2019/2575(RSP) | [ParlTrack]

download json

2019/2575(RSP) Security threats connected with the rising Chinese technological presence in the EU and possible action on the EU level to reduce them

Progress: Procedure completed

Legal Basis:

RoP 132-p2

Subjects

Events

2019/08/30

EC - Commission response to text adopted in plenary

Documents

SP(2019)444

2019/03/12

EP - Motion for a resolution

Documents

B8-0153/2019

2019/03/12

EP - Motion for a resolution

Documents

B8-0154/2019

2019/03/12

EP - Motion for a resolution

Documents

B8-0155/2019

2019/03/12

EP - Motion for a resolution

Documents

B8-0159/2019

2019/03/12

EP - Motion for a resolution

Documents

B8-0160/2019

2019/03/12

EP - Motion for a resolution

Documents

B8-0162/2019

2019/03/12

EP - Motion for a resolution

Documents

B8-0164/2019

2019/03/12

Joint motion for resolution

Documents

RC-B8-0154/2019

2019/03/12

EP - Results of vote in Parliament

Documents

Results of vote in Parliament

2019/03/12

EP - Decision by Parliament

Details

The European Parliament adopted a resolution on security threats connected with the rising Chinese technological presence in the EU and possible action on the EU level to reduce them.

The resolution was tabled by the EPP, S&D, ALDE, and Greens/EFA groups.

Parliament expressed deep concern about the recent allegations that 5G equipment developed by Chinese companies may have embedded backdoors that would allow manufacturers and authorities to have unauthorised access to private and personal data and telecommunications from the EU. It was equally concerned about the potential presence of major vulnerabilities in the 5G equipment developed by these manufacturers if they were to be installed when rolling out 5G networks in the coming years. Members noted that in December 2018, the Czech national authority for cybersecurity issued a warning against security threats posed by the technologies provided by the Chinese companies Huawei and ZTE, and that in January 2019, the Czech tax authorities excluded Huawei from a tender to build a tax portal.

Parliament went on to note that concerns were raised about third-country equipment vendors that might present a security risk for the EU due to the laws of their country of origin, especially after the enactment of the Chinese State Security Laws, which impose obligations on all citizens and enterprises to cooperate with the state, in connection with a very broad definition of national security. In particular, the Chinese state security laws have triggered reactions in various countries, ranging from security assessments to outright ban. Stressing that there is no guarantee that these obligations are not applied extraterritorially, Members indicated that the benefits of the single market come with the obligation to comply with EU standards and the Union’s legal framework, and consequently, suppliers should not be treated differently on the basis of their country of origin.

Parliament called on the Commission to:

- provide guidance, in cooperation with the EU Agency for Network and Information Security (ENISA), on how to tackle cyber threats and vulnerabilities when procuring 5G equipment, for example by diversifying equipment from different vendors or introducing multi-phase procurement processes;

- mandate ENISA to make it a priority to work on a certification scheme for 5G equipment in order to ensure that the rollout of 5G in the Union meets the highest security standards and is resilient to backdoors or major vulnerabilities that would endanger the security of the Union’s telecommunication networks and dependent services. Certification should not, however, exclude competent authorities and operators from scrutinising the supply chain in order to ensure the integrity and security of their equipment that operates in critical environments and telecom networks;

- assess the robustness of the Union’s legal framework in order to address concerns about the presence of vulnerable equipment in strategic sectors and backbone infrastructure, and present initiatives, including legislative proposals where appropriate, to address any shortfalls detected, since the Union is in a constant process of identifying cybersecurity challenges.

At the same time, Parliament called on Member States to inform the Commission of any national measure they intend to adopt in order to coordinate the Union’s response. It reiterates the importance of refraining from introducing disproportionate unilateral measures that would fragment the single market. It stressed the need to develop a strategy aimed at reducing Europe’s dependency on foreign technology in the field of cybersecurity.

Parliament urged those Member States that have not yet fully transposed the Directive (EU) 2016/1148 concerning measures for a high common level of security of network and information systems across the Union (the NIS Directive) to do so without delay, and to make sure that the reporting mechanisms introduced by the NIS Directive are properly applied. The Commission was asked to assess the need to further enlarge the scope of the NIS Directive to other critical sectors and services that are not covered by sector-specific legislation.

