The Volt Typhoon Group and Its U.S. Targets
The FCC explicitly cites repeated Chinese cyberattacks against U.S. networks to justify its decision of June 26, 2026. Among the most well-documented threats is the Volt Typhoon hacking group, linked to the PLA, which has been identified as having established a foothold in critical U.S. infrastructure—power grids, water systems, and communications—with the presumed aim of potential sabotage in the event of a conflict. This is not ordinary cybercrime: it is military preparation for operations of massive disruption.
U.S. cybersecurity agencies—CISA, the NSA, and the FBI—issued joint alerts about Volt Typhoon in 2023 and 2024, describing how the group had infiltrated critical infrastructure networks and maintained a low-profile presence there for extended periods. Huawei and ZTE equipment in rural networks could theoretically facilitate these operations by providing attackers with additional access points.
The Threat to Submarine Cables Carrying Financial Data
The FCC also cites the threat of sabotage against undersea cables carrying sensitive financial data. This issue receives less media attention than cyberattacks, but its strategic significance is considerable. Submarine cables carry more than 95% of intercontinental digital communications, including global financial transactions worth trillions of dollars daily. Sabotaging or disrupting them would constitute an economic weapon of extraordinary power.
Recent incidents—notably suspicious cable cuts in the Baltic Sea attributed to Russian operations—have turned this long-theoretical risk into a concrete reality. In the Indo-Pacific context, where China has a rapidly growing navy and documented submarine capabilities, protecting critical undersea cables is a top national security priority for democracies.
The threat to undersea cables is likely the aspect of network security that is least understood by the general public. We live in a global digital economy whose physical infrastructure relies on cables that traverse largely unmonitored seabeds. The vulnerability is real, well-documented, and underestimated in public discourse.
Huawei, ZTE, Hikvision: Why These Companies in Particular?
Documented ties to China’s security apparatus
Huawei, China’s largest telecommunications company and one of the largest in the world, has been the subject of documented national security concerns for more than a decade. Reports by U.S. and British parliamentary committees have established links between Huawei’s corporate structure, the Chinese Communist Party, and Chinese military intelligence services. China’s 2017 National Intelligence Law requires Chinese companies to cooperate with intelligence agencies upon request—creating a legal obligation that Huawei has never been able or willing to convincingly refute during Western parliamentary hearings.
ZTE has already been subject to U.S. sanctions for violating export regulations regarding Iran and North Korea. Hikvision, the world’s largest manufacturer of video surveillance cameras, has been implicated in supplying surveillance systems used in detention camps in Xinjiang, where the UN has documented serious human rights violations against the Uyghur population.
Kaspersky, DJI, and TP-Link: The Diversity of Threats
The inclusion of Kaspersky—a Russian cybersecurity company—on the Covered List serves as a reminder that threats do not come solely from China. Kaspersky’s antivirus and security software has access to the systems it protects—access that Russian intelligence agencies could theoretically exploit through legal obligations similar to those in China. The FCC is treating this threat with the same rigor as it does the threat from China.
Drone manufacturers DJI and Autel Robotics pose specific risks: their devices transmit location data and images to servers, some of which are located in China. DJI drones have been used by U.S. police and firefighters, potentially collecting data on sensitive infrastructure that could be transmitted to Chinese servers. TP-Link, a manufacturer of consumer routers, has been the subject of investigations into vulnerabilities in its firmware that could potentially be exploited by state actors.
The list of banned companies illustrates something that policymakers sometimes struggle to articulate clearly: the threat does not come from a single malicious company, but from an entire technological ecosystem whose data governance rules do not align with democratic standards. The FCC’s decision is a systemic response to a systemic problem.
The Implications for U.S. Businesses and Consumers
The Cost of the Transition for Small Rural Operators
The FCC’s June 26, 2026, decision comes at a cost to the U.S. economy. Small rural telecommunications operators that had deployed Huawei or ZTE equipment for cost reasons now face significant “rip-and-replace” expenses. A federal funding program—the FCC’s Secure and Trusted Communications Networks Reimbursement Program—exists to assist these operators, but its resources are limited and do not cover all documented needs.
This transition cost is real and deserves to be acknowledged honestly. National security decisions have economic costs that end users do not always see directly—they are spread across telephone rates, federal funding, and infrastructure costs. The political acceptability of these costs is easier to maintain when the risks averted are clearly communicated to the public.
Drones, Cameras, and Routers: A Replacement Market to Be Built
The ban on DJI, Hikvision, and TP-Link equipment creates market space for alternatives produced by companies not based in countries on the Covered List. U.S. drone manufacturers like Skydio, European camera manufacturers, and router producers based in allied countries will benefit from this opening. The FCC’s decision is therefore also an indirect industrial policy—it supports the development of sovereign technological alternatives without direct subsidies.
