European leaders have become increasingly alarmed by what they consider China’s IT threat. MEPs adopt the EU Cybersecurity certification scheme for products, processes and services, whilst also expressing their deep concern about Chinese IT in the EU.
EU Cybersecurity Act has been adopted by the European Parliament with 586 votes to 44 and 36 abstentions. It establishes the first EU-wide cybersecurity certification scheme to ensure that certified products, processes and services sold in EU countries meet cybersecurity standards.
Private and Personal sensitive data
MEPs express deep concern about recent allegations that 5G equipment may have embedded backdoors that would allow Chinese manufacturers and authorities to have unauthorised access to private and personal data and telecommunications in the EU.
China’s Investments in Europe
Parliament also adopted a resolution calling for action at EU level on the security threats linked to China’s growing technological presence in the EU.
China and Europe have long been steady trading partners. What has changed in the last decade is China’s increased footprint in European investment. China’s aggressive incursions into the continent’s economy, including paying $23 million to expand port facilities in Bulgaria, providing $3.8 billion in financing for a high-speed railroad connecting Hungary and Serbia and acquiring a German robotics company that employs 14,000 people worldwide. EU is trying to counter China’s influence in the region.
We want to have a better overview when certain critical infrastructure is targeted by them,
Cecilia Malmstrom, the European trade commissioner
Chinese state security laws a threat to EU cybersecurity
They are also concerned that third-country equipment vendors might present a security risk for the EU, due to the laws of their country of origin obliging all enterprises to cooperate with the state in safeguarding a very broad definition of national security also outside their own country. In particular, the Chinese state security laws have triggered reactions in various countries, ranging from security assessments to outright bans.
MEPs call on the Commission and the member states to provide guidance on how to tackle cyber threats and vulnerabilities when procuring 5G equipment, for example by diversifying equipment from different vendors, introducing multi-phase procurement processes and establishing a strategy to reduce Europe’s dependence on foreign cybersecurity technology.
European Parliament also urge the Commission to mandate the EU Cybersecurity Agency, ENISA, to work on a certification scheme ensuring that the rollout of 5G in the EU meets the highest security standards.
EU Cybersecurity Act to enable certification of connected devices
The EU Cybersecurity Act, which is already informally agreed with member states, underlines the importance of certifying critical infrastructure, including energy grids, water, energy supplies and banking systems in addition to products, processes and services. By 2023, the Commission shall assess whether any of the new voluntary schemes should be made mandatory.
The Cybersecurity Act also provides for a permanent mandate and more resources for the EU Cybersecurity Agency, ENISA.
This significant success will enable the EU to keep up with security risks in the digital world for years to come. The legislation is a cornerstone for Europe to become a global player in cyber security. Consumers, as well as the industry, need to be able to trust in IT-solutions.
Angelika Niebler (EPP, DE), rapporteur of the Cybersecurity Act
The Cybersecurity Act
- EU cybersecurity certification scheme for products, processes and services
- Better protection for consumers and easier procedures for companies
- More power to EU cybersecurity agency
- Cyber threats from China when installing 5G networks needs to be addressed
The Council of the European Union now has to formally approve the Cybersecurity Act. The regulation will enter into force 20 days after it is published. The resolution on Chinese IT presence in the EU will be sent to the Commission and to member states.
Europe’s cyber security – Infographic
Activities by cybercriminals are increasing in complexity and sophistication. MEPs voted in favour of the cybersecurity act which aims to improve the European response to the increasing number of cyber threats by strengthening the role of the European Agency for Network and Information Security (Enisa) and establishing a common cybersecurity certification framework.