Member States were also asked to:

- ensure that public institutions and private companies involved in ensuring the proper functioning of critical infrastructure networks such as telecoms, energy, health and social systems, undertake relevant risk assessments that take into account the security threats specifically linked to technical features of the respective system or dependence on external suppliers of hardware and software technologies;

- make security an obligatory aspect in all public procurement procedures for relevant infrastructure at both EU and national level;

- impose sanctions on legal persons that have committed criminal offences such as attacks against such systems, in accordance with Directive 2013/40/EU on attacks against information systems;

- report to the Commission and ENISA any evidence of backdoors or other major vulnerabilities that could compromise the integrity and security of telecoms networks or infringe Union law and fundamental rights.

Lastly, Parliament welcomed the upcoming entry into force of a regulation establishing a framework for the screening of foreign direct investments (FDI), underlining that this regulation establishes for the first time a list of areas and factors, including communications and cybersecurity, which are relevant for security and public order at EU level.

Documents

T8-0156/2019

2019/03/12

EP - End of procedure in Parliament

2019/02/13

EP - Debate in Parliament

Documents

Debate in Parliament

Documents

Commission response to text adopted in plenary: SP(2019)444
Motion for a resolution: B8-0153/2019
Motion for a resolution: B8-0154/2019
Motion for a resolution: B8-0155/2019
Motion for a resolution: B8-0159/2019
Motion for a resolution: B8-0160/2019
Motion for a resolution: B8-0162/2019
Motion for a resolution: B8-0164/2019
Joint motion for resolution: RC-B8-0154/2019
Results of vote in Parliament: Results of vote in Parliament
Decision by Parliament: T8-0156/2019
Debate in Parliament: Debate in Parliament
Motion for a resolution: B8-0153/2019
Motion for a resolution: B8-0154/2019
Motion for a resolution: B8-0155/2019
Motion for a resolution: B8-0159/2019
Motion for a resolution: B8-0160/2019
Motion for a resolution: B8-0162/2019
Motion for a resolution: B8-0164/2019
Joint motion for resolution: RC-B8-0154/2019
Commission response to text adopted in plenary: SP(2019)444

Activities

Ivo BELET
Institutional Motions (1)
- 2016/11/22 MOTION FOR A RESOLUTION on security threats connected with the rising Chinese technological presence in the EU and possible action at EU level to reduce them PDF (142 KB) DOC (56 KB)
Eleonora FORENZA
Institutional Motions (1)
- 2016/11/22 MOTION FOR A RESOLUTION on security threats connected with the rising Chinese technological presence in the EU and possible action at EU level to reduce them PDF (136 KB) DOC (54 KB)
Hans-Olaf HENKEL
Institutional Motions (1)
- 2016/11/22 MOTION FOR A RESOLUTION on security threats connected with the rising Chinese technological presence in the EU and possible action at EU level to reduce them PDF (136 KB) DOC (53 KB)
Peter KOUROUMBASHEV
Institutional Motions (1)
- 2016/11/22 MOTION FOR A RESOLUTION on security threats connected with the rising Chinese technological presence in the EU and possible action at EU level to reduce them PDF (141 KB) DOC (50 KB)
Kostadinka KUNEVA
Institutional Motions (1)
- 2016/11/22 MOTION FOR A RESOLUTION on security threats connected with the rising Chinese technological presence in the EU and possible action at EU level to reduce them PDF (136 KB) DOC (54 KB)
Rolandas PAKSAS
Institutional Motions (1)
- 2016/11/22 MOTION FOR A RESOLUTION on security threats connected with the rising Chinese technological presence in the EU and possible action at EU level to reduce them PDF (139 KB) DOC (47 KB)
Paul RÜBIG
Institutional Motions (1)
- 2016/11/22 MOTION FOR A RESOLUTION on security threats connected with the rising Chinese technological presence in the EU and possible action at EU level to reduce them PDF (142 KB) DOC (56 KB)
Dario TAMBURRANO
Institutional Motions (1)
- 2016/11/22 MOTION FOR A RESOLUTION on security threats connected with the rising Chinese technological presence in the EU and possible action at EU level to reduce them PDF (139 KB) DOC (47 KB)

History

(these mark the time of scraping, not the official date of the change)

