Neo Institute Europa

The Landscape of Chinese Cyber Activities in Europe

Cyberspace has become a key arena of geopolitics due to Europe’s growing reliance on digital technologies. Once seen as a technical issue, it is now central to European security and the economy. The EU, traditionally focused on integration, trade and regulation, is under increasing pressure as cyber operations become tools of global power. China stands out as a skilled and persistent actor, expanding its cyber capabilities for espionage, intellectual property theft, and creating potential backdoors into critical infrastructure.

Europe’s relationship with China is complex. While Beijing poses a security threat, it remains an essential economic partner. Chinese markets and technology are vital to sectors like manufacturing and telecommunications. This tension is clear in debates over Huawei’s role in Europe’s 5G rollout. The decisions Europe makes today will shape its digital sovereignty and geopolitical power for years to come.

Cyber Espionage

The evidence supporting the long-standing accusations that Chinese state-affiliated hacking groups target European governments, corporations, and research institutions are growing. Across the continent, operations to steal confidential data have been linked to groups like APT27, APT30, APT31, Mustang Panda and GALLIUM, many of which are thought to be run by China’s Ministry of State Security (MSS).

A notable example happened in 2021, when Microsoft, followed by the US, UK, EU and NATO, held Chinese actors (Hafnium/APT40) responsible for the massive Microsoft Exchange Server breach that affected thousands of organizations worldwide, including many in Europe. The BfV, Germany’s domestic intelligence agency, disclosed the following year that APT27 was responsible for an extended campaign to steal data from German businesses. A year later authorities in Belgium discovered espionage against several Ministries, connecting the activity to three other groups with ties to China, including APT27. More recently Czech officials have accused Chinese hackers of breaching the Foreign Ministry, while Dutch Defence Minister warned that Chinese spying efforts are intensifying, particularly in the semiconductor sector. In the UK, concerns have intensified over Chinese tech firms like Huawei, Hikvision, and state-linked data centres potentially serving as conduits for espionage, raising alarms about national security vulnerabilities. These are not isolated incidents; rather, they indicate a purposeful and well-coordinated plan to obtain political intelligence, increase bargaining power, and gradually erode Europe’s technological expertise.

Intellectual Property Theft and Strategic Advantage

The systematic theft of intellectual property is one of the main tenets of Chinese cyber activity in Europe. Chinese hackers have been implicated in breaches reported by European companies in the fields of advanced manufacturing, renewable energy, automotive design, and pharmaceuticals. This poses tremendous risk as these are sectors where Europe has long held a leading position.

It has been proposed by European cybersecurity experts that it would be naïve to think that these activities are arbitrary and not related to Beijing’s industrial modernisation strategy, particularly the “Made in China 2025” initiative, which aims to reduce dependency on foreign expertise and achieve dominance in future industries. For Europe, losing its competitive edge in global markets has longer-lasting, more serious consequences than the immediate financial losses from stolen blueprints, prototypes or research. Chinese companies can efficiently copy stolen designs and release cheaper products, undermining European leaders who have spent years innovating. Stolen research compromises Europe’s leadership in sectors vital to future economic success and strategic independence, while also weakening balance sheets.

Backdoors and Supply Chain Infiltration

Beyond overt espionage, vulnerabilities in software and hardware supplied by Chinese companies are a growing concern. Security experts warn that devices from firms with ties to Beijing may contain hidden backdoors, either intentionally built in or susceptible to government exploitation.

These risks pose serious strategic blind spots as Europe grows more reliant on foreign vendors for routers, cloud computing, and other critical technologies. U.S. and Australian intelligence have identified instances where Chinese-made tech was linked to unauthorized data access. In Europe, 5G deployment remains a focal point, with Huawei at the centre. Spain, like several EU countries, is using Huawei to build parts of its national infrastructure, raising debate over whether cost and speed outweigh long-term security risks. This goes beyond connectivity: Europe’s security, economy, and political independence could all be at risk if critical networks are compromised or manipulated during a crisis.

