The European Commission has set out a series of concrete actions to “deepen its engagement with China to promote common interests,” the bloc’s top officials said on Tuesday (12 March). However, MEPs voiced concerns over “embedded backdoors” in Chinese tech that may put personal data in the EU at risk.
“Europe and China are very important partners…the EU must deepen its cooperation with China, for the benefit of us all,” Commission Vice-President Jyrki Katainen told reporters in Strasbourg, outlining a ten-step plan to increase cooperation between the two parties.
EU Foreign Affairs Chief Federica Mogherini said in a statement that the EU and China will “pursue strong bilateral and multilateral cooperation on files where we share interests… and we are willing to keep engaging robustly where our policies differ or compete.”
“This is the aim of the 10 actions that we are proposing to strengthen our relations with China, in a spirit of mutual respect,” she added.
EU-China Action Plan
The plan falls into five broader areas: Collaboration across climate change issues and multilateralist policy dialogue, as well as international peace and economic development programmes, rebalancing the EU-China trade and investment deficit, strengthening the EU’s competitiveness globally, and ensuring the security of the EU’s critical infrastructure.
In the last field, the Commission took note of recent cybersecurity concerns in the EU’s deployment of 5G infrastructure manufactured by Chinese companies.
“Any vulnerability in 5G networks could be exploited in order to compromise such systems and digital infrastructure – potentially causing very serious damage,” the Commission’s communication reads.
As such, Action 9 of the plan calls directly for a “common approach to the security of 5G networks” and adds that the Commission will issue a recommendation to member states in this area.
MEPs make a stand
The publication of the Commission’s commitments in EU-China affairs contrasted with calls made by members of the European Parliament for more stringent measures on the security of the bloc’s 5G infrastructure, in light of Chinese worries.
The resolution adopted by MEPs only an hour before Katainen’s statement “expresses deep concern…that 5G equipment developed by Chinese companies may have embedded backdoors that would allow…unauthorised access to private and personal data.”
Moreover, “concerned about the potential presence of major vulnerabilities in the 5G equipment developed by these manufacturers,” MEPs called on the Commission to provide guidance on how to face cyber threats when procuring 5G equipment and on how Europe can reduce its dependence on foreign cybersecurity technology.
On these points, in particular, it seems as though the EU will take concrete steps, following the Commission’s commitment to develop a common 5G security approach.
Parliament also urged the Commission to give the EU’s cybersecurity agency, ENISA, the authority to develop a specific 5G certification scheme to ensure that the future rollout of high-speed telecommunication networks meets the highest standards and is resilient to backdoors.
The Italian Problem
Tuesday’s developments come a week after EURACTIV revealed a confidential memorandum of understanding between the Chinese and Italian governments, whereby the Chinese state hopes to cooperate with Italy in the development of telecommunications networks in the Mediterranean country, as part of the Belt and Road Initiative.
The Belt and Road Initiative is China’s landmark development plan involving infrastructure and investments stretching across more than 80 countries in Europe, Asia and Africa, making it the largest infrastructure project in history.
Katainen told reporters in Strasbourg on Tuesday that the Commission regards China’s Belt and Road Initiative as a “potentially positive initiative,” but added that “whether it is beneficial or not depends on the final concrete implementation”.
Asked by @EURACTIV's @SamuelStolton about #Italy–#China memorandum of understanding, @jyrkikatainen said the agreement is not signed yet and he has not yet seen the text. When and if it'll be signed, the Commission will analyse it in the same way as it does with other agreements,
— Gerardo Fortuna (@gerardofortuna) March 12, 2019
Following EURACTIV’s discovery, White House Security Spokesperson Garrett Marquis said China’s Belt and Road Initiative is nothing more than a “vanity project” that Italy should avoid.
The US pressure on Italy following the disclosure of China’s plans in the EU has been revealing, with senior figures in the Italian government reacting with unease at the prospect of upsetting the Americans.
Italian Deputy Prime Minister Luigi Di Maio responded by saying the aim of Italy’s collaboration in China’s long term development plans was for economic and not political objectives.
“I have heard the alarm being raised from the United States yesterday about this deal on the Silk Road that Italy wants to sign with China,” Di Maio said at a recent event staged by his Five Star Movement party.
“Let it be clear that, if we are looking at the Silk Road towards China for our exports, it is not to strike a political deal with China but only to help our companies.”
In a further example of diplomatic pressure from the US on the EU, the US ambassador to Germany Richard Grenell warned German officials on Monday (11 March) that using equipment from Chinese telecoms companies such as Huawei and ZTE may result in a cutback on intelligence sharing between the Americans and the Germans.
Huawei attempted to quell the fears, with a spokesperson for the company saying that “cybersecurity is a challenge we all share,” and that “vendors, governments and operators need to make collaborative efforts to address the issue and to work together to develop a unified standard.”
In a move the EU hopes will further bolster its cybersecurity clout on the global stage, MEPs formally adopted the EU Cybersecurity Act by 586 votes to 44 on Tuesday.
The new measures establish the first EU-wide cybersecurity certification scheme, ensuring that certified products, processes and services sold in EU countries meet cybersecurity standards, whilst also giving more power to the EU’s cybersecurity agency.
The rapporteur for the file, EPP’s Angelika Niebler, was upbeat about the plans.
“The legislation is a cornerstone for Europe to become a global player in cybersecurity,” she said after Tuesday’s vote. “Consumers, as well as the industry, need to be able to trust IT-solutions.”
The Council is now expected to swiftly approve the plans, after which the regulation enters into force 20 days after being published in the official EU journal.
In a related piece of cybersecurity legislation this week, MEPs are also due to vote on a proposal to establish a new EU Competence Centre to strengthen the EU’s cybersecurity capability on Wednesday.
[Edited by Zoran Radosavljevic]