2021-12-18Show (11) Changes | Timetravel

docs/0/docs/0/url	Old http://www.europarl.europa.eu/doceo/document/B-8-2019-0153_EN.html New https://www.europarl.europa.eu/doceo/document/B-8-2019-0153_EN.html
docs/1/docs/0/url	Old http://www.europarl.europa.eu/doceo/document/B-8-2019-0154_EN.html New https://www.europarl.europa.eu/doceo/document/B-8-2019-0154_EN.html
docs/2/docs/0/url	Old http://www.europarl.europa.eu/doceo/document/B-8-2019-0155_EN.html New https://www.europarl.europa.eu/doceo/document/B-8-2019-0155_EN.html
docs/3/docs/0/url	Old http://www.europarl.europa.eu/doceo/document/B-8-2019-0159_EN.html New https://www.europarl.europa.eu/doceo/document/B-8-2019-0159_EN.html
docs/4/docs/0/url	Old http://www.europarl.europa.eu/doceo/document/B-8-2019-0160_EN.html New https://www.europarl.europa.eu/doceo/document/B-8-2019-0160_EN.html
docs/5/docs/0/url	Old http://www.europarl.europa.eu/doceo/document/B-8-2019-0162_EN.html New https://www.europarl.europa.eu/doceo/document/B-8-2019-0162_EN.html
docs/6/docs/0/url	Old http://www.europarl.europa.eu/doceo/document/B-8-2019-0164_EN.html New https://www.europarl.europa.eu/doceo/document/B-8-2019-0164_EN.html
docs/7/docs/0/url	Old http://www.europarl.europa.eu/doceo/document/RC-8-2019-0154_EN.html New https://www.europarl.europa.eu/doceo/document/RC-8-2019-0154_EN.html
events/0/docs/0/url	Old http://www.europarl.europa.eu/sides/getDoc.do?secondRef=TOC&language=EN&reference=20190213&type=CRE New https://www.europarl.europa.eu/doceo/document/CRE-8-2019-02-13-TOC_EN.html
events/2	date 2019-03-12T00:00:00 type Decision by Parliament body EP docs url: https://www.europarl.europa.eu/doceo/document/TA-8-2019-0156_EN.html title: T8-0156/2019 summary The European Parliament adopted a resolution on security threats connected with the rising Chinese technological presence in the EU and possible action on the EU level to reduce them. The resolution was tabled by the EPP, S&D, ALDE, and Greens/EFA groups. Parliament expressed deep concern about the recent allegations that 5G equipment developed by Chinese companies may have embedded backdoors that would allow manufacturers and authorities to have unauthorised access to private and personal data and telecommunications from the EU. It was equally concerned about the potential presence of major vulnerabilities in the 5G equipment developed by these manufacturers if they were to be installed when rolling out 5G networks in the coming years. Members noted that in December 2018, the Czech national authority for cybersecurity issued a warning against security threats posed by the technologies provided by the Chinese companies Huawei and ZTE, and that in January 2019, the Czech tax authorities excluded Huawei from a tender to build a tax portal. Parliament went on to note that concerns were raised about third-country equipment vendors that might present a security risk for the EU due to the laws of their country of origin, especially after the enactment of the Chinese State Security Laws, which impose obligations on all citizens and enterprises to cooperate with the state, in connection with a very broad definition of national security. In particular, the Chinese state security laws have triggered reactions in various countries, ranging from security assessments to outright ban. Stressing that there is no guarantee that these obligations are not applied extraterritorially, Members indicated that the benefits of the single market come with the obligation to comply with EU standards and the Union’s legal framework, and consequently, suppliers should not be treated differently on the basis of their country of origin. Parliament called on the Commission to: - provide guidance, in cooperation with the EU Agency for Network and Information Security (ENISA), on how to tackle cyber threats and vulnerabilities when procuring 5G equipment, for example by diversifying equipment from different vendors or introducing multi-phase procurement processes; - mandate ENISA to make it a priority to work on a certification scheme for 5G equipment in order to ensure that the rollout of 5G in the Union meets the highest security standards and is resilient to backdoors or major vulnerabilities that would endanger the security of the Union’s telecommunication networks and dependent services. Certification should not, however, exclude competent authorities and operators from scrutinising the supply chain in order to ensure the integrity and security of their equipment that operates in critical environments and telecom networks; - assess the robustness of the Union’s legal framework in order to address concerns about the presence of vulnerable equipment in strategic sectors and backbone infrastructure, and present initiatives, including legislative proposals where appropriate, to address any shortfalls detected, since the Union is in a constant process of identifying cybersecurity challenges. At the same time, Parliament called on Member States to inform the Commission of any national measure they intend to adopt in order to coordinate the Union’s response. It reiterates the importance of refraining from introducing disproportionate unilateral measures that would fragment the single market. It stressed the need to develop a strategy aimed at reducing Europe’s dependency on foreign technology in the field of cybersecurity. Parliament urged those Member States that have not yet fully transposed the Directive (EU) 2016/1148 concerning measures for a high common level of security of network and information systems across the Union (the NIS Directive) to do so without delay, and to make sure that the reporting mechanisms introduced by the NIS Directive are properly applied. The Commission was asked to assess the need to further enlarge the scope of the NIS Directive to other critical sectors and services that are not covered by sector-specific legislation. Member States were also asked to: - ensure that public institutions and private companies involved in ensuring the proper functioning of critical infrastructure networks such as telecoms, energy, health and social systems, undertake relevant risk assessments that take into account the security threats specifically linked to technical features of the respective system or dependence on external suppliers of hardware and software technologies; - make security an obligatory aspect in all public procurement procedures for relevant infrastructure at both EU and national level; - impose sanctions on legal persons that have committed criminal offences such as attacks against such systems, in accordance with Directive 2013/40/EU on attacks against information systems; - report to the Commission and ENISA any evidence of backdoors or other major vulnerabilities that could compromise the integrity and security of telecoms networks or infringe Union law and fundamental rights. Lastly, Parliament welcomed the upcoming entry into force of a regulation establishing a framework for the screening of foreign direct investments (FDI), underlining that this regulation establishes for the first time a list of areas and factors, including communications and cybersecurity, which are relevant for security and public order at EU level.