Fragmentation in EU Responses

The conflict between security risks and economic opportunities is especially clear in the Huawei case. With advanced 5G technology and affordable prices, Huawei is deeply integrated into Europe’s digital infrastructure. Spain is a key example, as Huawei maintains strong partnerships with major telecom companies and remains heavily involved in its 5G rollout. Unlike some EU countries, Spain has not fully banned Huawei equipment, despite accepting the EU’s 5G “toolbox” recommendations. Spanish policymakers now face a difficult balance between the risks of dependency and benefits like cost savings, technical performance, and speed. Critics warn that Huawei’s deep integration threatens Spain’s digital resilience and strategic autonomy. This reliance poses risks not only to Spain but also to the wider EU due to strong interconnection and data sharing among member states.

This example shows a recurring issue, Europe has responded inconsistently to Chinese cyberthreats. While some European countries have banned Chinese tech firms, often under U.S. pressure, others embrace Chinese involvement, prioritizing speed and cost over security. This approach leaves Europe vulnerable, as weaknesses in one nation’s digital infrastructure can spread across borders. Overall, it makes it harder for the EU to show unity to Beijing, which often exploits these differences, raising questions about whether the bloc is doing enough to protect itself.

The controversy surrounding Chinese technology is a sign of a more serious issue: Europe still does not have a comprehensive cybersecurity strategy. Even though regulations like the NIS2 Directive show progress, they are still only a portion of the answer. Without better coordination and a shared vision, Europe risks staying reactive, responding to threats only after they emerge instead of proactively securing its digital sovereignty.

Broader Policy Concerns

The debate over Huawei is really a reflection of Europe’s broader anxieties about its dependence on Chinese technology. The EU has structural weaknesses that could be used against it during geopolitical tensions because supply chains for everything from telecom hardware to semiconductors are still largely centred in East Asia. The Russian invasion of Ukraine provided a painful lesson: Moscow quickly exploited the leverage created by Europe’s excessive reliance on Russian energy. Many policymakers now caution that if vital infrastructure is still connected to Chinese companies, the same error may be made in the digital realm.

However, the road ahead is far from simple. China is one of Europe’s most significant markets in addition to being a supplier. From luxury brands in France and Italy to German auto giants, entire sectors of the European economy rely on Chinese demand. Therefore, limiting Chinese technology has actual economic and diplomatic repercussions in addition to technical and security ones. European leaders face the challenge of balancing digital sovereignty and resilience with avoiding escalations that could harm broader ties, shaping both the continent’s networks and its ability to act independently in an increasingly fragmented world.

Strategic Dependence and the Need for Resilience

Europe’s long-term challenge is to strengthen its domestic capabilities while reducing its reliance on Chinese technology. This calls for large investments in the European semiconductor, cloud, and telecommunications sectors, areas in which Europe has frequently fallen behind its international rivals. Additionally, it calls for tighter coordination with allies who have similar concerns about Chinese cyber practices, including the US, Japan, and Australia.

There are already some positive developments in progress. NATO has begun to take cyber defence more seriously as part of its collective security agenda, while initiatives such as the EU’s Cyber Resilience Act (CRA) seek to increase common standards for digital security. However, different member states continue to make uneven progress at varying rates. Ultimately, Europe must choose between remaining a fragmented, vulnerable digital market or becoming a unified actor that sets its own rules. This decision will shape its cybersecurity and influence in a world where digital power drives geopolitics.

Safeguarding Europe’s Digital Future

Chinese cyber activity in Europe is part of a broader strategy to advance Beijing’s geopolitical and economic goals. China seeks to exploit Europe’s openness through espionage, intellectual property theft, and potential control over digital infrastructure. The risks are significant: Europe’s security, competitiveness, and sovereignty are at stake if it fails to respond collectively. The Huawei controversy highlights the broader dilemma of balancing digital security with economic engagement.

Europe must adopt a unified approach rather than fragmented national responses. This includes stricter vetting of foreign tech providers, sustained investment in European alternatives, and deeper cooperation with like-minded partners. The lesson from dependence on Russian energy is clear, strategic vulnerabilities can become tools of coercion. Confronting the threats posed by Chinese cyber activity should be a top priority if Europe intends to safeguard its digital sovereignty and long-term strategic interests.

*The views expressed in this article are those of the author*

Javier Sutil Toledano is a cybersecurity and intelligence analyst with a background in Security, Intelligence, and Strategic Studies. He has broad experience in intelligence collection and analysis, with a focus on cybersecurity, hybrid threats, and geopolitical risk, including a Cybersecurity Internship at NATO.