New EU security strategy aims to safeguard tech supply chains

A draft strategy published this week by the EU would impose export controls on critical technology and protect against the risks posed by supply chain disruption, whether in the form of industrial espionage, energy security problems, or infrastructure attacks.

The strategy is widely seen as a reaction to potential threats posed by China, although it does not name that country explicitly. Remarks by the European Commission’s commissioner for competition, Margrethe Vestager, however, do state that China poses a threat to Europe’s technology security and intellectual property.

“We design this strategy to be country-agnostic,” Vestager said at a press conference in Brussels Tuesday. “Having said that, we will use a geopolitical filter when assessing the risks. We can’t treat a supply dependency on a systemic rival the same way as we would on an ally.”

The draft highlights four main risk categories: supply chains, critical infrastructure, technology security and economic coercion. Supply chain risks, which include energy security, cover the risks of price surges and the unavailability of critical components. Infrastructure security covers undersea cabling, oil and gas pipelines and similar economic bellwethers. Technology security relates to keeping particularly advanced technology out of the wrong hands, specifically mentioning quantum computing, advanced semiconductors and AI. Finally, economic coercion deals with the possibility of outside nations forcing policy changes based on a member state’s dependence on them.

To address these risks, the strategy draft focuses on promotion of European competitiveness, protection of economic security and partnership with outside countries. Measures similar to the US CHIPS and Science Act — the EU has its own Chips Act — have already been undertaken, which go some way to promoting many of those aims by locating semiconductor production capacity within the union’s borders.

The announcement follows hard on the heels of a similar announcement related to 5G networking. A speech delivered last week by Thierry Breton, internal market commissioner at the European Commission, outlined stiff restrictions on the use of equipment from “high-risk suppliers” in core and radio access network nodes, and named Huawei and ZTE specifically.

“The Commission will implement the 5G toolbox principles to its own procurement of telecoms services, to avoid exposure to Huawei and ZTE,” said Breton. “We cannot afford to maintain critical dependencies that could become a ‘weapon’ against our interests.”

The Commission will propose a list of dual-use technologies for risk assessment that could be adopted by the European Council — part of the EU’s executive branch — by September 2023, according to Vestager. This likely means that final rules will be put in place next year.