Europe’s push for greater cybersecurity resilience is both necessary and overdue. In the wake of Russia’s invasion of Ukraine, escalating geopolitical tensions, and mounting concerns over digital espionage, Brussels has placed network security at the center of its strategic agenda. Through strengthened frameworks such as the NIS2 Directive and broader efforts to phase out “high-risk” vendors from critical infrastructure, the European Union is seeking to shield its digital backbone from external vulnerabilities. 

Few dispute the legitimacy of that ambition. Telecommunications networks underpin Europe’s economy, governance, and security architecture. They enable financial transactions, energy grid management, defense coordination, healthcare systems, and the everyday digital interactions of nearly 450 million citizens. In an era where cyber operations are routinely used as instruments of geopolitical pressure, digital resilience is not merely a technical objective — it is a matter of sovereignty. 

But there is an uncomfortable truth at the heart of this effort: Europe’s telecommunications networks are deeply interdependent, technically integrated, and economically fragile. Without a coordinated and adequately financed transition strategy, the EU’s cybersecurity agenda risks destabilizing the very infrastructure it aims to protect. 

The warning signs are already visible. Earlier this month, Portugal’s major operator MEO joined 22 European telecom operators in a letter to the European Commission cautioning against an accelerated, blanket ban on Chinese telecommunications equipment. The operators argued that abrupt replacement mandates could impose up to €12.9 billion in costs within three years — a figure they suggest may underestimate the true burden once service continuity, interoperability challenges, and deployment delays are factored in. 

This is not a debate about geopolitics alone. It is a question of engineering, economics, and sequencing. 

Europe’s telecom networks are not modular systems where one supplier can simply be unplugged and swapped out overnight. Radio access networks (RAN), core infrastructure, fiber backbones, data centers, edge computing nodes, and roaming frameworks are interlinked across borders. Software layers are integrated with hardware ecosystems through proprietary interfaces refined over years of operation. Standards coordination binds national networks into a continental system that enables seamless cross-border communication. 

In such an environment, equipment replacement is not a surgical intervention; it is structural surgery. 

Removing a major vendor requires redesigning network architecture, renegotiating vendor contracts, retraining technical staff, recalibrating software compatibility, and often reconfiguring spectrum optimization strategies. These processes take time and capital. If rushed, they risk outages, degraded performance, and security gaps created during transition periods. 

Security, therefore, cannot be achieved through fragmentation. 

Greece: A Case Study in Strategic Interdependence 

For Greece, this debate is not abstract. 

The country’s telecommunications infrastructure reflects decisions made during the sovereign debt crisis, when operators prioritized affordability and long-term financing options to preserve network expansion despite constrained capital markets. Chinese suppliers — particularly Huawei — offered competitive pricing and vendor financing at a time when European operators faced acute liquidity pressures. 

As a result, more than half of Greece’s 4G radio access infrastructure is estimated to rely on Huawei equipment. One major operator’s network has historically been almost entirely built on Huawei RAN technology. Meanwhile, COSMOTE — the dominant player in the Greek market and a subsidiary of OTE Group — has maintained a mixed-vendor strategy but still operates within an ecosystem shaped by earlier supplier choices. 

The implications are significant. 

Telecommunications in Greece underpin sectors central to national stability and economic growth. Tourism logistics depend on reliable mobile coverage across islands and remote coastal regions. Maritime operations rely on continuous connectivity for fleet management and port coordination. Banking, public administration, and emergency services are increasingly digitized. The country’s 5G rollout — essential for smart infrastructure, telemedicine in remote communities, agricultural modernization, and future industrial competitiveness — depends on stable investment cycles. 

Forcing rapid equipment replacement without a coordinated EU funding mechanism would not only strain operators’ balance sheets; it could slow network expansion, raise consumer costs, and deter capital inflows. In a country still consolidating its economic recovery, such disruptions carry macroeconomic weight. 

Moreover, Greek networks are fully integrated into European roaming systems and cybersecurity coordination frameworks. Disruption in one member state does not remain local. Cross-border data flows, enterprise services, and cloud-based applications operate on shared standards and synchronized infrastructure. Instability in one node reverberates across the Union. 

The Cost of Disunity 

Europe’s cybersecurity agenda is driven by legitimate concerns: espionage risks, supply-chain vulnerabilities, and strategic dependency on non-EU vendors. Policymakers are rightly wary of concentrated technological reliance in a world defined by geopolitical competition. 

But resilience cannot be decreed; it must be engineered. 

If member states adopt divergent timelines, funding models, and regulatory interpretations for vendor replacement, the result will not be greater security but systemic fragmentation. Smaller markets such as Greece, Portugal, or several Central and Eastern European states would bear disproportionate costs relative to GDP and operator revenues. Larger economies may manage transition more smoothly, but the system as a whole would become less coherent. 

This would create a two-speed Europe in digital infrastructure: some networks rapidly reconfigured under financial strain, others transitioning gradually with greater fiscal backing. Such asymmetry undermines the very objective of collective resilience in Europe’s single market. 

Strategic autonomy is expensive. Rebuilding supplier ecosystems, diversifying vendors, supporting European alternatives, accelerating open RAN innovation, and maintaining uninterrupted service across 27 member states will require billions of euros in coordinated investment. Yet the cost of failing to coordinate may be far greater: delayed 5G deployment, reduced network quality, higher consumer tariffs, and weakened competitiveness vis-à-vis the United States and East Asia. 

Europe’s networks are a web. Their interdependencies — technical, financial, and regulatory — are both their strength and their vulnerability. A cybersecurity strategy that overlooks those interconnections risks crippling European infrastructure through policy shock rather than foreign interference. 

The solution is neither retreat nor complacency. It is cohesion. 

Brussels must pair security mandates with EU-level financing tools — whether through dedicated digital resilience funds, expanded use of the Recovery and Resilience Facility, or coordinated investment guarantees from the European Investment Bank. Transition timelines must reflect engineering realities, not political urgency alone. Interoperability planning must be continental, not national. Technical audits must be harmonized to prevent regulatory patchwork. 

Equally important, telecom operators must be treated as implementation partners rather than compliance targets. Structured consultation mechanisms, phased replacement schedules, and predictable regulatory frameworks would reduce uncertainty and stabilize capital planning. Without industry alignment, policy ambition risks outpacing operational feasibility. 

Security without coordination becomes instability. Coordination without funding becomes rhetoric. 

Europe cannot afford either. 

For Greece — and for Europe as a whole — cybersecurity must strengthen the network, not unravel it. The Union’s digital autonomy will ultimately depend not only on the exclusion of perceived risks, but on the careful orchestration of transition. In complex systems, resilience is not achieved by pulling threads abruptly; it is built by reinforcing the fabric as a whole. 

The stakes are not theoretical. Europe’s economic competitiveness, strategic autonomy, and digital cohesion depend on getting this balance right.