New EU security strategy aims to safeguard tech supply chains

The European Union (EU) has released a draft strategy aimed at protecting critical technology and mitigating risks associated with supply chain disruptions, industrial espionage, energy security issues, and infrastructure attacks. While the strategy does not explicitly mention China, it is widely seen as a response to potential threats posed by the country. European Commission’s commissioner for competition, Margrethe Vestager, acknowledged that China poses risks to Europe’s technology security and intellectual property.

The draft strategy categorizes four main risk areas: supply chains, critical infrastructure, technology security, and economic coercion. Supply chain risks encompass concerns such as price surges and the unavailability of critical components, including energy security. Critical infrastructure security includes undersea cables, oil and gas pipelines, and similar economic indicators. Technology security focuses on preventing advanced technologies, such as quantum computing, advanced semiconductors, and AI, from falling into the wrong hands. Economic coercion addresses the potential for external nations to exert influence and force policy changes based on a member state’s dependence on them.

To address these risks, the draft strategy emphasizes the promotion of European competitiveness, protection of economic security, and partnerships with other countries. The EU has already taken measures similar to the US CHIPS and Science Act, such as establishing the Chips Act, which aims to localize semiconductor production within the EU.

This recent announcement follows a similar move regarding 5G networking. The European Commission’s internal market commissioner, Thierry Breton, recently outlined strict restrictions on the use of equipment from “high-risk suppliers” in core and radio access network nodes, specifically mentioning Huawei and ZTE.

The Commission plans to propose a list of dual-use technologies for risk assessment, which could be adopted by the European Council, a part of the EU’s executive branch, by September 2023. This suggests that the final rules will likely be implemented next year.