On Thursday, members of the Bundestag approved legislation that would give the interior ministry new tools to ban the use of components from certain manufacturers in critical sectors due to cybersecurity risks. These measures are similar to what EU countries have done in the telecommunications sector, but the new German law applies to a much wider range of sectors – including energy, transport and healthcare.
On Thursday, German Chancellor Friedrich Merz signaled a tougher stance towards Chinese tech giant Huawei. At a business conference in Berlin he announced that “will not allow any components from China in the 6G network”. Merz is scheduled to discuss the issue at a major digital sovereignty summit next week, co-hosted by Germany and France.
The new scrutiny on supply chain security in the EU's largest economy – a manufacturing powerhouse with a complex relationship with China – comes as the European Union considers how to best deal with cyber threats in supply chains dominated by Chinese companies.
Governments are looking beyond the telecommunications sector, pushing for action in areas such as solar energy and connected cars. European cybersecurity officials are finalizing a toolkit for the communications technology supply chain to help governments mitigate risks. The European Commission is preparing a review of its Cybersecurity Act to address this issue. It was scheduled for January.
“This helps lay the groundwork to push Huawei out of the 5G network.”
German regulations implement the EU's NIS2 directive, the law on cybersecurity of critical infrastructure. The Bundesrat, the upper house of Germany's parliament, still needs to adopt the bill, which is expected next Friday.
The key question is whether Germany will be willing to use its powers, says Noah Barkin, senior adviser at the Rhodium Group think tank. On telecommunications, “it helps lay the groundwork to push Huawei out of the 5G network, but does not guarantee that there will be political will to make such a decision“, he adds.
“Threats do not stop at sectoral borders”
The Ministry of the Interior can already block telecommunications operators from using certain components under the existing German IT Security Act. The 2021 amendment to the law was widely seen as an attempt to eliminate Chinese companiessuch as Huawei and ZTE, from telecommunications networks due to cybersecurity concerns.
The Ministry of Interior intervened in this matter in 2024, but has never formally blocked the use of specific components under these regulations.
5G antenna. Illustrative photoFrancesca_Bluth / Shutterstock
In the case of the new cybersecurity law, the government originally proposed extending the measures applicable to the telecommunications industry to also cover the electricity sector. However, the version adopted by parliament now applies to all critical sectors, which under EU NIS2 law include areas such as transport, healthcare and digital infrastructure.
Johannes Schaetzl, MP and spokesman for the Social Democrats on digital policy, says this is a “logical step because cyber and hybrid threats do not stop at sectoral borders.”
Resistance from politicians and entrepreneurs
Under the draft law, the Ministry of Home Affairs will be obliged to consult with other government bodies when considering bans or blocks of certain suppliers.
In the past, some ministries, such as the Digital and Economic Affairs departments, have been more reluctant to ban Chinese components, partly due to fears of economic retaliation from Beijing.
Industry may also resist new measures. German technology trade association Bitkom said on Thursday that the effects of new regulations may be unpredictable and therefore “harmful”.
