LmCast :: Stay tuned in

EU plans cybersecurity overhaul to block foreign high-risk suppliers

Recorded: Jan. 20, 2026, 7:04 p.m.

Original Summarized

EU plans cybersecurity overhaul to block foreign high-risk suppliers

News

Featured
Latest

Credential-stealing Chrome extensions target enterprise HR platforms

Microsoft releases OOB Windows updates to fix shutdown, Cloud PC bugs

Jordanian pleads guilty to selling access to 50 corporate networks

Ingram Micro says ransomware attack affected 42,000 people

EU plans cybersecurity overhaul to block foreign high-risk suppliers

Gemini AI assistant tricked into leaking Google Calendar data

Microsoft PowerToys adds new CursorWrap mouse 'teleport' tool

Make Identity Threat Detection your security strategy for 2026

Tutorials

Latest
Popular

How to access the Dark Web using the Tor Browser

How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11

How to use the Windows Registry Editor

How to backup and restore the Windows Registry

How to start Windows in Safe Mode

How to remove a Trojan, Virus, Worm, or other Malware

How to show hidden files in Windows 7

How to see hidden files in Windows

Webinars
Downloads

Latest
Most Downloaded

Qualys BrowserCheck

STOPDecrypter

AuroraDecrypter

FilesLockerDecrypter

AdwCleaner

ComboFix

RKill

Junkware Removal Tool

Deals

Categories

eLearning

IT Certification Courses

Gear + Gadgets

Security

VPNs

Popular

Best VPNs

How to change IP address

Access the dark web safely

Best VPN for YouTube

Forums
More

Virus Removal Guides
Startup Database
Uninstall Database
Glossary
Send us a Tip!
Welcome Guide

HomeNewsSecurityEU plans cybersecurity overhaul to block foreign high-risk suppliers

EU plans cybersecurity overhaul to block foreign high-risk suppliers

By Sergiu Gatlan

January 20, 2026
01:54 PM
0

The European Commission has proposed new cybersecurity legislation mandating the removal of high-risk suppliers to secure telecommunications networks and strengthening defenses against state-backed and cybercrime groups targeting critical infrastructure.
This move follows years of frustration over the uneven application of the EU's voluntary 5G Security Toolbox, introduced in January 2020 to encourage member states to limit reliance on high-risk vendors.
Although the proposal does not name specific companies, EU officials have expressed concerns about Chinese tech companies (such as Huawei and ZTE) when the 5G Security Toolbox was implemented.

The new cybersecurity package would grant the Commission authority to organize EU-wide risk assessments and to support restrictions or bans on certain equipment used in sensitive infrastructure. EU member states would also jointly assess risks across the EU's 18 critical sectors based onthe suppliers' countries of origin and national security implications.
"Cybersecurity threats are not just technical challenges. They are strategic risks to our democracy, economy, and way of life," EU tech commissioner Henna Virkkunen said today. 
"With the new Cybersecurity Package, we will have the means in place to better protect our critical ICT supply chains but also to combat cyber attacks decisively. This is an important step in securing our European technological sovereignty and ensuring a greater safety for all."

The legislation also includes a revised Cybersecurity Act, designed to secure information and communication technology (ICT) supply chains, that mandates removing high-risk foreign suppliers from European mobile telecommunications networks.
The revised Cybersecurity Act will also streamline certification procedures for companies, allowing them to reduce regulatory burdens and costs through voluntary certification schemes managed by the EU Agency for Cybersecurity (ENISA).
As the Commission further explained, the new legislation empowers ENISA to issue early threat alerts, operate a single entry point for incident reporting, and help companies in responding to ransomware attacks, in cooperation with Europol and computer security incident response teams. 
ENISA will also establish EU-wide cybersecurity skills attestation schemes and pilot a Cybersecurity Skills Academy to build a European cybersecurity workforce.
The Cybersecurity Act will take effect immediately upon approval by the European Parliament and the Council of the EU, with member states having one year to implement cybersecurity amendments into national law.

