EU Cybersecurity Act, China warns Brussels: exclude Huawei and ZTE and there will be consequences

The Chinese Ministry of Commerce (MOFCOM) submitted a formal 30-page document to the European Commission on April 17, 2026, containing a warning (or perhaps a threat?) without any risk of misinterpretation: if the new EU Cybersecurity Act results in the exclusion of Huawei and ZTE from European networks, Beijing will activate widespread retaliatory trade measures. MOFCOM spokesperson He Yongqian reiterated the position at a press conference, stating that China "will have to adopt corresponding countermeasures" and urging the EU not to "undervalue China's firm determination to protect its national interests."

What changes with the new Cybersecurity Act

Announced by the European Commission on January 20, 2026, the Cybersecurity Act represents a clear break from the 2020 5G Toolbox. That document merely recommended that member states exclude high-risk suppliers from 5G networks, but without any binding mechanism. The result was a patchy compliance: only 13 out of 27 EU countries had implemented the guidelines at the time of the new law's announcement. Germany is the most glaring case, with Huawei still present in about 60% of German 5G sites by the end of 2024.

The new Act introduces a much stricter legal obligation: within three years of its entry into force, all member states must remove equipment from suppliers designated as high risk. However, the most relevant mechanism is the Commission's ability to designate an entire country as a "cybersecurity threat": if applied to China, the exclusion would extend beyond telcos, affecting 18 critical sectors including energy, transport, and ICT. The text does not explicitly mention Huawei or ZTE or other entities, but the intention leaves no room for doubt: Henna Virkkunen, Executive Vice President of the European Commission and European Commissioner for digital and frontier technologies, stated that the law will give the EU "the means to better protect critical supply chains." With Chinese vendors controlling between 33% and 40% of European 5G infrastructure, according to data from Strand Consult, a total removal would represent the largest forced replacement of telecommunications infrastructure in European history.

Beijing's four objections

The MOFCOM document articulates China's objections on four distinct levels. The first attacks the methodological core of the law: the concept of "non-technical risk" is, for Beijing, an arbitrary and subjective tool that allows exclusion of companies based on their country of origin rather than demonstrated security vulnerabilities. This criticism resonates somewhat in the European debate over the risk of protectionism disguised as national security. The second argument is legal: the proposal would violate WTO principles of non-discrimination and proportionality. The third points to the cascading effect of designating a "risky country": in automotive, renewables, and industrial electronics, Chinese companies are deeply integrated into European supply chains, and a blanket exclusion would have effects on sectors far beyond telecommunications networks.

The fourth point is the most direct: European companies operating in China would face symmetric restrictions. German automakers export around 90 billion euros to China each year; Dutch chipmakers and French aerospace groups have equally structural dependencies on the Chinese market. The legal mechanisms cited by MOFCOM are the Chinese Foreign Trade Law and the State Council Supply Chain Security Regulations, the same tools already employed in previous technology disputes: they allow for trade restrictions, bans on public procurement, investigations into foreign entities, and designations on lists that practically replicate the American model that Beijing criticizes in official statements.

The Swedish precedent makes the threat credible

This is not a threat without verifiable precedents. When Sweden banned Chinese vendors from its 5G network in 2020, Ericsson's revenues in China plummeted by 46% the following year. The company has never recovered that share. Nokia, which has maintained a reduced presence in the Chinese market, saw its revenues in China drop from about 2.5 billion euros in 2018 to about 913 million in 2025. Nokia's CEO Justin Hotard publicly denounced the contrast between Europe's openness to Huawei and the restrictions China has already imposed on Nordic vendors: the combined market share of the two European operators in the Chinese market is currently stuck at 3%.

Asymmetry is already a well-established reality: Beijing has progressively closed the market to the two main European network infrastructure producers, while Huawei and ZTE continue to operate freely in Europe. For Nokia and Ericsson, a European ban on Huawei represents the biggest revenue opportunity in recent years. Ericsson has estimated the opportunity arising from the share that Huawei and ZTE currently control in Europe as "sizeable." But that prospect depends on a political execution that faces concrete resistance in terms of technical feasibility and economic interests of the most exposed member states.

Implementation: another open variable

Regardless of Chinese pressure, the practical implementation of the law presents real challenges. The UK has mandated the removal of Huawei from 5G networks by the end of 2027, but BT has already missed the 2023 deadline for the core network. Germany has ordered the removal of Huawei from the 5G core by the end of 2026, a constraint that applies, however, to a portion of the network where Huawei was not concretely present, while retention in the Radio Access Network is allowed until 2029. A total replacement on a EU-wide scale in three years represents an exceptionally ambitious plan, which nonetheless carries more than a few doubts regarding compliance.

This structural data paradoxically strengthens Beijing's negotiating leverage. The member states with the greatest commercial exposure to China, Germany, the Netherlands, and France, are precisely those that have implemented the least of the recommendations of the 5G Toolbox. The MOFCOM document is calibrated to make its weight felt in European capitals where caution towards Beijing is already a consolidated political position. The Cybersecurity Act still needs to pass negotiations with the EU governments and the European Parliament before becoming law. No formal timeline has been confirmed for that process.

The geopolitical framework complicating everything

The EU faces this negotiation in a position of cross pressures. The Trump administration explicitly pressured Brussels to accelerate the removal of Huawei, while simultaneously threatening tariffs in response to European actions against American Big Tech. Beijing is pushing in the opposite direction with a well-quantified economic threat: bilateral EU-China trade is worth 759 billion euros annually, with a deficit of 360 billion in favor of China. The dependencies created by this imbalance limit the willingness of member countries to expose themselves to retaliatory trade, especially at a time when the German automotive industry is already under pressure on multiple fronts.

The MOFCOM statement closes with the usual diplomatic formula: China "still considers cooperative dialogue as the correct path." But the submission of a formal 30-page document with precise quotes of legal retaliation mechanisms is not a gesture of openness to dialogue. It is a communication designed to influence the legislative process before it comes to a vote, leveraging the economic interests of the governments most hesitant to act, which are also those with the highest risk profile in the event of escalation.