events/2	date 2019-03-12T00:00:00 type Decision by Parliament, 1st reading/single reading body EP docs url: http://www.europarl.europa.eu/doceo/document/TA-8-2019-0156_EN.html title: T8-0156/2019 summary The European Parliament adopted a resolution on security threats connected with the rising Chinese technological presence in the EU and possible action on the EU level to reduce them. The resolution was tabled by the EPP, S&D, ALDE, and Greens/EFA groups. Parliament expressed deep concern about the recent allegations that 5G equipment developed by Chinese companies may have embedded backdoors that would allow manufacturers and authorities to have unauthorised access to private and personal data and telecommunications from the EU. It was equally concerned about the potential presence of major vulnerabilities in the 5G equipment developed by these manufacturers if they were to be installed when rolling out 5G networks in the coming years. Members noted that in December 2018, the Czech national authority for cybersecurity issued a warning against security threats posed by the technologies provided by the Chinese companies Huawei and ZTE, and that in January 2019, the Czech tax authorities excluded Huawei from a tender to build a tax portal. Parliament went on to note that concerns were raised about third-country equipment vendors that might present a security risk for the EU due to the laws of their country of origin, especially after the enactment of the Chinese State Security Laws, which impose obligations on all citizens and enterprises to cooperate with the state, in connection with a very broad definition of national security. In particular, the Chinese state security laws have triggered reactions in various countries, ranging from security assessments to outright ban. Stressing that there is no guarantee that these obligations are not applied extraterritorially, Members indicated that the benefits of the single market come with the obligation to comply with EU standards and the Union’s legal framework, and consequently, suppliers should not be treated differently on the basis of their country of origin. Parliament called on the Commission to: - provide guidance, in cooperation with the EU Agency for Network and Information Security (ENISA), on how to tackle cyber threats and vulnerabilities when procuring 5G equipment, for example by diversifying equipment from different vendors or introducing multi-phase procurement processes; - mandate ENISA to make it a priority to work on a certification scheme for 5G equipment in order to ensure that the rollout of 5G in the Union meets the highest security standards and is resilient to backdoors or major vulnerabilities that would endanger the security of the Union’s telecommunication networks and dependent services. Certification should not, however, exclude competent authorities and operators from scrutinising the supply chain in order to ensure the integrity and security of their equipment that operates in critical environments and telecom networks; - assess the robustness of the Union’s legal framework in order to address concerns about the presence of vulnerable equipment in strategic sectors and backbone infrastructure, and present initiatives, including legislative proposals where appropriate, to address any shortfalls detected, since the Union is in a constant process of identifying cybersecurity challenges. At the same time, Parliament called on Member States to inform the Commission of any national measure they intend to adopt in order to coordinate the Union’s response. It reiterates the importance of refraining from introducing disproportionate unilateral measures that would fragment the single market. It stressed the need to develop a strategy aimed at reducing Europe’s dependency on foreign technology in the field of cybersecurity. Parliament urged those Member States that have not yet fully transposed the Directive (EU) 2016/1148 concerning measures for a high common level of security of network and information systems across the Union (the NIS Directive) to do so without delay, and to make sure that the reporting mechanisms introduced by the NIS Directive are properly applied. The Commission was asked to assess the need to further enlarge the scope of the NIS Directive to other critical sectors and services that are not covered by sector-specific legislation. Member States were also asked to: - ensure that public institutions and private companies involved in ensuring the proper functioning of critical infrastructure networks such as telecoms, energy, health and social systems, undertake relevant risk assessments that take into account the security threats specifically linked to technical features of the respective system or dependence on external suppliers of hardware and software technologies; - make security an obligatory aspect in all public procurement procedures for relevant infrastructure at both EU and national level; - impose sanctions on legal persons that have committed criminal offences such as attacks against such systems, in accordance with Directive 2013/40/EU on attacks against information systems; - report to the Commission and ENISA any evidence of backdoors or other major vulnerabilities that could compromise the integrity and security of telecoms networks or infringe Union law and fundamental rights. Lastly, Parliament welcomed the upcoming entry into force of a regulation establishing a framework for the screening of foreign direct investments (FDI), underlining that this regulation establishes for the first time a list of areas and factors, including communications and cybersecurity, which are relevant for security and public order at EU level.