7 Security Best Practices for MCP
As MCP (Model Context Protocol) becomes the standard for connecting LLMs to tools and data, security teams are moving fast to keep these new services safe.
This free cheat sheet outlines 7 best practices you can start using today.
Download Now

Related Articles:
Why a secure software development life cycle is critical for manufacturersEU fines X $140 million over deceptive blue checkmarksMake Identity Threat Detection your security strategy for 2026Webinar: Aligning cybersecurity purchases with what your SOC team needsHow to automate just-in-time access to applications with Tines

Cybersecurity
EU
European Commission
European Union
Supply Chain

Sergiu Gatlan
Sergiu is a news reporter who has covered the latest cybersecurity and technology developments for over a decade. Email or Twitter DMs for tips.

Previous Article

Post a Comment Community Rules

You need to login in order to post a comment

Not a member yet? Register Now

You may also like:

Popular Stories

Microsoft releases OOB Windows updates to fix shutdown, Cloud PC bugs

Credential-stealing Chrome extensions target enterprise HR platforms

Malicious GhostPoster browser extensions found with 840,000 installs

Sponsor Posts

Identity Governance & Threat Detection in one: Get a guided tour of our platform

Discover how to scale IT infrastructure reliably without adding toil or burnout.

New webinar: Choose-your-own-investigation walkthrough of modern browser attacks

  Upcoming Webinar

Follow us:

Main Sections

News
Webinars
VPN Buyer Guides
SysAdmin Software Guides
Downloads
Virus Removal Guides
Tutorials
Startup Database
Uninstall Database
Glossary

Community

Forums
Forum Rules
Chat

Useful Resources

Welcome Guide
Sitemap

Company

About BleepingComputer
Contact Us
Send us a Tip!
Advertising
Write for BleepingComputer
Social & Feeds
Changelog

Terms of Use - Privacy Policy - Ethics Statement - Affiliate Disclosure

Copyright @ 2003 - 2026 Bleeping Computer® LLC - All Rights Reserved

Login

Username

Password

Remember Me

Sign in anonymously

Sign in with Twitter

Not a member yet? Register Now


Reporter

Help us understand the problem. What is going on with this comment?

Spam

Abusive or Harmful

Inappropriate content

Strong language

Other

Read our posting guidelinese to learn what content is prohibited.

Submitting...
SUBMIT

The European Commission has proposed a significant overhaul of the EU’s cybersecurity strategy, primarily driven by persistent concerns regarding the security of telecommunications networks and critical infrastructure. This initiative, outlined in a January 2026 proposal, directly responds to the limitations observed with the existing 5G Security Toolbox implemented in 2020. The Toolbox, intended to mitigate reliance on high-risk vendors, particularly Chinese tech firms like Huawei and ZTE, proved insufficient, prompting this expanded intervention.

The core of the new cybersecurity package grants the Commission authority to conduct EU-wide risk assessments and to initiate restrictions or bans on equipment utilized within sensitive sectors. Member states will jointly assess risks predicated on the supplier’s country of origin and associated national security implications. Commissioner Henna Virkkunen emphasized the strategic nature of these threats, framing them not simply as technical challenges but as significant risks to democracy, the economy, and European society.

A revised Cybersecurity Act is central to the proposal. It mandates the removal of high-risk foreign suppliers from European mobile telecommunications networks. Streamlining certification processes through voluntary schemes managed by the European Agency for Cybersecurity (ENISA) is also a key component, aiming to reduce regulatory burdens and costs for companies. ENISA will operate as a central point for incident reporting, issue early threat alerts, and facilitate responses to ransomware attacks in collaboration with Europol and computer security incident response teams. Furthermore, ENISA intends to establish EU-wide cybersecurity skills attestation schemes and implement a Cybersecurity Skills Academy to bolster the European cybersecurity workforce.

The legislation is slated for immediate implementation upon approval by the European Parliament and the Council of the EU, with member states having one year to incorporate cybersecurity amendments into their national laws. These actions address concerns about supply chain vulnerabilities and bolster overall European technological sovereignty, according to the Commission. ENISA will play a key role in coordinating these efforts, acting as a central hub for information sharing and incident response, marking a significant escalation in the EU’s proactive approach to cybersecurity threats.