European sovereignty: the China factor
The current debate on European digital sovereignty largely targets American tech, while 5G infrastructure sovereignty and security are often sidelined as "non-priority" or "too expensive".
Today, European social media is buzzing with reactions to the Spanish Ministry of the Interior’s decision to purchase data management and storage services from China’s Huawei - for handling highly sensitive data used by Spanish intelligence and law enforcement agencies.
It seems like the current debate around European digital and technological sovereignty is largely focused on limiting the role of American digital and cloud service providers. Meanwhile, the sovereignty and security debate around Chinese technology - such as 5G infrastructure - is often pushed to the sidelines as a “non-priority” or dismissed as “too expensive to replace".
European alternatives exist
Until now, the EU has only a non-binding 5G security toolbox, and the European 5G rollout is still very much reliant on the Chinese vendors.
While many mobile operators have started introducing measures to “diversify” their infrastructure vendors, and while reliance on Chinese vendors dropped in 2022 (to roughly 32%), the numbers aren’t falling further - indicating that some Member States are simply not choosing to invest in European alternatives, and that the EU will have to step in with more mandatory measures.
European providers like Sweden’s Ericsson and Finland’s Nokia are well-positioned to offer viable alternatives and clearly align with the EU’s broader goals of technological sovereignty, security, and supporting European champions.
Debate to watch: Cybersecurity Act
There have been discussions in the past about including mandatory requirements for 5G infrastructure security in the Digital Networks Act, however, it does seem like the Cybersecurity Act may become the central point instead.
On 11 April 2025, the Commission launched a public consultation aimed at revising the Cybersecurity Act, which may “introduce further security obligations in relation to supply chain security”, including provisions for 5G infrastructure”.
The Danish Presidency of the Council of the EU intends to begin discussions on the Cybersecurity Act in December 2025. However, it remains uncertain whether the draft will be ready in time for those talks.
It is also unclear whether those strongly advocating for introducing network fees on content and application providers (CAPs) under the Digital Networks Act would show the same level of support for mandatory security obligations under the Cybersecurity Act.
It would be fair if they did - otherwise, taxing American companies so that European mobile operators can purchase Chinese equipment - while simultaneously making American services more expensive for European consumers - would seem, at best, hypocritical and counterproductive.
