Europe vs China vs US: Who Controls Your Tech?
Find Threat Talks on
Europe vs China vs US: Who Controls Your Tech?
What if your biggest cyber risk isn’t your vendor, but where your vendor is based?
Organizations today rely heavily on foreign technology. Chinese components are embedded across infrastructure, while much of the cloud and software ecosystem is controlled by US providers. In many cases, these systems support critical functions, without organizations having full control over how they operate or where data flows.
In this episode of Threat Talks, Lieuwe Jan Koning, Co-Founder and CTO at ON2IT Cybersecurity, speaks with Lokke Moerel, Professor of Global ICT Law at Tilburg University and one of Europe’s leading experts on cybersecurity regulation, to unpack how the EU is responding.
The focus is not on adding more rules, but on fixing the system itself.
The new cybersecurity package aims to reshape supply chain security by introducing a more consistent certification approach, improving incident notification, and separating technical security requirements from geopolitical decision-making.
The goal is not more regulation. It is clearer accountability.
For organizations, this means rethinking how they approach supplier risk and cybersecurity risk mitigation strategies in an environment where dependency on external providers is no longer just an operational issue, but a core security concern.
What you’ll learn
- Why dependency on foreign suppliers creates hidden risk
How reliance on Chinese components and US cloud services introduces risks that go beyond traditional cybersecurity controls - How the EU is reshaping supply chain accountability
What a unified certification approach means for suppliers, buyers, and cross-border operations - Why separating security from geopolitics changes the model
How decoupling technical requirements from sovereignty debates enables faster and more practical implementation - What organizations must do now to adapt
Why mapping critical functions and supplier dependencies is key to strengthening cybersecurity risk mitigation strategies
Your cybersecurity experts
Lieuwe Jan Koning
Co-Founder and CTO
ON2IT
Lokke Moerel
Professor of Global ICT Law
Tilburg University
Episode details
Supply chain security is no longer just a technical problem.
It is a dependency problem.
Critical infrastructure across Europe relies on foreign technology.
Chinese components are embedded in systems.
US providers control large parts of the cloud.
That means organizations depend on systems they do not control.
In this episode of Threat Talks, Lieuwe Jan Koning speaks with Lokke Moerel about how the EU is responding to that reality.
The current model of audits and supplier checks does not address this risk.
It measures compliance, not control.
The EU’s new cybersecurity package introduces a different approach.
A unified certification model across Europe.
Clearer rules for suppliers supporting critical functions.
And a structural separation between technical security and geopolitical decisions.
This allows security requirements to move forward, while decisions about high-risk suppliers are handled at a different level.
For organizations, this changes the focus of cybersecurity risk mitigation strategies.
It is no longer just about whether a supplier is secure.
It is about who controls the technology, where it comes from, and whether it can be trusted in critical environments.
Supply chain security is shifting from audit-based assurance to control-based risk management.
Get your Hacker T-shirt
Join the treasure hunt!
Find the code within this episode and receive your own hacker t-shirt for free.
