China: Ministry of Commerce submitted comments to European Commission citing concerns on Directive amending NIS2 to streamline compliance and align with the proposed Cybersecurity Act 2

On 17 April 2026, China’s Ministry of Commerce submitted comments to the European Commission on the European Union's Directive amending Directive (EU) 2022/2555 as regards simplification measures and alignment with the Proposal for the Cybersecurity Act 2, which applies to suppliers in sectors including energy, transport, and Information and Communications Technology. The draft introduces “non-technical risk” criteria, including the designation of “countries of cybersecurity concern” and “high-risk suppliers”, enabling their exclusion from supply chains across 18 sectors. The Ministry stated that these provisions broaden cybersecurity considerations into political and economic risk classifications, and may result in arbitrary and discriminatory restrictions on foreign suppliers. It further contended that it may be inconsistent with core World Trade Organisation principles, including most-favoured-nation and national treatment obligations, as well as with existing European Union commitments under international trade agreements. The Ministry also expressed concerns that the measures may extend beyond the European Union’s legal competence by affecting areas under member states’ responsibility, including national security. It also noted that the provisions could have implications for global supply chains and may affect digital and green transition objectives within the European Union. The Ministry called for the provisions to be removed or revised and stated that it will continue to monitor the process and may consider appropriate responses if the legislation is adopted with elements considered discriminatory.