CCCEU Statement on the European Commission's new cybersecurity package

January 21, 2026, Brussels

The China Chamber of Commerce to the EU (CCCEU) expresses its serious concern and firm opposition to the European Commission's proposal to expand the scope of the Cybersecurity Act (CSA 2) and introduce mandatory, time-bound exclusion measures for high-risk suppliers across multiple critical sectors.

CCCEU recognises the importance of cybersecurity and the protection of critical infrastructure. However, we strongly oppose the mandatory, blanket exclusion policies, which risk disrupting normal market operations and imposing serious negative consequences on Europe's digital development and industrial competitiveness.

In sectors such as ICT and digital infrastructure—where China EU trade and industrial interdependence involve billions of euros—forced exclusion of established suppliers could drive up costs, limit vendor diversity, delay network upgrades, and undermine Europe's innovation capacity and global competitiveness.

The Chamber underlines that forced exclusion should not be conflated with "de-risking", as it amounts to a government-led, systemic form of exclusion justified on security grounds. Security achieved at the expense of limiting technological choices and restricting market openness is neither sustainable nor credible. Europe's competitiveness has long relied on open markets, fair competition, and deep integration into global value chains. Implementing forced exclusion would constitute self-inflicted harm to Europe's digital and industrial base.

Furthermore, CCCEU is deeply concerned about the systemic trade implications of these measures. Transitioning to mandatory, cross-sector exclusions raises serious questions regarding proportionality, non-discrimination, and consistency with WTO rules. Overly broad application of security exceptions, or the use of such exceptions based on a supplier's "nationality" or country of origin, risks undermining multilateral trade norms, fragmenting global supply chains, and triggering trade disputes.

CCCEU therefore calls on the European Commission, the European Parliament and EU Member States to:

·Halt the promotion of mandatory exclusion measures;

·Maintain a technology-neutral, evidence-based, and proportionate approach to cybersecurity;

·Safeguard Europe's long-term competitiveness, innovation capacity, and digital leadership;

·Ensure full compliance with WTO rules and international trade commitments;

·Engage in meaningful and constructive dialogue with industry stakeholders, including both EU and non-EU companies.

CCCEU remains committed to constructive engagement and stands ready to cooperate with EU institutions to foster a cybersecurity framework that ensures security without compromising competitiveness, openness, or Europe's position in the global digital economy.