The fresh scrutiny for supply chain security in the EU’s largest economy — a manufacturing powerhouse with a complex relationship with China — comes at a time when the European Union is considering how best to tackle cyber risks in supply chains dominated by Chinese firms.
Governments are looking beyond the telecom sector, pushing for action in areas such as solar power and connected cars. European cybersecurity officials are finalizing an ICT Supply Chain Toolbox to help governments mitigate the risks, and the European Commission is preparing an overhaul of its Cybersecurity Act to address the issue, expected in January.
The German legislation implements the EU’s NIS2 Directive, a critical infrastructure cybersecurity law. The Bundesrat, Germany’s upper legislative chamber, still has to sign off on the bill, which is expected next Friday.
The key question is whether Germany is willing to use its powers, said Noah Barkin, a senior advisor at Rhodium Group, a think tank. On telecoms, “this helps lay the groundwork for pushing Huawei out of the 5G network, but it doesn’t guarantee that the political will will be there to take that decision,” he said.
The Interior Ministry could already block telecom operators from using particular components under an existing German IT security law. The law’s 2021 revision was widely seen as an attempt to get Chinese firms like Huawei and ZTE out of telecom network due to fears of cybersecurity and security risks. The Interior Ministry intervened in 2024, but it has never formally blocked the use of specific components under that law.
For its new cyber law, the government originally proposed to extend the measures applying to the telecom industry to the electricity sector as well. But parliament’s version now applies to all critical sectors, which under the EU’s NIS2 law includes areas such as transport, health care and digital infrastructure.