2020-01-19Show (13) Changes | Timetravel

docs/0/docs/0/url	http://www.europarl.europa.eu/doceo/document/B-8-2019-0153_EN.html
docs/1/docs/0/url	http://www.europarl.europa.eu/doceo/document/B-8-2019-0154_EN.html
docs/2/docs/0/url	http://www.europarl.europa.eu/doceo/document/B-8-2019-0155_EN.html
docs/3/docs/0/url	http://www.europarl.europa.eu/doceo/document/B-8-2019-0159_EN.html
docs/4/docs/0/url	http://www.europarl.europa.eu/doceo/document/B-8-2019-0160_EN.html
docs/5/docs/0/url	http://www.europarl.europa.eu/doceo/document/B-8-2019-0162_EN.html
docs/6/docs/0/url	http://www.europarl.europa.eu/doceo/document/B-8-2019-0164_EN.html
docs/7	date 2019-03-12T00:00:00 docs url: http://www.europarl.europa.eu/doceo/document/RC-8-2019-0154_EN.html title: RC-B8-0154/2019 type Joint motion for resolution
docs/8	date 2019-08-30T00:00:00 docs url: /oeil/spdoc.do?i=32396&j=0&l=en title: SP(2019)444 type Commission response to text adopted in plenary body EC
events/1	date 2019-03-12T00:00:00 type Decision by Parliament, 1st reading/single reading body EP docs url: http://www.europarl.europa.eu/sides/getDoc.do?type=TA&language=EN&reference=P8-TA-2019-0156 title: T8-0156/2019 summary The European Parliament adopted a resolution on security threats connected with the rising Chinese technological presence in the EU and possible action on the EU level to reduce them. The resolution was tabled by the EPP, S&D, ALDE, and Greens/EFA groups. Parliament expressed deep concern about the recent allegations that 5G equipment developed by Chinese companies may have embedded backdoors that would allow manufacturers and authorities to have unauthorised access to private and personal data and telecommunications from the EU. It was equally concerned about the potential presence of major vulnerabilities in the 5G equipment developed by these manufacturers if they were to be installed when rolling out 5G networks in the coming years. Members noted that in December 2018, the Czech national authority for cybersecurity issued a warning against security threats posed by the technologies provided by the Chinese companies Huawei and ZTE, and that in January 2019, the Czech tax authorities excluded Huawei from a tender to build a tax portal. Parliament went on to note that concerns were raised about third-country equipment vendors that might present a security risk for the EU due to the laws of their country of origin, especially after the enactment of the Chinese State Security Laws, which impose obligations on all citizens and enterprises to cooperate with the state, in connection with a very broad definition of national security. In particular, the Chinese state security laws have triggered reactions in various countries, ranging from security assessments to outright ban. Stressing that there is no guarantee that these obligations are not applied extraterritorially, Members indicated that the benefits of the single market come with the obligation to comply with EU standards and the Union’s legal framework, and consequently, suppliers should not be treated differently on the basis of their country of origin. Parliament called on the Commission to: - provide guidance, in cooperation with the EU Agency for Network and Information Security (ENISA), on how to tackle cyber threats and vulnerabilities when procuring 5G equipment, for example by diversifying equipment from different vendors or introducing multi-phase procurement processes; - mandate ENISA to make it a priority to work on a certification scheme for 5G equipment in order to ensure that the rollout of 5G in the Union meets the highest security standards and is resilient to backdoors or major vulnerabilities that would endanger the security of the Union’s telecommunication networks and dependent services. Certification should not, however, exclude competent authorities and operators from scrutinising the supply chain in order to ensure the integrity and security of their equipment that operates in critical environments and telecom networks; - assess the robustness of the Union’s legal framework in order to address concerns about the presence of vulnerable equipment in strategic sectors and backbone infrastructure, and present initiatives, including legislative proposals where appropriate, to address any shortfalls detected, since the Union is in a constant process of identifying cybersecurity challenges. At the same time, Parliament called on Member States to inform the Commission of any national measure they intend to adopt in order to coordinate the Union’s response. It reiterates the importance of refraining from introducing disproportionate unilateral measures that would fragment the single market. It stressed the need to develop a strategy aimed at reducing Europe’s dependency on foreign technology in the field of cybersecurity. Parliament urged those Member States that have not yet fully transposed the Directive (EU) 2016/1148 concerning measures for a high common level of security of network and information systems across the Union (the NIS Directive) to do so without delay, and to make sure that the reporting mechanisms introduced by the NIS Directive are properly applied. The Commission was asked to assess the need to further enlarge the scope of the NIS Directive to other critical sectors and services that are not covered by sector-specific legislation. Member States were also asked to: - ensure that public institutions and private companies involved in ensuring the proper functioning of critical infrastructure networks such as telecoms, energy, health and social systems, undertake relevant risk assessments that take into account the security threats specifically linked to technical features of the respective system or dependence on external suppliers of hardware and software technologies; - make security an obligatory aspect in all public procurement procedures for relevant infrastructure at both EU and national level; - impose sanctions on legal persons that have committed criminal offences such as attacks against such systems, in accordance with Directive 2013/40/EU on attacks against information systems; - report to the Commission and ENISA any evidence of backdoors or other major vulnerabilities that could compromise the integrity and security of telecoms networks or infringe Union law and fundamental rights. Lastly, Parliament welcomed the upcoming entry into force of a regulation establishing a framework for the screening of foreign direct investments (FDI), underlining that this regulation establishes for the first time a list of areas and factors, including communications and cybersecurity, which are relevant for security and public order at EU level.
