But Europe’s mobile operators have warned the changes could have unintended consequences for network investment and connectivity.

In a statement issued on January 20, the GSMA said it shares the Commission’s objective of reinforcing Europe’s cybersecurity, but raised concerns about how the proposals would work in practice.

Mobile networks, the GSMA noted, are essential societal infrastructure and a key target for disruption. Against a backdrop of geopolitical tension and an increasingly complex threat landscape, operators have already invested heavily to ensure Europe’s digital infrastructure remains secure and resilient.

However, the GSMA warned that meeting new requirements would come at a significant cost, potentially diverting resources away from network upgrades and improvements to connectivity that businesses, consumers and public services depend on.

While supporting stronger cybersecurity, the industry body argued that any new measures must be strictly risk-based and operationally workable. According to the GSMA, the current proposals risk undermining operators’ ability to evolve networks at pace and meet Europe’s broader connectivity ambitions.

Particular concern was raised around supply chain security. The GSMA said legislative measures should be targeted, proportionate and based on comprehensive impact assessments, while providing long-term predictability for affected industries. Not all network equipment carries the same level of sensitivity, it argued, making blanket approaches unnecessary.

The proposed timelines were also flagged as a potential issue, with the GSMA warning that unrealistic implementation schedules could lead to service disruption for users and drive-up costs for operators.

The statement emphasised that Europe’s security and resilience are more critical than ever, and that mobile operators take their responsibilities seriously and will continue to invest to uphold high standards.

However, it added that EU policymakers must recognise the scale of ongoing investment required, warning that the revised Cybersecurity Act could place additional financial pressure on an industry already tasked with delivering next-generation connectivity across the continent.

The proposals will now be scrutinised by EU lawmakers as part of the legislative process.

RELATED STORIES

Satellite shake-out arrives early as Starlink tightens grip on NTN market: report

EU overhauls EuroHPC to power AI gigafactories and quantum build-out