This process takes time. Alternatives are not always immediately available at the same performance level and price as the banned Chinese products. This is precisely why decisions of this kind must be made early—when alternative supply chains can still be built up gradually, without the pressure of an immediate crisis.
I want to be clear about one thing: the Chinese technology products targeted by the FCC’s decision are often technically excellent and inexpensive. It is not their quality that is the problem—it is their data governance architecture and the legal obligations to which their manufacturers are subject under Chinese law. It would be dishonest to confuse criticism of security with criticism of quality.
Europe and the Delay in Responding to Huawei
The U.S. Decision Versus European Hesitation
The European Union has handled the issue of Huawei’s involvement in 5G networks with a caution that has often bordered on complacency. The EU’s 5G Toolkit, published in 2020, recommended that member states restrict or exclude high-risk suppliers from their sensitive 5G infrastructure—without imposing a formal ban. Countries like Germany have been slow to make firm decisions, partly due to pressure from the telecom operators’ lobby, which had already deployed Huawei equipment.
The U.S. decision of June 26, 2026, puts further pressure on European governments that have not yet taken comparable measures. Against the backdrop of global technological rivalry and growing concerns about the security of critical networks, maintaining Huawei equipment in sensitive networks is becoming increasingly difficult to defend politically—especially after such a symbolically significant decision by the U.S. Congress and the FCC.
The United Kingdom as a Positive Precedent
In 2020, the United Kingdom decided to completely phase out Huawei from its 5G networks by 2027—after years of debate and hesitation. This decision, which was difficult both economically and diplomatically, demonstrated that a major European democracy could impose firm restrictions on Huawei without catastrophic diplomatic and economic consequences. Sino-British relations have deteriorated, but the United Kingdom has demonstrated its ability to make firm national security decisions when the evidence warranted it.
This British precedent, combined with the U.S. decision of June 26, 2026, should accelerate similar decisions in European countries that have not yet acted. Coordination among allies is crucial here: a Europe in which some countries continue to use Huawei equipment in their sensitive networks represents a weak link in the collective security of the Atlantic Alliance.
The slowness of certain European governments to take action on Huawei has always struck me as indicative of a confusion between short-term economic interests and long-term collective security. Telecommunications companies that had deployed Huawei equipment did not want to bear the cost of the transition. Governments agreed to prioritize these private interests over national security. This is a telling choice.
What the FDD Says in Its June 30 Analysis
The Arguments of the Foundation for the Defense of Democracies
The Foundation for the Defense of Democracies (FDD), in its June 30, 2026, analysis, welcomes the FCC’s decision while highlighting its limitations. The analysis notes that the decision fills a real gap—the sale of older models was a problematic inconsistency. But it also highlights several implementation challenges: transition periods for operators that rely on this equipment, the risks of circumvention via third countries, and the need to coordinate this decision with the policies of allies to prevent leaks in the supply chain.
The FDD is a conservative American think tank whose positions on China are consistently hawkish. Its analyses on technology security should be read through this lens—they may overemphasize the risks and underemphasize the economic costs of certain measures. But on the specific issue of the Covered List, the documented facts generally confirm the concerns it raises.
Unresolved Issues Following the Decision
The June 26, 2026, decision does not resolve all issues. It does not cover equipment already installed in U.S. networks—replacing it remains a lengthy and costly process. It does not apply to equipment manufactured in third countries by subsidiaries of these groups. It does not automatically coordinate the U.S. response with that of European and Asian allies, creating potential asymmetries in collective security. These real shortcomings do not invalidate the decision—they point to the necessary next steps.
In particular, the risk of circumvention via third countries warrants special attention. Entities affiliated with Huawei have in the past attempted to circumvent U.S. restrictions by manufacturing equipment through subsidiaries in countries not covered by the restrictions. Vigilance on this point by U.S. export control agencies is a prerequisite for the decision’s long-term effectiveness.
Think tanks such as the FDD play a useful role in documenting threats—but their recommendations must be evaluated with an eye toward their institutional biases. In this specific case, I agree with their general conclusion regarding the necessity of the ban, while acknowledging the real economic costs that their analyses tend to downplay. Security policy does not come without a cost.
The Response to the Cyber Threat from Russia and Iran
A decision that goes beyond China alone
The FCC has included on its Covered List companies associated not only with China but also with other countries that pose risks to U.S. national security. The inclusion of Kaspersky—a Russian cybersecurity company—stems from concerns similar to those raised about Chinese companies: legal obligations to an authoritarian state that could require cooperation with its intelligence services. In 2017, the U.S. government had already banned Kaspersky from government devices. The decision of June 26, 2026, extends this approach to the civilian market.
Cyberattacks against water, electricity, and telecommunications systems attributed to state actors—primarily Russian, Chinese, and Iranian—all have one thing in common: they exploit vulnerabilities in equipment deployed in critical networks. The FCC’s decision aims to reduce the attack surface by eliminating equipment whose potential vulnerabilities are linked to its governance rather than solely to its technical architecture.
