Cybersecurity is on the agenda of the European Parliament's plenary session this week. In addition to the Cybersecurity Regulation on 12 March, and their position on the Competence Centre on 13 March, MEPs are expected to adopt a topical resolution on Wednesday 13 March concerning Huawei and other Chinese equipment manufacturers that recommends a “risk-based approach across the value chain” (see EUROPE 12157/5, 12197/6).
The text, co-written by the EPP, S&D, ALDE and Greens/EFA groups, refers to “concerns” about third-country suppliers who may incorporate backdoors into their equipment. It is particularly targeted at Chinese equipment manufacturers such as Huawei and ZTE, following China's adoption in 2017 of its intelligence law, which requires Chinese companies to cooperate with the government in collecting intelligence when requested.
A coordinated response
So far, responses have been relatively fragmented, the draft resolution notes, citing the example of the Czech Republic, which excluded Huawei from a tender for the establishment of a tax portal in January 2019. It stresses the need for a coordinated response, “knowing that a patchwork of divergent national decisions would harm the digital single market” (see EUROPE 12205/4).
The resolution calls on the Commission to develop a strategy that puts Europe at the forefront of cybersecurity technologies and aims to reduce Europe's dependence on foreign technologies in the field of cybersecurity. It also asks the Commission to assess the soundness of the legal framework and to present initiatives, including legislative proposals, if necessary, to remedy any deficiencies detected in a timely manner. Among the areas for improvement mentioned, the Commission is responsible for “studying the need to extend the scope” of the Directive on network and information systems security to new sectors and services of critical importance that are not covered by specific legislation. In addition, under the new Cybersecurity Regulation, the Commission is requested to instruct the European Union Agency for Cybersecurity (ENISA) to give priority to the “definition of a 5G equipment certification system”.
The text also calls on the Commission and the Member States to make security a mandatory aspect in all public procurement procedures for the infrastructure concerned, both at the EU and the national level.
A broader reflection
China's technological threat is not the only issue that concerns the European Union. On 12 March, the European Commission will present a strategic communication concerning EU-China relations in all areas (economic, political, human rights, etc.). This communication, entitled “EU-China strategic outlook”, will be discussed at the Spring European Summit on 21 and 22 March and at the EU-China Summit on 9 April. The text of the current draft resolution can be found at: https://bit.ly/2HfiZVe. (Original version in French by Sophie Petitjean)