Article

The European Commission is advancing a Cybersecurity Package aimed at phasing out high-risk suppliers, particularly Chinese companies like Huawei and ZTE, from critical infrastructure across 18 sectors, including 5G networks, solar energy systems, and medical devices. This initiative is part of a broader strategy to enhance digital security and reduce strategic dependencies within the EU.

Operators are given a 36-month period to remove critical components from their networks following the identification of high-risk suppliers. The measures will follow a formal risk assessment and will be based on market analysis.

The package includes strengthening the European Union Agency for Cybersecurity (ENISA), transforming the 5G Cybersecurity Toolbox into mandatory measures, simplifying the NIS2 directive, and establishing a new European cybersecurity certification framework. The legislative process has just begun, and negotiations with member states and the European Parliament will follow.