these costs will be passed on to EU consumers and public service systems, the CCPIT spokesperson said, adding that according to incomplete statistics, if the law is implemented, the affected investment in Europe would exceed hundreds of billions of euros, and the affected employment in Europe would be in the tens of thousands.

We call on the EU side, in the subsequent legislative process, to fully listen to opinions from enterprises, industry associations, and other parties; adhere to the principles of technological neutrality and risk orientation; delete or substantially revise rules that are country-specific and discriminatory; and prudently assess the draft’s impact on China-EU business cooperation, the EU’s own industrial development, and the stability of global supply chains, the spokesperson said.

Chinese enterprises are important partners in Europe’s digital transformation, green transformation, and industrial upgrading. The Chinese business community is willing to work with the EU side to jointly promote cybersecurity governance and digital economy development, uphold an open, fair, and non-discriminatory market environment, and jointly ensure the stability and smoothness of global industrial and supply chains, the spokesperson noted.

Global Times