Europe’s telecoms standards body has fired an early warning shot at Brussels’ next cybersecurity overhaul, arguing that plans to shut out so-called “high-risk” foreign suppliers from standards work could backfire on the EU’s competitiveness and global influence.
In a letter, shared with Resilience Media ahead of publication on Thursday, the European Telecommunications Standards Institute (ETSI) takes aim at elements of the European Commission’s proposed Cybersecurity Act 2 (CSA2), particularly provisions that would bar companies linked to countries deemed cybersecurity risks from participating in standardisation tied to EU mandates.
The Commission’s proposal would allow such firms to be formally designated and excluded from developing, assessing, or approving cybersecurity standards under the European system.
ETSI does not dispute the broader goal. The draft law is part of a wider push to tighten the bloc’s cybersecurity posture amid geopolitical tensions, strengthen the role of the European Union Agency for Cybersecurity, and align standards more closely with certification frameworks. It even backs a coordinated EU approach to supply chain risks over fragmented national rules.
ETSI warns that restricting contributors would make it harder for Europe to produce standards that carry weight internationally, potentially decoupling the EU’s system from global bodies such as the International Organization for Standardization and the International Electrotechnical Commission. That, in turn, could blunt Europe’s ability to shape emerging technologies – from AI and quantum security to 5G and IoT – where standards often determine market direction.
There is also a competitiveness angle. ETSI cautions that excluding certain players could reduce the quality of technical input and slow innovation, at a time when the EU is trying to assert leadership in cybersecurity and digital infrastructure. “Unrestricted participation by all relevant actors is necessary” to ensure standards are globally adopted and effective, it notes.
The institute points to past attempts to politicise standards – including US restrictions on Chinese firms’ participation in telecoms work – as a cautionary tale, arguing such moves ultimately had to be softened to avoid fragmenting global processes.
