The EU-China dialogue on cybersecurity and global tech governance: What perspectives ahead?

Speakers: Spyraki Maria, Rickli Jean-Marc, Yi Shen, Preneel Bart
Moderator: Pastorella Giulia

In September, PubAffairs Bruxelles organised an evening of discussion regarding the EU-China dialogue on cybersecurity and the question of global tech governance with our distinguished guests Ms Maria Spyraki MEP, Vice-Chair of the European Parliament’s Delegation for Relations with the People’s Republic of China, Dr Jean-Marc Rickli, Head of Global Risk and Resilience, Geneva Centre for Security Policy (GCSP) and Professor Bart Preneel, Computer Security and Industrial Cryptography Research Group (COSIC), KU Leuven.

Mr Abraham Liu, Chief Representative to the EU Institutions and Vice-President for the European Region, Huawei, gave the keynote speech.

The debate was moderated by Giulia Pastorella, Associate Director, Tech and Trade, Weber Shandwick.

Giulia Pastorella opened the discussion by drawing attention to the question of how tech governance can be facilitated on a global level amidst rising tensions between the United States (US) and China. She pointed to the challenges for the European Union to position itself on the global stage with regard to the question that is often described as the beginning of a Tech Cold War”.

The moderator continued by introducing the panel and finalised her opening statements by giving the floor to Mr Abraham Liu.

Mr Abraham Liu initiated his keynote speech by stating that Huawei is employing 14,000 people across Europe and contributed around 16 billion euros to the GDP of the EU in 2019, while paying 1.6 billion euros in direct taxes. The speaker continued by mentioning that Huawei is planning major investments in Europe by building new production facilities, instead of acquiring European start-ups, while emphasising the high number of jobs which these investments are creating. Mr Liu subsequently stated that the 20 years of Huawei’s presence in Europe implies that the company is perceived as an established and trustworthy player across the old continent.

The speaker continued by expressing his concern about the challenges his company is facing due to the current disruptions in relations between China and the US. He elaborated on this matter by asserting that this dynamic, in his opinion, will have a negative impact on investments in the EU. The keynote speaker also expressed doubts over the idea that the tensions between the US and China will have positive effects for European companies, as well as for the EU strategic autonomy objectives. “Reducing competition is never a good idea”, he stated and urged for a Europe-wide engagement in preventing disruption to global supply chains as a result of current tensions. Mr. Liu subsequently stated that only a multi-vendor approach to technology, as opposed to protectionism, could guarantee security and digital sovereignty at the same time.

Going more into detail about Huawei’s cooperation with European governments, the speaker explained that there have been major efforts to verify Huawei’s equipment, creating deeper trust in its products and making the company the most tested company on the global tech market. He also stated that, in his opinion, the accusations against Huawei are part of a strategy for global tech dominance that is intended to damage Europe, as well. Mr Liu subsequently called European institutions to follow an approach based on Europe’s own rules and values.

Following these remarks, the speaker discussed the company’s position as a leader in the development of security standards. He asserted that the issue of security should not be exploited for internal political disputes and elaborated on how current tensions are interfering with the rollout of 5G technologies in Europe. He subsequently emphasised that Europe should have access to the most advanced 5G technology in order to increase its competitiveness, also given the necessity of a rapid global recovery from the Corona crisis.

In addition, Mr Liu explained that European consumers are also being harmed with regard to their rights and choices by the latest measures taken by the US and presented the opinion that digital sovereignty can only result from the freedom of choice granted by market competition. He continued by highlighting the importance of multinational trade frameworks and shared his preference for the setting of common global rules and standards based on open market access and fair competition. The speaker consequently referred to an initiative presented by the Chinese government which provides a framework for data security global standards with the aim of engaging other countries to follow a multilateral approach to this issue, while respecting their sovereignty and the right to manage their own data.

Mr Liu further emphasised the interdependent relationship between the EU and China in economic terms and drew attention to China’s growing role in the global value chain. He also expressed understanding for the EU’s orientation towards strategic autonomy, while emphasising that caution is advisable when drawing the line between strategic autonomy and protectionism. The speaker also shared his optimism on the fact that despite the pressure coming from the US, the conclusion of the EU-China Comprehensive Agreement on Investment will strengthen multilateralism in international relations. He subsequently asserted that an agreement will give the industries of both negotiation parties new certainty and will show the important role globalisation continues to play in terms of economic growth.

The speaker reiterated that Huawei is a trusted commercial partner around the globe, while highlighting that trust must also be built at a government level in order to overcome trade disputes, foster technological collaboration and eventually avoid negative impacts for citizens. Mr Liu then moved on to listing additional challenges which Europe faces, namely the recovery from the Corona crisis and its role in technological innovation. He concluded his keynote remarks by confirming his company support for Europe’s efforts to accomplish its digital ambitions and shape the global economic recovery.

