China will hit EU firms with reciprocal measures if the bloc targets Chinese firms as planned under its proposed cybersecurity regulations, Beijing has warned.

In a 30-page document submitted to the European Commission on Friday, China’s commerce ministry explicitly warned that broad retaliation was on the table if firms such as Huawei and ZTE were penalised by the law, which was announced in January but is still in draft form.

“If the EU designates China as a ‘country posing cybersecurity concerns’ or lists Chinese entities as ‘high risk suppliers’ to phase out equipment manufactured by Chinese businesses in a compulsory manner and exclude Chinese products and services from the EU market, China can launch relevant investigations into the EU or EU businesses, and take reciprocal measures,” stated a submission from the ministry in response to the commission’s request for feedback.

The sweeping new cybersecurity act would, if adopted, create a framework that would compel EU members to remove firms identified as a security risk from their 5G networks – a measure that has so far only been recommended – within three years of coming into force.

It marks the first time Brussels has attempted to make removal mandatory and could be the tip of the iceberg for Chinese firms such as Huawei and ZTE.

Under the act, the EU can designate an entire country as a “cybersecurity threat”. This would then see companies from that country excluded from sectors across the 27-member union, starting with telecommunications but then extending into a raft of hi-tech industries and critical infrastructure.

In future, designated companies could be considered off limits in sensitive sectors, including connected vehicles, electricity and water supply and storage, cloud computing, medical devices, space services and semiconductors, according to the proposal.

Beijing panned the plans as “highly subjective and discretionary”, warning in unusually strong language that if enacted, “economic cooperation will be inevitably pushed towards de facto decoupling”.

The direct threat of retaliatory probes was accompanied by the promise of litigation. Beijing said the proposal “violates multiple WTO rules” and “cannot be defended by invoking relevant exceptions”.

Perhaps pre-empting a possible EU defence under national security exceptions at the World Trade Organization (WTO), the ministry said “national security is an exclusive competence of member states”.

It argued that grounding the proposal in internal market law sat uneasily with any future claim that the measures were fundamentally security driven.

In doing so, Beijing is also tapping into an inherent tension within the EU. Some capitals have been uncomfortable with Brussels’ attempts to steer matters of economic security, pointing to the blurred lines with national security, jurisdiction over which resides within the individual nation states.

This dynamic has already complicated efforts to adopt an “economic security strategy”, which would have resulted in a bloc-wide export control regime and a screening system for outbound investments into sensitive sectors – both of which would have affected EU-China commercial ties.

Litigation of this manner would be an early test for the compatibility of the world’s new taste for economic security and the underlying rules of global trade.

In asking for amendments to the act, Beijing said the entire section marked “countries posing cybersecurity concerns” should be deleted. Stating that there was no “technical” evidence of Chinese firms posing security risks, it said the act’s plans to make judgments on “non-technical” risks should also be deleted, hinting that Beijing believed such language allowed decisions to be based on political factors.

China’s response adds to a growing cycle of legal threats and countermeasures in its relations with Europe, ties that have been marked by trade tensions in recent years. Companies from both sides have complained they are caught between two competing legal systems that are increasingly at odds.

In public and in private, Beijing has objected to the EU’s proposed industrial accelerator act, which would seek to favour local firms where possible and add conditions on Chinese investments in Europe, such as technology transfer.

For Europe, meanwhile, there are growing concerns over new Chinese industrial supply-chain regulations.

These allow authorities to investigate and take measures against any foreign organisation or individual that Beijing says “disrupts normal trade with Chinese citizens and organisations, imposes discriminatory measures on Chinese citizens and organisations”, or “causes actual damage or poses a threat of causing actual damage” to China’s industrial and supply chains.

Companies or people who “conduct investigations into Chinese supply chains” can be punished with exit bans, deportation, investment bans or transaction bans.

In a statement last week, the EU Chamber of Commerce in China said EU firms would struggle to simultaneously comply with laws at home and in China.

“Given that many European companies must also comply with European directives related to supply chain due diligence – which requires them to perform audits to demonstrate transparency along their entire supply chain – there is a risk that the information that needs to be collected as part of this process could be interpreted as violating Chinese law,” the chamber’s statement said.

Chinese firms have also complained about the complex regulatory tangle. Last week, airport scanner manufacturer Nuctech began litigation proceedings against the European Commission over its use of the foreign subsidies regulation against the firm in 2024.

In a previous case that was rejected by the EU’s General Court in Luxembourg, Nuctech had claimed it was unable to comply with the commission’s request to hand over reams of information because the firm would contravene laws governing data flows and state secrets in China.