The Specific Risk to Water Systems and Civil Infrastructure
Recent reports, including one published by Dark Reading in 2026, have specifically documented how Iran, Russia, and China are targeting U.S. water distribution systems. These attacks—including compromises of SCADA systems that control pumps and chemical treatments for drinking water—pose a direct threat to public health. Similar incidents have targeted healthcare facilities, dams, and traffic management systems.
The connection between these cyberattacks and equipment on the Covered List is not always direct—not all attacks go through Huawei or ZTE equipment. But this equipment can provide initial points of access to networks that are then exploited laterally to reach critical systems. This is why eliminating these potential entry points remains a national security priority, even if the specific causal chain cannot always be publicly documented.
The security of water systems is a vulnerability that few ordinary citizens associate with geopolitical rivalry with China or Russia. And yet, sophisticated attackers specifically target the most fundamental systems—those whose disruption would cause immediate public panic. The FCC’s decision is part of a defense of civilian infrastructure that goes far beyond telecommunications.
Conclusion: A Necessary Decision, but Only the Beginning
What the FCC’s Decision Really Achieves
The FCC’s June 26, 2026, decision achieves something real and significant: it eliminates a glaring inconsistency in U.S. network security policy. It sends a clear signal to equipment manufacturers that the United States takes seriously the risks posed by companies subject to China’s intelligence laws. It sets a precedent that allies can cite to justify their own similar decisions. These achievements are real and deserve recognition.
What it does not accomplish: it does not resolve the issue of equipment already deployed. It does not automatically coordinate a coherent allied response. It does not address the broader problem of Western technological dependence on components manufactured in China in segments not covered by the Covered List. These are the next challenges on the list.
The Urgency of a Coordinated Response Among Allies
The U.S. decision of June 26, 2026, must mark the beginning of allied coordination, not an isolated unilateral action. NATO members, the Five Eyes partners, the Quad, and other U.S. technology allies all have a stake in harmonizing their policies on controlling equipment in their critical networks. A collective security chain is only as strong as its weakest link—and as long as some allies maintain Covered List equipment in their infrastructure, collective protection remains incomplete.
The Five Eyes, which recently coordinated a public warning about Chinese espionage via LinkedIn, have the existing structure to also coordinate their network equipment security policies. This coordination—technical, political, and diplomatic—is an investment in collective security whose long-term return far exceeds its cost.
I’ll conclude this commentary with a simple conviction: the FCC’s decision of June 26, 2026, is the right one. It is overdue, incomplete, and requires coordinated follow-up. But it is the right one. In a geopolitical world where courageous national security decisions are often postponed for economic and diplomatic reasons, recognizing when the right decisions are made is just as important as pointing out their limitations.
Review and Outlook
A series of decisions that outline a coherent strategy
The FCC’s June 26, 2026, decision is part of a broader picture: export controls on chips, surveillance of Chinese embassies, warnings about espionage via LinkedIn, and sanctions imposed by Beijing on Japanese entities. These seemingly disparate elements paint a picture of global technological and security competition in which network equipment is just one front among many.
The United States, despite its internal contradictions and hesitations, is gradually building a technological security architecture that takes its rivalry with China seriously. This architecture is incomplete, sometimes incoherent, and often lagging behind the pace of threats—but it exists and is moving forward. That is more than Europe as a whole can claim.
What Europe Must Do Now
The FCC’s June 26, 2026, decision is an implicit call to Europe: align with these standards or accept the role of the weak link in collective transatlantic security. Countries such as Germany, Italy, and others that have not yet made firm decisions regarding Huawei and comparable equipment must accelerate their decision-making processes. The window for coordinated action with the U.S. partner is open—but it will not remain so indefinitely.
Europe’s technological dependence on China in critical sectors is a strategic risk that the Old Continent can no longer afford to downplay. Decisions such as the FCC’s ruling of June 26, 2026, are calls to action—but also warnings about the rising cost of inaction.
By Maxime Marquette, columnist
The Europe I admire—the Europe of the rule of law, human rights, and democracy—needs to develop a strategic backbone in its technological competition with China. Goodwill is no longer enough. Values must be defended through concrete decisions, real investments, and strong coordination among allies. The FCC’s decision should serve as a model and a catalyst.
Sources
Primary Sources
FDD — FCC Introduces New Bans on Chinese Equipment Linked to Cyber Risks — June 30, 2026
Dark Reading — Iran, Russia, and China Target Water Systems for Sabotage — 2026
The Star — U.S. hearing warns that Chinese economic espionage is targeting AI — June 28, 2026
Secondary Sources
Cyber Warrior — Strategic Cyber Threat Intelligence — June 2026
This content was created with the help of AI.