Giulia Pastorella opened the discussion by asking the panellists about the main challenges they anticipate in the developments of global tech governance.

Maria Spyraki MEP began her response by calling into question whether current global diplomatic trends are actually moving towards effective global tech governance, hinting at some possible developments that could be described as the “Balkanisation” of technology. She consequently warned of the dangers of fragmented European and international policy approaches and called for a consensus enabled by constructive global dialogue aimed at a pragmatic strategic cooperation. The MEP explained that the more citizens use digital technologies, the more added value is created from investments in these technologies, and also warned against a fragmentation of global investment policies. She subsequently elaborated on the importance of reciprocity in investments between Europe and China, as this factor plays a major role when it comes to public procurement for digital technologies, while emphasising how crucial a balanced market access for both parties is. The MEP finally drew attention to the topic of discrimination in market access and finalised her remarks by pointing to the question of the elimination of discriminatory rules as an important step towards a fair trade and investment balance between China and the EU, a state of play that would be highly beneficial to both parties. 

Dr Jean-Marc Rickli answered the moderator’s question by referring to the broader context of tech governance, which is defined by the changes in current international relations. With the rise of China, the speaker continued, the structure of the international system after the Cold War has evolved, while technology has emerged as a significant source of influence. He subsequently added that this creates a continuously growing competition over the definition of the rules for governance of technologies on a global scale. Moreover, Dr Rickli highlighted the two opposing positions of governance in cyberspace, namely the perspective that derives from a free market point of view and the perspective of sovereignty as a primary national interest. With reference to a study published by Harvard University, he stated that the US and Europe were originally dominant in the field of cyberspace, whereas China is gaining more influence. The speaker subsequently shared his insights into Europe’s position towards China in the 2010s. During this period, he clarified, the EU was divided into non-cooperative and cooperative Member States, the latter being particularly driven by their respective evaluation over the opportunities provided by the Belt-and-Road initiative. Dr Rickli continued by referring to a change in this dynamic as a result of the Corona crisis, when some European countries shifted towards a more critical stance towards China. The speaker substantiated this consideration with examples of recent diplomatic incidents between China and the EU, which he viewed as being in line with the trends of the current international system. Indeed, he explained, the US has taken a more isolationist and nationalistic stance, while China has adopted a more active global role at the same time. This has induced an open confrontation between Washington and Beijing. He then emphasised that the European model, defined as aiming at defining standard setting according to consensual rules and norms, lacks the industrial capacity necessary to have a peer-to-peer approach with both the American and Chinese counterparts. As a result, the panellist urged Europe to reflect on its own capacities, which must move beyond the setting of rules and facilitate the development of competitive technologies in Europe. He concluded his response by emphasising the importance of an effective global governance of emerging technologies, as current dynamics are emphasising more the respective actors’ competitive, rather than collaborative, approach.

Professor Bart Preneel began his response by drawing attention to cybersecurity as a multidimensional problem, rooted in the fact that technology is the main infrastructure of modern society. This consideration, the speaker continued, creates the necessity for an integrated strategic approach, as no nation state can cope with cybersecurity threats autonomously. He therefore called for international cooperation on the matter. Professor Preneel also described the most challenging aspects of cooperation on cybersecurity, such as the need for nations to protect their sensitive information in the context of intelligence work and, from a long-term perspective, their own cyber warfare capacities. This dynamic, the speaker explained, has also led to a lack of exchange of sensitive data, an “inherent weakness” of the EU’s cyber capacity. In addition, Professor Preneel expressed doubts as to the effectiveness of a fragmented approach to cybersecurity in dealing with cyber challenges on the global stage. The speaker continued by highlighting that digital technology touches every area of society and should be treated with a holistic approach. In his opinion, the separation of military and intelligence issues from consumer and infrastructure aspects of cybersecurity causes a conceptual fragmentation. Subsequently, he elaborated on the term ‘digital sovereignty’, which he described as being driven by a combination of political and economic interests. However, he also warned against a lack of necessary investment in key industries and an effective industrial policy. In addition, Professor Preneel drew attention to a phenomenon that is observed following cybersecurity incidents in Europe and around the globe when a given nation state takes the lead in responding to a threat, but a common response is missing. Following these explanations, the panellist focused on the question of how values are embedded in technologies. He explained that, compared to the US and China, the EU should take the chance to integrate its values into emerging technologies, particularly regarding the governance of citizen’s data such as on social media platforms. The cybersecurity specialist concluded his remarks by reiterating the importance of both a cyberspace free from warfare and the need to govern the digital world, while calling for balanced, global cooperation on these matters.

The moderator asked the panellists to give an overview of the relationship and the current dynamics between the EU and China with respect to cyber governance and security issues.

