Restricting untrusted components from Europe’s subsea data cables strengthens governments’ national security and benefits European firms.
Under the first Trump administration there was a major push based on fears of espionage, threats to U.S. economic security, and opaque ties between Chinese telecommunications firms like Huawei and ZTE and the Chinese government and military, to exclude Chinese suppliers from U.S. 5G networks, and to convince U.S. allies and partners to do the same. In May 2019, these efforts culminated in President Trump signing an executive order prohibiting the purchase or use of any information and communications technology controlled by a foreign adversary in the United States and the Commerce Department adding Huawei and 68 of its affiliates to the department’s Entity List. Despite these moves at home, it took time and significant diplomatic effort for Washington to persuade even its closest friends in Europe of the risks associated with allowing firms like Huawei and ZTE into their telecommunications systems.
In August, the second Trump administration took a note from its own 5G playbook for a similarly critical form of digital infrastructure and prohibited the use of untrusted components, including those controlled by a foreign adversary, in future subsea data cables connected to the United States. These cables, though less visible in Americans’ daily lives than 5G, form the backbone of global connectivity, carrying nearly all international data and trillions of dollars of daily financial transactions. This more recent move on subsea cables echoes the telecom restrictions implemented under the first Trump administration that targeted Chinese firms in U.S. 5G infrastructure. Like with 5G, it is only a matter of time before the United States begins to pressure its partners to adopt guidelines similar to its own on subsea cables.
Unlike the early days of the 5G debate, many European officials today share U.S. concerns regarding the involvement of untrusted vendors such as Huawei and ZTE in their critical digital infrastructure. European governments should quickly adopt guidelines similar to those of the United States to restrict and exclude high-risk equipment and technology from their own subsea cables. Doing so would enhance the security of their digital infrastructure, benefit European firms, and help avoid another unnecessary transatlantic dispute—like that on 5G—over a threat perception now largely shared in the United States in Europe.
Turning Inward: The Evolving U.S. Approach to Subsea Cables
For years, subsea cables have been a growing target in the broader technology competition between the United States and China. In Washington, officials have—until recently—focused primarily on hindering Chinese-owned cable installers and operators, including HMN Tech (formerly Huawei Marine Networks), China Mobile, China Telecom, and China Unicom, from expanding their global reach. As part of this strategy, the U.S. government has encouraged its partners in Europe and Asia to avoid cables installed by HMN Tech and opposed cable projects partially funded by China Mobile.
Despite these global efforts, U.S. policymakers have traditionally paid little attention to the rules governing all submarine cables connected to the United States. Indeed, in August, the Federal Communications Commission (FCC) introduced and unanimously approved new guidelines—marking the first major update to U.S. subsea cable licensing rules since 2001. Under the revised regulations, there is now a presumption of denial for cable-landing license applicants controlled by foreign adversaries, and the FCC prohibits the use of components on its “Covered List” in any subsea cable systems that land in or otherwise connect to the United States. Adam Chan, national security counsel at the FCC, labeled these new rules as part of an attempt to “decouple the [U.S.] submarine cable industry from foreign adversaries.”
Preventing cables supplied and installed by companies such as HMN Tech from landing in the United States essentially codifies existing practice into formal FCC requirements. Of the more than 100 operational or planned subsea cable systems connected to the United States, none are supplied by HMN Tech. And while there are a small number of existing cables that directly link the United States and the People’s Republic of China (PRC) that are jointly owned by consortia involving Chinese companies, the last such cable became ready for service in 2016.
Fueled by espionage concerns and recent experiences such as the Salt Typhoon cyberattack, in which China-linked hackers heavily penetrated U.S. telecommunications carriers, U.S. policymakers are moving quickly to rid their critical digital infrastructure of PRC-owned or manufactured equipment. Although the two global leaders in subsea cable installation are based in the United States (SubCom) and France (Alcatel Submarine Networks, or ASN), China is home to several key producers of the fiber optic cables, optical components, and repeaters that make up each individual cable.
The national security justification for excluding high-risk components in subsea cables is clear. Since their invention, telecommunications cables have been vulnerable to espionage. These risks still exist today, and the growing tendency of companies that manage cable infrastructure to utilize “remote network management systems” exposes this infrastructure even further to greater cybersecurity risk. What’s more, the U.S. government has raised concerns regarding potential tampering conducted by Chinese cable repair ships. When a cable is broken, a maintenance vessel must winch the two ends to the surface and splice them together, presenting an opportunity to install a new device or study advanced cable technology for espionage purposes.
Closing the Transatlantic Gap on Critical Digital Infrastructure
When U.S. officials from the first Trump administration began urging their European counterparts to exclude Huawei and ZTE from their 5G networks, European allies expressed varying degrees of opposition. Much of Europe’s hesitancy was due to a mixed threat perception about the national security risks of Chinese involvement in telecommunications equipment. This divergence extended to subsea cables installed by Chinese companies: In 2021, France pushed back against U.S. opposition to landing an HMN Tech-supplied cable, known as PEACE, in Marseilles.
Today, there is much closer alignment between the United States and Europe concerning Chinese involvement in critical digital infrastructure. In 2020, the EU introduced its own 5G cybersecurity toolbox, and in 2023 the union clarified that certain member states’—including Sweden’s and France’s—decisions to “restrict or exclude Huawei and ZTE from 5G networks are justified and compliant” with the toolbox. Since the installation of the PEACE Cable, which entered service in March 2022, no subsea cables landing in Europe have been installed by HMN Tech, with ASN and SubCom filling any gaps as preferred alternatives. And in January 2024, the European Parliament expressed “grave concern over the undersea data cable systems operated by Chinese company HMN Technologies,” citing cybersecurity and espionage vulnerabilities.