events/1	date 2019-03-12T00:00:00 type Results of vote in Parliament body EP docs url: https://oeil.secure.europarl.europa.eu/oeil/popups/sda.do?id=32396&l=en title: Results of vote in Parliament
events/2	date 2019-03-12T00:00:00 type Decision by Parliament, 1st reading/single reading body EP docs url: http://www.europarl.europa.eu/sides/getDoc.do?type=TA&language=EN&reference=P8-TA-2019-0156 title: T8-0156/2019 summary The European Parliament adopted a resolution on security threats connected with the rising Chinese technological presence in the EU and possible action on the EU level to reduce them. The resolution was tabled by the EPP, S&D, ALDE, and Greens/EFA groups. Parliament expressed deep concern about the recent allegations that 5G equipment developed by Chinese companies may have embedded backdoors that would allow manufacturers and authorities to have unauthorised access to private and personal data and telecommunications from the EU. It was equally concerned about the potential presence of major vulnerabilities in the 5G equipment developed by these manufacturers if they were to be installed when rolling out 5G networks in the coming years. Members noted that in December 2018, the Czech national authority for cybersecurity issued a warning against security threats posed by the technologies provided by the Chinese companies Huawei and ZTE, and that in January 2019, the Czech tax authorities excluded Huawei from a tender to build a tax portal. Parliament went on to note that concerns were raised about third-country equipment vendors that might present a security risk for the EU due to the laws of their country of origin, especially after the enactment of the Chinese State Security Laws, which impose obligations on all citizens and enterprises to cooperate with the state, in connection with a very broad definition of national security. In particular, the Chinese state security laws have triggered reactions in various countries, ranging from security assessments to outright ban. Stressing that there is no guarantee that these obligations are not applied extraterritorially, Members indicated that the benefits of the single market come with the obligation to comply with EU standards and the Union’s legal framework, and consequently, suppliers should not be treated differently on the basis of their country of origin. Parliament called on the Commission to: - provide guidance, in cooperation with the EU Agency for Network and Information Security (ENISA), on how to tackle cyber threats and vulnerabilities when procuring 5G equipment, for example by diversifying equipment from different vendors or introducing multi-phase procurement processes; - mandate ENISA to make it a priority to work on a certification scheme for 5G equipment in order to ensure that the rollout of 5G in the Union meets the highest security standards and is resilient to backdoors or major vulnerabilities that would endanger the security of the Union’s telecommunication networks and dependent services. Certification should not, however, exclude competent authorities and operators from scrutinising the supply chain in order to ensure the integrity and security of their equipment that operates in critical environments and telecom networks; - assess the robustness of the Union’s legal framework in order to address concerns about the presence of vulnerable equipment in strategic sectors and backbone infrastructure, and present initiatives, including legislative proposals where appropriate, to address any shortfalls detected, since the Union is in a constant process of identifying cybersecurity challenges. At the same time, Parliament called on Member States to inform the Commission of any national measure they intend to adopt in order to coordinate the Union’s response. It reiterates the importance of refraining from introducing disproportionate unilateral measures that would fragment the single market. It stressed the need to develop a strategy aimed at reducing Europe’s dependency on foreign technology in the field of cybersecurity. Parliament urged those Member States that have not yet fully transposed the Directive (EU) 2016/1148 concerning measures for a high common level of security of network and information systems across the Union (the NIS Directive) to do so without delay, and to make sure that the reporting mechanisms introduced by the NIS Directive are properly applied. The Commission was asked to assess the need to further enlarge the scope of the NIS Directive to other critical sectors and services that are not covered by sector-specific legislation. Member States were also asked to: - ensure that public institutions and private companies involved in ensuring the proper functioning of critical infrastructure networks such as telecoms, energy, health and social systems, undertake relevant risk assessments that take into account the security threats specifically linked to technical features of the respective system or dependence on external suppliers of hardware and software technologies; - make security an obligatory aspect in all public procurement procedures for relevant infrastructure at both EU and national level; - impose sanctions on legal persons that have committed criminal offences such as attacks against such systems, in accordance with Directive 2013/40/EU on attacks against information systems; - report to the Commission and ENISA any evidence of backdoors or other major vulnerabilities that could compromise the integrity and security of telecoms networks or infringe Union law and fundamental rights. Lastly, Parliament welcomed the upcoming entry into force of a regulation establishing a framework for the screening of foreign direct investments (FDI), underlining that this regulation establishes for the first time a list of areas and factors, including communications and cybersecurity, which are relevant for security and public order at EU level.
events/2/docs/0/url	Old http://www.europarl.europa.eu/sides/getDoc.do?type=TA&language=EN&reference=P8-TA-2019-0156 New http://www.europarl.europa.eu/doceo/document/TA-8-2019-0156_EN.html