Ms Spyraki MEP replied to the question of the moderator by stating that one of the determining factors shaping the relationship between the EU and China is also the confrontation between China and the US. The MEP subsequently clarified her statement by describing the current implications for cybersecurity and the technology sector as spill-over effects from trade tensions between the US and China. She further exemplified her point of view by referring to the recent decision of the US Department of Commerce to prohibit companies from selling semiconductors produced with US software to Chinese companies without acquiring a respective licence beforehand. The speaker added that this is an example where a government restricted a company of another country to protect its own technological sovereignty. Ms Spyraki then began explaining the cybersecurity state of play in the EU. With the implementation of the Cybersecurity Act in April 2019, she continued, EU Member States adopted EU-wide Cyber Security Certification Schemes to guarantee that products and services met common cybersecurity standards. This clearly shows the broad consensus on the matter between Member States, the MEP stated. She then mentioned how the Corona crisis creates difficulties with regard to the matter of European strategic autonomy, as the Covid outbreak has highlighted not only the need for self-sufficiency in medical supplies, but also in the domain of digital sovereignty. The speaker finally expressed that she perceives the crisis also as a chance for a fresh start in the relationship with China and called for an enhanced dialogue between the EU and China on the question of cybersecurity. 

Dr Rickli began his reply by agreeing with Professor Preneel’s statement that emerging technologies serve also as an enabler of power in the domains of security and defence. He subsequently elaborated on this idea by referring to the Chinese concept called “Civil-Military-Fusion”, which he described as a program that integrates civilian and military efforts in key sectors to enhance the defence capacities of the country. Continuing with his remarks, the speaker explained how conflict escalation proceeds differently in the cyberspace rather than in the “physical world”. He illustrated this statement with a comparison to nuclear deterrence, notably based on the communication of one’s own missile capabilities to the respective counterpart. On the contrary, in the cyber domain, revealing its own capacities means disclosing vulnerabilities as well. He went on to explain that unveiling the state of the development of artificial intelligence, real or pretend, has also ended in an escalation of frictions for the governance dominance in the field of technology. However, Dr. Rickli warned against the rising potential risks resulting from the shift of the international system structure from multipolar to purely hegemonic. He continued by expressing concerns about possible military tensions stemming from the competition in the civil technological sector. Finally, the panellist reiterated that the differentiation between civil and military use of digital technologies is often difficult, while stating that the aim of being the dominant actor on a global scale is also pursued by the delegitimisation of the counterpart.

Giulia Pastorella followed up on these statements by asking Ms Spyraki MEP if there are more obstacles or opportunities for a dialogue between China and the EU, given the fact that the EU itself has recognised China as a “systemic rival”.

Ms Spyraki MEP started by reiterating her stance on the necessity of reciprocity-based relations between the EU and China. She subsequently highlighted the importance of mutual market access for investments and urged all concerned parties to focus more on common approaches, rather than emphasising differences. However, the MEP expressed satisfaction over China’s efforts to improve its data protection regulations and remarked that these efforts can contribute to creating trust between the two actors. She furthermore shared her opinion that both sides need to realise how crucial cooperation is in order to create mutual benefits. The speaker then described how different China and the EU are regarding governance and regulation of cyberspace. To overcome these differences, Ms. Spyraki urged both sides to accept mutual market access as a common goal. She then expressed hope for the easing of tensions between the US and China after the US elections and for the possible positive effects of tension de-escalation in international relations can have on EU-China relations. The MEP concluded her remarks by calling on all concerned parties to focus on common interests, reciprocity and mutual access to the markets for investment.

The moderator asked the panellists how cybersecurity standards can be used as non-tariff trade barriers and how this strategy affects efforts of global tech governance and which role the EU should take on the global stage.

