EU Cybersecurity Reform and the Risks Posed by Proposed U.S. Tech Legislation
In a rare bit of good news coming out of Europe, a major cybersecurity overhaul has been proposed by the European Commission to protect telecommunications and critical infrastructure from high-risk foreign suppliers and state-backed cyber threats. The legislation responds to the uneven adoption of the 2020 5G Security Toolbox and reflects a broader global trend of governments strengthening cybersecurity. In contrast, certain proposed legislation in the U.S. risks weakening existing device-level safeguards and privacy in the name of invigorating competition.
Under the proposed European Union (EU) legislation, high-risk foreign suppliers would be removed from mobile telecommunications networks and sensitive infrastructure. The European Commission would be granted authority to conduct EU-wide risk assessments and support equipment bans or restrictions, with risks jointly evaluated by member states. In addition, the Cybersecurity Act would be revised to introduce certifications managed by the EU Agency for Cybersecurity, early threat warnings, and centralized incident reporting. Overall, these initiatives aim to strengthen European cybersecurity long term.
While efforts to strengthen U.S. cybersecurity at the network level have been undertaken by the federal government, certain proposed legislation would back-pedal on these initiatives by weakening the cybersecurity protections of devices. Previous Congresses have introduced the American Innovation and Choice Online Act (AICOA), an attempt to limit the market power of large tech platforms. AICOA may soon be reintroduced on Capitol Hill.
However, besides failing on economic grounds, AICOA’s de facto sideloading mandate would undermine consumer protections, resulting in weakened device security and heightened privacy risks. Data sharing and portability would become mandatory under AICOA, allowing third parties to obtain new access to sensitive user data.
The EU’s proposed legislation emphasizes the ever-increasing importance of robust cybersecurity at every level of the technology stack. Congress should be wary of moving in the opposite direction and weakening protections at a time when strong digital safeguards are essential.
Published on January 28, 2026