EU Unveils Plan to Shield Citizens from ‘High-Risk’ Tech Suppliers
January 21, 2026
The European Commission has unveiled a revised Cybersecurity Act aimed at blocking “high-risk” foreign tech suppliers from key infrastructure — a strategy that extends beyond telecom backbones and into the devices consumers bring into their homes.
Under the proposed changes to the EU’s cybersecurity framework, member states will be required to phase out components from foreign “high-risk” suppliers in critical sectors — a move widely seen as targeting equipment from sources such as Chinese vendors flagged for potential security concerns.
While no specific companies are named, the “high-risk” label reflects earlier EU efforts to curb reliance on suppliers considered susceptible to external influence.
But this overhaul doesn’t stop at cellular towers and government networks. It builds on a broader EU strategy to harden every link in the digital ecosystem, from data centers to an array of consumer devices.
Why the EU is acting
“The Cybersecurity Act will enable the mandatory derisking of European mobile telecommunications networks from high-risk third-country suppliers, building on the work already carried out under the 5G security toolbox,” according to the press release.
Cyber threats have grown more sophisticated and pervasive, targeting not only national infrastructure but also citizen’s homes.
The sprawling Internet of Things (IoT) — everything from connected doorbells to smart thermostats — increases the number of vulnerable entry points for attacks. Many of these products, once on store shelves, have historically lacked basic security safeguards, leaving users exposed to hacks, data theft and botnet recruitment.
This concern was recognized in previous EU policy initiatives, such as the Cyber Resilience Act (CRA), which came into force in late 2024 and mandates baseline security requirements for all digital products sold in the EU — from hardware and software to devices with “digital elements.” Under the CRA, devices must be designed, updated and maintained with cybersecurity in mind.
“Cybersecurity threats are not just technical challenges,” said Henna Virkkunen, executive vice-president for Tech Sovereignty, Security and Democracy. “They are strategic risks to our democracy, economy, and way of life. With the new Cybersecurity Package, we will have the means in place to better protect our critical ICT supply chains but also to combat cyber attacks decisively. This is an important step in securing our European technological sovereignty and ensuring a greater safety for all.”
What it means for you
For shoppers and businesses alike, the EU’s layered approach means:
· Better security by design: Devices that connect to the internet — whether marketed directly to consumers or used in business settings — will need to meet stronger cybersecurity standards to be sold in the EU. These include secure development processes, vulnerability reporting and automatic updates, where applicable.
· Fewer insecure imports: Products or components from suppliers deemed “high-risk” will face exclusion from EU supply chains, reducing the odds that insecure technology ends up in homes or networks.
· ‘CE’ mark: The familiar Conformité Européenne (CE) marking — already a requirement for many products in the EU — will also signal compliance with strict cybersecurity safeguards.
Broader context: rising cyber threats
Recent reports from the EU Agency for Cybersecurity (ENISA) underscore the urgency of such changes, identifying gaps in cybersecurity preparedness and evolving threat landscapes across sectors.
Meanwhile, other regulation — like the NIS2 Directive — has broadened cybersecurity obligations for critical service operators across the EU, tying the security of public services and infrastructure more tightly to robust risk management.
For anyone who owns smart products (i.e. connected appliances), these reforms could translate into fewer security flaws, fewer surprise vulnerabilities, and more transparency for the safety of the technology we rely on.
UK’s own plan to protect thwart cyber threats
The UK, for its part, has published a Government Cyber Action Plan to bolster cyber defenses across government departments and public services. The initiative, backed by more than £210 million in funding, aims to strengthen digital resilience, improve incident response and protect benefits, tax systems, healthcare platforms and other citizen-facing services from cyberattacks. The plan is deemed a pillar of the UK strategy to secure its digital infrastructure amid rapid public sector digitization.
You may also want to read:
European Space Agency Confirms New Data Breach; Classified Info May Have Been Stolen
tags
Author
Filip has 17 years of experience in technology journalism. In recent years, he has focused on cybersecurity in his role as a Security Analyst at Bitdefender.
View all postsRight now Top posts
How Do You Manage Your Passwords? We Ask Netizens
December 18, 2025
Cybercriminals Use Fake Leonardo DiCaprio Film Torrent to Spread Agent Tesla Malware
December 11, 2025
FOLLOW US ON SOCIAL MEDIA
You might also like
Bookmarks
