Regulatory overreach masks EU's malaise: China Daily editorial

The European Union's instinctive response to technological anxiety is paperwork, suspicion and the politicizing of economic relationships.

The latest manifestation of this tendency is a revised EU Cybersecurity Act proposed by the European Commission, which would allow Brussels to classify certain countries as states of "cybersecurity concern" and designate companies as "high-risk suppliers" based on vaguely defined "non-technical risks". Suppliers from targeted countries could effectively be excluded from entire supply chains across 18 critical sectors.

This is nothing more than pride and prejudice.

According to a report released by the China Chamber of Commerce to the EU and KPMG on Wednesday, replacing Chinese equipment under the proposed framework could cost the EU as much as €367.8 billion ($432.6 billion) over the next five years. That is equivalent to the GDP of a mid-sized EU economy. Yet Brussels appears willing to absorb the economic pain in pursuit of a strategic doctrine that remains deeply subjective.

The problem lies in how the EU is defining risk. Technical vulnerabilities can be tested, audited and corrected. "Non-technical risks", by contrast, are inherently ambiguous and elastic. Once security becomes detached from verifiable engineering standards, regulation risks becoming an ideological instrument.

As a spokesperson for China's Ministry of Commerce said, the draft law introduces arbitrary standards that weaponize supply chains under the banner of "security", while undermining the principles of market competition and nondiscrimination that the EU itself once championed.

If "high-risk supplier" becomes a geopolitical label, rather than a technical assessment, then any foreign company can theoretically be excluded at any moment in accordance with which way Brussels decides the political wind is blowing.

Former European Central Bank president Mario Draghi's warnings about the EU's competitiveness crisis — a widening productivity gap, slow growth and weakening industrial power that risk a "slow and agonizing death" of the EU's economic model — have not been subtle. Yet they have not been heeded.

Instead, Brussels increasingly behaves like "a regulatory overlord" presiding over a shrinking estate that is being sold off to pay for the upkeep of the manor. The EU is already struggling with sluggish growth, industrial erosion, energy insecurity and declining global competitiveness. It should pause before traveling too far down this road.

As the EU is debating sweeping supplier exclusions, German Foreign Minister Johann Wadephul has reportedly advanced proposals for broad institutional reform within the EU itself, arguing that Europe must adapt more effectively to geopolitical and economic realities. It can't keep centralizing more regulatory authority while becoming further detached from industrial realities.

Some of the EU's lawmakers appear astonishingly distant from the sectors they regulate. Technology legislation is frequently written through the narrow lens of political symbolism rather than operational practicality. Industrial policy becomes performance geopolitics. Business considerations become moral theater.

The consequences are visible. The EU wants green transition leadership while burdening manufacturers with costs competitors do not face. It wants digital sovereignty while depending heavily on imported technologies. It wants strategic autonomy while reducing supplier diversity. The contradictions grow sharper with each new regulatory package it unveils.

The revised EU Cybersecurity Act risks becoming another example of the EU confusing strategic caution with economic self-harm. The irony would be particularly acute in telecommunications and digital infrastructure. Chinese suppliers became deeply embedded in the EU's markets thanks to their high cost-performance and proven reliability. Retrofitting or dismantling large portions of these systems will not magically create stronger European alternatives overnight. It will simply increase the costs for consumers, delay infrastructure upgrades and deepen Europe's investment burden during a period of already weak economic momentum.

The EU speaks the language of openness while practicing selective exclusion. That inconsistency damages its credibility in the world market, where many emerging economies see growing European enthusiasm for "de-risking" as little more than a softer euphemism for economic protectionism.

There is a distinction between rigorous standards and politically expandable categories that can be stretched to fit shifting strategic anxieties. Brussels should reconsider the most problematic aspects of the draft law: the designation of countries of "cybersecurity concern", the ambiguous "non-technical risk" criteria and the sweeping restrictions attached to "high-risk suppliers".

If the EU truly wishes to adapt to a harsher global era, it must reconnect its policymaking and lawmaking with economic realities rather than ideological abstraction. Otherwise, the EU may discover too late that its greatest vulnerability was not foreign technology but its regulatory addiction.