Professor Preneel began his statement by confirming that cryptography is an effective barrier to protect intellectual property rights and to prevent market access. He referred to the example of different network standards, which are encrypted as part of licensing processes for building telecommunication networks. The speaker followed up on this elaboration by stating that, a decade ago, he was invited by the US trade delegation to China to convince the Chinese government of abstaining from building its own crypto standards. In fact, he explained, the global crypto standard AES was of a substantial economic value to the US industry. He subsequently remarked that China had proceeded in developing its own standards for encryption for all wireless Internet connections, a fact which allows the securisation of the national networks and the prevention of access from outside. Professor Preneel expressed his disappointment as to this development and declared that he is in favour of open standards applied in most parts of the world. He then moved on to explain that the trend on the cybersecurity market is developing towards certification schemes, which are used to protect the market by implementing price barriers for certificates. The speaker consequently raised the concern that EU countries might use this mechanism to protect their own companies from open competition. Additionally, he mentioned that cybersecurity companies are closely monitored with regard to their compliance with cyber standards, resulting in unimpeded access to new products for the monitoring authorities. Professor Preneel subsequently expressed doubted as to the EU cybersecurity certification scheme being able to solve these problems and reiterated his stance on open systems as the only solution to the certification issue. Only this way can the control over cryptography and cybersecurity be limited, the speaker asserted, while remarking that Europe should advocate on a global level for the common use of open systems, as major parts of the Internet run on open software. He added that cloud infrastructure is facilitated by open hardware and urged European governments to oblige market-leading phone producers to unlock their products for open software use to ensure that European digital solutions can be introduced independently from companies. With regard to data governance, the panellist confirmed the exemplary role of the GDPR, but also expressed concerns as to its limited means of enforcement, especially against major foreign actors. He also drew attention to the discrepancy between globally flowing data streams and the aim of making them a subject of national jurisdictions. He furthermore suggested establishing a European cyber ecosystem rather than searching control over the data of citizens of individual Members States. Subsequently, Professor Preneel indicated a common understanding between the EU and China that cyberthreats are leaving society vulnerable and that it requires long-term investment to cope with these threats. He elaborated on this notion by describing how technological advancements in fields such as robotics and mobility are progressing at a fast pace, making major efforts in cybersecurity necessary to avoid problems for these sectors in the future. Indeed, these circumstances provide a ground for cooperation on higher security standards between the EU and China, the professor said. He consequently mentioned the cooperation between Huawei and the Government of the United Kingdom on Internet router security, while highlighting this example as a model of cooperation between China and Europe on open cyber infrastructures. However, the speaker unveiled that abuse of digital technology is, to some extent, unavoidable and proposed to hand the control over these technologies to artificial intelligence, while warning against the potential surveillance of European citizens. The aim of preventing abuse of emerging technologies, he explained, will create different security architectures of the internet, based on divergent governament approaches. Professor Preneel concluded by stating that the architecture of the Internet holds the potential for disagreement between China and the EU, as both apply different concepts of governing technology.

Ms Spyraki MEP took on the moderator’s question by suggesting that the EU should play the role of an “honest broker” in the international arena and pointed at the outcome of the upcoming Presidential elections in the US as the decisive factor for the future relations between the US and China. She subsequently highlighted the importance of market access to both the US and China for the EU and advocated for an improved dialogue to foster pragmatic strategic cooperation and suggested the market access of all three actors be enhanced instead of narrowed down. On the matter of security, she reiterated the importance of the Cybersecurity Act as a pan-European measure and asserted the need for cooperation on cybersecurity standards, the open Internet and common rules of tech governance. The speaker additionally emphasised the importance of data exchange around the world, whilst upholding the idea of data protection granted by the GDPR. The MEP explained that these measures can not be enforced by one actor over the others, but have to be implemented based on consensus. In fact, she described her previous elaboration as the only way to create a level-playing field in the cyberspace and for creating trust between stakeholders. She concluded her response by warning against the alternative of weaponising both the economy and technology developments. 

The Q&A session covered the following issues: The role of the EU in mediating the tensions between the US and China; the question of balance between market and security needs; the role of data sovereignty in the relation of the EU with the US and China; the implementation of the GDPR; the vulnerabilities of cloud services; the dispute over the 5G roll-out in Europe; areas of common interest and disagreement between China and the EU and the bifurcation of the IT stack.

Want to know more about the issues discussed in this debate? Then take a look at the selected sources provided below!

EU-China 2020 Strategic Agenda for Cooperation, European External Action Service

EU strategy on China, European Commission

European Parliament’s Delegation for Relations with the People’s Republic of China

The EU Cybersecurity Act, European Commission

The European Digital Strategy, European Commission

Digital sovereignty for Europe, European Parliament Think Tank

Cybersecurity Incident Taxonomy, European Commission

Delegation of the European Union to China, European External Action Service

EU-China leaders’ meeting via video conference, 14 September 2020, European Council

EU Cyber Forum – Promoting a free, open, safe and secure cyberspace, European External Action Service

Cybersecurity – review of EU rules on the security of network and information systems, European Commission

National Cyber Power Index 2020, Harvard Kennedy School for Science and International Affairs

The Coming Tech Cold War With China
Beijing Is Already Countering Washington’s Policy, Foreign Affairs

Surrogate Warfare: The Transformation of War in the Twenty-First Century, Paperback by Andreas Krieg and Jean-Marc Rickli

How Restricting Trade with China Could End US Semiconductor Leadership, Boston Consulting Group

Balkanising technology will backfire on the US, Financial Times

The Impact of Autonomy and Artificial Intelligence on Strategic Stability, Geneva Centre for Security Policy

The Increasing Importance of Hybrid Politics in Europe: Cyber Power is Changing the Nature of Politics, Geneva Centre for Security Policy

EU-China FDI: Working towards more reciprocity in investment relations, Report, MERICS and Rhodium Group