The European Commission is working on plans to ban equipment from Chinese suppliers, such as Huawei and ZTE, from critical networks within the EU according to a Financial Times article. The reason is growing concerns about cybersecurity, geopolitical dependencies and digital sovereignty. What was initially mainly a discussion for telecom operators and governments, now increasingly affects companies that depend on complex (digital) chains.
The question that comes up more and more often: do you actually know where your technology, products and services come from? And perhaps even more important: do you know what risks are attached to them?
What is the European Commission’s intention?
The European Commission wants to require member states to ban suppliers that are considered ‘high risk’ from critical infrastructure. In practice, this mainly concerns Chinese technology in telecommunications and 5G networks, vital IT systems and other sectors that are crucial to society.
Until now, EU directives were mainly advisory. In the new plans, these become legally binding, with clear deadlines for phasing out certain suppliers. This fits within a broader strategy around cybersecurity, strategic autonomy and reducing dependencies on non-EU countries.
Why this is not just a telecom story
While the news mainly focuses on critical networks, the impact extends far beyond telecom and vital infrastructure. Virtually every company today depends on external hardware and software suppliers, cloud and IT service providers and chain partners who in turn use other technologies. This creates a long and often opaque supply chain, in which origin, dependencies and risks are not always clearly visible.
It is precisely in such a complex chain that risks can accumulate unnoticed. What is still permitted today may fall under new legislation or policy measures tomorrow. Organizations that do not have good insight into their suppliers and technology then run the risk of having to act mainly reactively, with high replacement costs, compliance problems and possible reputational damage as a result.
The EU’s intention is therefore mainly a wake-up call: organizations must better understand where their digital and technological dependencies lie.
From ‘where do I buy?’ to ‘what risk do I buy?’
On the one hand, this development requires a different kind of insight, on the other hand a different way of acting. The central question shifts from ‘where do I buy?’ to ‘what risk do I buy?’. Where suppliers were previously mainly assessed on price, quality and continuity, geopolitical and cybersecurity aspects now also play an increasingly important role. Organizations must understand in which country a supplier operates, to which laws and regulations that party is subject and what risks this entails.
In addition, it is not only about the direct supplier, but also about what lies behind it. What incidents or vulnerabilities have occurred? And which shadow suppliers are part of the same chain? These questions cannot be answered with a one-time inventory. They require structural and current insight, so that risks can be continuously monitored and included in decisions about procurement, cooperation and continuity.
Conclusion
The European Commission’s intention to ban Chinese equipment from critical networks is more than geopolitical policy. It underlines a broader trend: companies are becoming increasingly responsible for the risks in their digital and technological chain.
Those who already have insight into origin, dependencies and digital risks today can anticipate new rules, incidents and strategic choices more quickly. With RiskStudio, organizations get that insight. Continuously, scalably and based on facts.
