Assessing the EU-China relationship in Cyberspace


On 22 June 2020, the EU-China Summit took place via video conference, representing an important opportunity to reinforce the bilateral relationship between Brussels and Beijing amidst the COVID-19 pandemic. In “EU-China – A Strategic Outlook”, the EU considers China as “an economic competitor in the pursuit of technological leadership”, next to being a negotiating partner and systemic rival. While Washington raises barriers on China and increases the level of complexity and uncertainty in the international stage, Brussels opts for a more constructive dialogue. This is not a naïve modus operandi, as many Western observers would argue to promote the idea of a divorce from China. On the contrary, the European Union has started to adapt itself to a changed global environment, developing a more rules-based and reciprocal partnership with its Chinese interlocutor.

The summit was a fundamental moment to highlight the EU position on new digital technologies, data protection and cybersecurity. In order to boost its responsiveness and resilience towards cyber challenges impacting the stability of the single digital market and the democratic order, the European Union is continuously strengthening its cybersecurity rules and mechanisms.

In April 2019, the European Council adopted the Cybersecurity Act to introduce a system of EU-wide Certification Schemes and to upgrade the European Union Agency for Network and Information Security (ENISA) in supporting EU Member States with new resources and tasks. In particular, following the act, ENISA was tasked with the maintenance of the European cyber security certification framework that serves as the basis for certification of ICT products, services and processes. Along with other initiatives, the goal is to secure Europe’s digital future and prosperity implementing the EU digital strategy and to appear competitive when compared with the cyber response capabilities of other states.

However, the journey toward the achievement of this ambitious goal cannot be exempted from a pragmatic and strategic cooperation with non-EU actors in deepening the understanding on cyber matters and prevent conflicts. All actors in the global scene are, indeed, paying greater attention to bilateral and regional interactions and negotiations in the cyber domain as a result of the growing digitalisation of economies and societies. Specifically, China and the European Union have activated different formulas to cooperate in the cyber area through the EU-China Cyber Task Force and the track 1.5 Sino-European Dialogue meetings. But even if the two players agreed on promoting norms, rules and principles for responsible state behaviour in the cyberspace, some obstacles must be still addressed.

China and the EU apply different approaches towards Global Cyber Governance. The Chinese position is based on the assumption that governments should govern the Internet.  China promotes an idea of cyber sovereignty which could lead to the balkanization of the cyber space – according to which countries create their specific Internet regime that should be respected without external interferences. In contrast, the EU supports the creation of a multiple stakeholder model, which also includes the private industry as an actor in cyber governance, to create an open and free cyber space, where the state occupies the position of facilitator in the development of the regulatory environment. In addition, while China advocates for a new treaty negotiated by states in the UN framework to regulate cyber space, the EU supports the applicability of the international law in the domain.

The global system which is to emerge in the post-pandemic era – ever more connected and digitalised – will lead to the need of reinforced cyber security mechanisms and diplomacy. For example, the Internet of Things (IoT) will significantly expand the frontiers of cyberspace, connecting sensors and actuators within a cyber-physical ecosystem, reaching 100 billion of objects networked by 2025. According to data reported by the independent cybersecurity company McAfee, cybercrimes related to criminals gaining illicit access to personal network costed the world USD 600 billion in 2017, which is up to 0.8% of the global gross domestic product (GDP). However, with the advent of IoT, the economic impact is destined to be even greater because of the extraordinary flow of data which brings challenges in boosting cyberattack capabilities and increasing the scale of the disruption across several sectors with a potential domino effect.

Besides the above-mentioned obstacles, internal coordination can no longer be dissociated from international cooperation and key players such as China and the EU will have to navigate this complex reality and act accordingly. The EU should deepen its ties with China in the framework of a pragmatic cyber partnership to strengthen the dialogue, build mutual trust, improve the sharing of key information to mitigate threats, prompt action in response, enhance law enforcement and shared understanding of domestic cyber policies, as well as identify lessons to learn from. For example, the EU’s General Data Protection Regulation (GDPR) has been object of research in China following the aim of improving the country’s Cyber Security Law on data protection.

Evidently, the world will not benefit from cyber chaos, generated by the spread of disinformation, intellectual property and data theft, or cyberattacks on critical infrastructures. Building a heterogeneous network of partnerships and a constructive dialogue in the cyberspace with China, could also support the European Union in positioning itself as a reliable and stable interlocutor even in the physical domain, where the veil of mistrust among countries – along with societal and economic fractures created by the virus emergency – is altering the equilibrium of the global system. International collaboration and dialogue at the bilateral and multilateral stage will therefore be indispensable.

Federica Russo, Associated Researcher, EIAS