2019-07-12Show (2) Changes | Timetravel

procedure/legal_basis/0	Rules of Procedure EP 132-p2
procedure/legal_basis/0	Rules of Procedure EP 123-p2

2019-07-06Show (4) Changes

commission	body: EC dg: Internal Market, Industry, Entrepreneurship and SMEs commissioner: BIEŃKOWSKA Elżbieta
docs	date: 2019-03-12T00:00:00 docs: title: B8-0153/2019 type: Motion for a resolution body: EP date: 2019-03-12T00:00:00 docs: title: B8-0154/2019 type: Motion for a resolution body: EP date: 2019-03-12T00:00:00 docs: title: B8-0155/2019 type: Motion for a resolution body: EP date: 2019-03-12T00:00:00 docs: title: B8-0159/2019 type: Motion for a resolution body: EP date: 2019-03-12T00:00:00 docs: title: B8-0160/2019 type: Motion for a resolution body: EP date: 2019-03-12T00:00:00 docs: title: B8-0162/2019 type: Motion for a resolution body: EP date: 2019-03-12T00:00:00 docs: title: B8-0164/2019 type: Motion for a resolution body: EP
events	date: 2019-02-13T00:00:00 type: Debate in Parliament body: EP docs: url: http://www.europarl.europa.eu/sides/getDoc.do?secondRef=TOC&language=EN&reference=20190213&type=CRE title: Debate in Parliament date: 2019-03-12T00:00:00 type: Decision by Parliament, 1st reading/single reading body: EP docs: url: http://www.europarl.europa.eu/sides/getDoc.do?type=TA&language=EN&reference=P8-TA-2019-0156 title: T8-0156/2019 summary: The European Parliament adopted a resolution on security threats connected with the rising Chinese technological presence in the EU and possible action on the EU level to reduce them. The resolution was tabled by the EPP, S&D, ALDE, and Greens/EFA groups. Parliament expressed deep concern about the recent allegations that 5G equipment developed by Chinese companies may have embedded backdoors that would allow manufacturers and authorities to have unauthorised access to private and personal data and telecommunications from the EU. It was equally concerned about the potential presence of major vulnerabilities in the 5G equipment developed by these manufacturers if they were to be installed when rolling out 5G networks in the coming years. Members noted that in December 2018, the Czech national authority for cybersecurity issued a warning against security threats posed by the technologies provided by the Chinese companies Huawei and ZTE, and that in January 2019, the Czech tax authorities excluded Huawei from a tender to build a tax portal. Parliament went on to note that concerns were raised about third-country equipment vendors that might present a security risk for the EU due to the laws of their country of origin, especially after the enactment of the Chinese State Security Laws, which impose obligations on all citizens and enterprises to cooperate with the state, in connection with a very broad definition of national security. In particular, the Chinese state security laws have triggered reactions in various countries, ranging from security assessments to outright ban. Stressing that there is no guarantee that these obligations are not applied extraterritorially, Members indicated that the benefits of the single market come with the obligation to comply with EU standards and the Union’s legal framework, and consequently, suppliers should not be treated differently on the basis of their country of origin. Parliament called on the Commission to: - provide guidance, in cooperation with the EU Agency for Network and Information Security (ENISA), on how to tackle cyber threats and vulnerabilities when procuring 5G equipment, for example by diversifying equipment from different vendors or introducing multi-phase procurement processes; - mandate ENISA to make it a priority to work on a certification scheme for 5G equipment in order to ensure that the rollout of 5G in the Union meets