Post by Frank Reiche, MBA

Head of Legal | Huawei Technologies Germany

EU Cybersecurity Regulation vs. National Sovereignty Can the EU centralize national security decisions without overstepping its bounds? In the latest issue of Rüstung, Sicherheit & Recht (Defense, Security & Law), Dr. Marc Salevic and Dr. Benedict Beierle from Pinsent Masons deliver a interesting commentary on the proposed CSA2. They outline 5 critical challenges facing the new framework: The "Elisa" Case: The Advocate General of the European Court of Justice indicates that telecommunications restrictions justified by national security must still meet strict EU law standards. Bans must be case-specific and subject to judicial review – not based on abstract politics. Competence Conflict: CSA2 attempts to centralize security decisions at the EU level. However, under Article 4(2) TEU, national security remains the exclusive responsibility of individual Member States. Subsidiarity at Risk: Security risks are deeply context-dependent. A mandatory EU-wide mechanism ignores the fact that milder coordination tools could preserve member states' decision-making spaces. Proportionality Challenged: CSA2 leans toward an automated, "one-size-fits-all" exclusion of suppliers simply based on their country of origin. Proportionality requires case-specific, progressive risk management instead (e.g., supplier diversification). The "Digital Sovereignty" Paradox: Will EU-wide bans actually achieve digital sovereignty? Overly restrictive security frameworks risk driving vulnerability by reducing market diversity, stalling innovation, and increasing costs. Economic competitiveness might be the more effective path forward. Read the full article in the July 1, 2026 edition of Rüstung, Sicherheit & Recht. #Cybersecurity #EUlaw #NationalSecurity #DigitalSovereignty #PinsentMasons #TechRegulation #CSA2

Post content