第一财经·2026-01-21 10:14Core Viewpoint - The European Commission has proposed a draft revision of the EU Cybersecurity Act, which aims to phase out "high-risk suppliers" of ICT equipment in critical sectors such as telecommunications, energy, and healthcare, thereby reducing reliance on third-country suppliers and mitigating potential security risks [3][5]. Group 1: Legislative Changes - The draft strengthens the supply chain security management framework by making previously voluntary guidelines mandatory, expanding the scope beyond just 5G networks to include hardware, software, and certain AI models [3][6]. - The new measures will apply to 18 critical sectors recognized by the EU, including telecommunications, cloud services, medical devices, and semiconductor industries [6]. Group 2: Impact on Companies - Although the draft does not explicitly name any countries or companies, it is expected to significantly impact Chinese tech firms like Huawei and ZTE [5][8]. - Mobile operators will have 36 months to gradually eliminate key components from their networks after the "high-risk supplier" list is published, with specific deadlines for fixed networks and other technologies to be determined later [8]. Group 3: Industry Reactions - The European telecommunications lobbying group, Connect Europe, has warned that the forced replacement of existing equipment could impose additional regulatory and replacement costs amounting to billions of euros [9]. - Chinese companies and officials have expressed serious concerns about the proposed measures, arguing that they violate market principles and could hinder investment from Chinese firms in Europe [10][11].