the highest security standards and is resilient to backdoors or major vulnerabilities that would endanger the security of the Union’s telecommunication networks and dependent services. Certification should not, however, exclude competent authorities and operators from scrutinising the supply chain in order to ensure the integrity and security of their equipment that operates in critical environments and telecom networks; - assess the robustness of the Union’s legal framework in order to address concerns about the presence of vulnerable equipment in strategic sectors and backbone infrastructure, and present initiatives, including legislative proposals where appropriate, to address any shortfalls detected, since the Union is in a constant process of identifying cybersecurity challenges. At the same time, Parliament called on Member States to inform the Commission of any national measure they intend to adopt in order to coordinate the Union’s response. It reiterates the importance of refraining from introducing disproportionate unilateral measures that would fragment the single market. It stressed the need to develop a strategy aimed at reducing Europe’s dependency on foreign technology in the field of cybersecurity. Parliament urged those Member States that have not yet fully transposed the Directive (EU) 2016/1148 concerning measures for a high common level of security of network and information systems across the Union (the NIS Directive) to do so without delay, and to make sure that the reporting mechanisms introduced by the NIS Directive are properly applied. The Commission was asked to assess the need to further enlarge the scope of the NIS Directive to other critical sectors and services that are not covered by sector-specific legislation. Member States were also asked to: - ensure that public institutions and private companies involved in ensuring the proper functioning of critical infrastructure networks such as telecoms, energy, health and social systems, undertake relevant risk assessments that take into account the security threats specifically linked to technical features of the respective system or dependence on external suppliers of hardware and software technologies; - make security an obligatory aspect in all public procurement procedures for relevant infrastructure at both EU and national level; - impose sanctions on legal persons that have committed criminal offences such as attacks against such systems, in accordance with Directive 2013/40/EU on attacks against information systems; - report to the Commission and ENISA any evidence of backdoors or other major vulnerabilities that could compromise the integrity and security of telecoms networks or infringe Union law and fundamental rights. Lastly, Parliament welcomed the upcoming entry into force of a regulation establishing a framework for the screening of foreign direct investments (FDI), underlining that this regulation establishes for the first time a list of areas and factors, including communications and cybersecurity, which are relevant for security and public order at EU level. date: 2019-03-12T00:00:00 type: End of procedure in Parliament body: EP
procedure	reference 2019/2575(RSP) title Security threats connected with the rising Chinese technological presence in the EU and possible action on the EU level to reduce them subject 3.30.06: Information and communication technologies, digital technologies 3.30.07: Cybersecurity, cyberspace policy geographical_area China type RSP - Resolutions on topical subjects subtype Resolution on statement legal_basis Rules of Procedure EP 123-p2 stage_reached Procedure completed

Progress: Procedure completed

Legal Basis:

Subjects

Links

Events

Documents

Activities

History

ParlTrack - 2011-2024