European officials have hinted at taking more concerted action to exclude untrusted components from their subsea cables but have lacked implementation. In its February 2024 Recommendation on the Security and Resilience of Submarine Cable Infrastructures, the European Commission advocated for the creation of a “Cable Security Toolbox” by the end of 2025, which would provide “mitigating measures” to “reduce risks, vulnerabilities, and dependencies, in particular on high-risk suppliers.” But the Cable Security Toolbox has yet to be launched.
Similarly, the EU’s July 2025 International Digital Strategy notes that the union’s 5G Toolbox could be extended to subsea cable systems but falls short of any real action or timeline. Rather, the commission remains vague, simply noting that “work will continue, by drawing on instruments such as the 5G Toolbox, to assist partner countries who are equally concerned about the need to build their digital economy on secure foundations.”
Why Now?
Europeans should not simply wait until the end of the year to implement the Cable Security Toolbox and enact other measures restricting untrusted components in their subsea cables. If anything, the FCC’s recent subsea cable rule updates and revisions should hasten Europe’s approach. Reducing the amount of untrusted equipment in subsea cables minimizes the exposure of European governments, businesses, and militaries to potential backdoor vulnerabilities. It also limits the possibilities of external actors disrupting the data and activity traversing these cables from within.
European firms also stand to benefit from excluding untrusted suppliers from their cable supply chains. A restriction of Chinese-made and other high-risk cable components will inevitably increase demand for these materials, and European companies would have a chance to satisfy that demand. The same was true during the 5G debate with European providers such as Nokia and Ericsson, the primary competitors of Huawei for 5G systems. For those areas where European companies lack a strong competitor, either the EU or national governments could provide funding to strengthen European production facilities. If there is a complete lack of any critical parts in Europe, governments could work with allies and partners to lower the costs of trusted alternatives. What’s more, the exclusion of untrusted components in their finished cable systems will make ASN, the global leader in cable installation, an even more attractive option for countries wary of options offered by Washington and Beijing.
By voluntarily following the FCC’s lead based on a shared threat perception, European governments have an opportunity to avoid a series of unnecessary diplomatic disputes as experienced during the 5G saga. Like with 5G, it is a question of when, not if, the United States begins to pressure its partners to adopt guidelines similar to its own on subsea cables, including preventing the connection of subsea cables to their countries if they contain any Chinese technology or components. Europe should preempt this pressure campaign and utilize its own strengths in the subsea cable industry to work with the United States and others to create a trusted cable ecosystem. Much like the 5G debate, European firms stand to benefit from these measures. Officials in Europe cannot fall again into the trap of seemingly choosing between an unpopular U.S. administration and China at the expense of Europe’s own security and economic growth.
A Multilayered European Approach
It’s unlikely that there will be one EU-wide rule that restricts the deployment of untrusted equipment in Europe’s subsea cables. Nevertheless, there are several overlapping steps that can be taken at the national, EU, and international levels to create a more secure and trusted cable network. First, the EU should prioritize the immediate rollout of its Cable Security Toolbox, with guidance for member states on mitigating threats posed by high-risk suppliers. As a first step, it is encouraging that an EU-wide mapping and coordinated risk assessment of subsea cable systems, including cybersecurity threats and vulnerabilities, has been approved and will be published in fall 2025.
At the national level, European governments should introduce new measures that prevent cable manufacturers and installers based in their countries from utilizing untrusted components in their subsea cables. This recommendation is especially true for the French government, which owns an 80 percent stake in ASN. European governments can take a page out of Japan’s book: Tokyo recently announced that it will investigate whether domestic companies procure subsea cable components from China and, if so, encourage these firms to change suppliers.
Internationally, the EU and the United States—along with other signatories of the “New York Joint Statement on the Security and Resilience of Undersea Cables in a Globally Digitalized World” (the New York Statement)—should work together to identify and ensure that all components of the subsea cable supply chain can be sourced and produced at scale by trusted companies. The New York Statement was launched nearly one year ago on the sidelines of the UN General Assembly; the session in September offers an ideal time for a follow-up meeting.
As for the cyber threats posed by untrusted cable repair vessels, it is not currently feasible to suggest the United States, Europe, and others merely refuse service from Chinese-flagged repair ships. The global repair fleet is aging and spread thin as is, and it is possible that China could restrict the activities of foreign-flagged repair vessels in its territorial or exclusive economic zone waters. To truly address the risks posed by Chinese maintenance ships, the United States, Europe, and especially countries with advanced shipbuilding capacities such as Japan and South Korea must increase their production of repair vessels. New York Statement signatories should also lead a global push to rethink the current commercial models of global cable maintenance agreements.
***
European governments have understandably been laser focused in recent months on physically protecting their critical underwater infrastructure and deterring malign actors from future sabotage attempts. Now, given the recent FCC moves on cable cybersecurity, Europe cannot sit idly by. Luckily, policymakers in Europe largely share the U.S. government’s concerns and have the tools at their disposal to implement similar policies, which they should. The last thing needed is for U.S. and European diplomats to waste time debating policies they agree should be adopted. There are bigger issues at stake in the transatlantic relationship right now.
– Erik Brown is a nonresident researcher in the Europe Program at the Carnegie Endowment for International Peace. His areas of focus include transatlantic trade and technology policy, critical infrastructure protection, and international economic competition. Published courtesy of Lawfare.
