The European Commission’s proposals released on Tuesday about security in EU 5G networks, clearly aimed at limiting Huawei’s involvement, comprised the usual attempts to exhort and co-ordinate member states rather than compel them to act with actual legislation.
To a large extent this was born of necessity: national security is a competency of member states. However, the lack of centralising initiative was not for want of imagination by commission officials, who combed through existing legislation and member state decisions trying to find a way to impose a harmonised approach across the EU.
It is a pattern repeated in a variety of policy areas associated with trade, including government procurement and the screening of foreign direct investment for threats to national security. The rise of China has created a debate about whether an EU with devolved authority can effectively engage with a highly centralised rising economic and political superpower. But shifting power to EU-wide institutions, trampling on national autonomy, is frequently a painful process.
In the case of 5G, commission officials have been concerned about the influence of Huawei over networks in the EU, and the likelihood that some member states will give in to Chinese pressure not to exclude it. In formulating its proposal, the commission tried to cast around and find an instrument that allowed it as much influence as possible over the member states.
The commission could have tried using some tools it already has, such as its new cyber security rules that set up an EU-wide certification scheme for connected devices. It could also have attempted to use EU privacy rules under data protection legislation if Huawei was suspected of transferring data out of the EU. And the European Electronic Communications Code, the new telecoms regulation that was introduced at the end of last year, also contains security provisions.
欧盟委员会本可以尝试利用一些现有工具，比如新的网络安全规则，该规则为联网设备制定了一个全欧盟范围的认证方案。如果华为涉嫌把数据转移出欧盟，欧盟委员会本来也可以试着根据数据保护法，使用欧盟的隐私规则。去年年底出台的新电信行业法规《欧洲电子通信规范》(European Electronic Communications Code)也包含了安全条款。
In the end, rather than the strategy of making a bold bid for centralisation that it tried with its investment screening and government procurement proposals, the commission went for a minimalist approach. Underlining its lack of clout, it merely issued non-binding recommendations including member states conducting risk assessments to be combined into an EU-wide analysis that might end up providing guidance to the commission for actions at EU level down the line.
There is a sound political economy reason to move competencies to EU level, to enable individual member states to resist bullying. It is far easier for a small country, which might also want to do business with China in other areas, to say that it cannot accept Huawei in its 5G network because of EU regulations.
But it is all too easy for the commission to use that united-we-stand argument to cover a general power-grab, as indeed it did in the government procurement instrument it pushed forward recently. Huawei and 5G looks like a much more legitimate subject for centralisation. But it still comes up against an instinctive member state’s reluctance to have Brussels push them about. On this occasion, the commission has decided to move slowly.