Ed Bithell is a former UK civil servant and diplomat, now writing on trade and tech policy. His most recent position in government was spearheading new export controls against Russia. He was previously posted in Brussels, covering trade, technology, and R&D policy.

Sjorre Couvreur is a PhD fellow at Ghent University, working on EU trade policy, geoeconomics, and economic security.

Check out Ed’s previous piece on ChinaTalk, about the EU’s anti-subsidy probe against China’s EV sector.

When China’s top diplomat Wang Yi 王毅 insisted in his speech at the Munich Security Conference on February 17 that “it is imperative that China and Europe stay clear of geopolitical and ideological distractions,” there was little doubt in his European audience what he was taking aim at: just last month, the EU published a new set of measures within their economic security strategy, focused on critical technologies.

These measures have the potential to be a major step in global de-risking — not least because the EU is the largest integrated market in the world. It boasts some of the world’s most strategic companies, from Airbus to ASML, as well as many of the world’s leading universities researching technologies like quantum computing and biotech.

The problem is that the European Commission (EC) — the executive branch of the EU — does not clearly and automatically have any powers to regulate the EU’s economic security. Ever since its inception in the 1950s, the EU has centralized key levers of economic and commercial policy into the EC; meanwhile, security policy has been consistently reserved for EU Member States. Thus the web of legal and political powers necessary to take action on economic security is quite tangled, even for Brussels — and making new security policy decisions requires unanimous agreement from all twenty-seven Member States.

President Ursula von der Leyen’s EC doesn’t lack geoeconomic ambition; rather, it’s the Member States that need to reevaluate how much the EU can actually put into action, given its current division of powers and resources. EU Member States can’t be content to merely push through the occasional arrangement or harmonize a few more policies. Instead, they need to renegotiate and ultimately grant Brussels some concrete powers so that the EU can guarantee economic and technological security in the coming decade.

Systemic Constraints

The EU’s recent adoption of an Anti-Coercion Instrument (ACI) — a new trade weapon to tackle economic blackmail by countries such as China or Russia through adopting economic countermeasures — illustrates the difficulties the EC faces in making economic-security policy. The EC’s proposal symbolized von der Leyen’s efforts to enact a more assertive trade policy, but EU Member States quickly watered it down in negotiations, limiting the EC’s ability to unilaterally use the instrument.

The same issue is arising again now. On January 24, the EC released a Memo on European Economic Security. A cursory read of it seems to indicate that the EU is on track with the economic security strategy it adopted last June: the new Memo proudly states that “the European Commission adopted a comprehensive trade, investment and research package as part of the roll-out of the European Economic Security Strategy of 20 June 2023.”

Under the hood, however, there are a lot of blank spaces. Consider the following lines outlining the EC’s objectives:

• further strengthening the protection of EU security and public order by proposing improved screening of foreign investment into the EU;

• stimulating discussions and action for more European coordination in the area of export controls, in full respect of existing multilateral regimes and Member States’ prerogatives;

• consulting Member States and stakeholders to identify potential risks stemming from outbound investments in a narrow set of technologies;

• promoting further discussions on how to better support research and development involving technologies with dual-use potential;

• proposing that the Council recommends measures aimed at enhancing research security at national and sector level.

That all sounds good — but when you look past the bolded nouns, many of the verbs are pretty passive. In contrast with the bullish communication of last June’s strategy, the EC this time is moving forward quite cautiously, in some areas merely proposing better coordination, and in other areas doing nothing more than producing white papers.

And even last June’s strategy is still lacking in many areas, as the EC has discovered over the past seven months or so. In particular, an “unholy alliance” of Member States is developing with the potential to passively hamper many of its objectives, all of which require Member-State action. Some key Member States (e.g. Germany) see the EC’s approach as too protectionist; others (e.g. France) see it as too aligned with the United States; and others still just want to hold onto agency at the national level or (especially small and poor Member States) don’t want to pay for new systems monitoring technologies which their country doesn’t really handle. 

If all these countries resist for their own reasons, they can stop the current plan from being implemented. But blocking the EC’s ambitions, without an alternative, would most likely produce a loosely coordinated system whereby Member States apply differing but “harmonized” rules at differing levels of rigor. And a loosely coordinated system wouldn’t make the system European and independent like France wants, or as reliably friendly to trade as Germany wants; it wouldn’t even relieve small and poor MS of much of the bureaucratic burden. In other words, Member States can’t all get what they actually want by resisting the plan’s implementation. The only winners would be actors looking to exploit EU vulnerabilities and undermine EU credibility.

Investment Screening

What encapsulates the whole problem perhaps better than anything else is investment screening — specifically, the draft regulation that the EC proposed to update its 2019 FDI Regulation. Reviewing the 2019 Regulation’s implementation, the EC is quite clear that the most pressing barrier to its effectiveness is poor oversight by the Member States — both not having systems, and not being able to scrutinize intra-EU investment.

As this table shows, EU Member States have very asymmetric FDI capabilities, and some of the worst-equipped Member States have the least transparent business environments. That’s a serious chink in the EU’s economic armor, and it’s one that a big, strong-willed Member State like France can’t fix just by running its own systems perfectly.

The EC and European Court of Auditor’s own reporting estimates that “22.7% of the foreign acquisitions and 20% of the greenfield projects [from 2019 to 2023] were in Member States that did not have a fully applicable investment screening mechanism,” and approximately “42% of FDI stocks are located in these Member States.” Most tellingly, even though most Member States had screening systems by the end of 2023, “most acquisitions by Russian investors went to non-screening Member States.”

The risks are even worse if bad actors gain a foothold in the EU market. While Member States have the right to scrutinize intra-EU investments on security grounds, many do not have the systems necessary to do so; and given the high degree of economic integration, it is much harder in practice to scrutinize intra-EU FDI than non-EU FDI. (Bad actors already based in the EU could also hold up action with lengthy appeals to the European courts.) The new draft FDI regulation aims to cover any investment with “foreign control,” including foreign-owned subsidiaries in the EU — but in a country full of opaque foreign investments like Greece or Cyprus, how easy is that to determine?

Under the new draft proposal, presumably the EC will be able to sanction Member States if they don’t consistently fulfill their obligations — but that’s a long and slow process, and in practice, plenty of Member States (including big rich ones) take infraction penalties on the chin and continue enjoying noncompliance. Likewise, Article 9 of the proposal provides for the EC to investigate under its own initiative — but with only €5 million for the EC to run the entire program, it’s doubtful the EC could bring much heft to investigations (especially deals which haven’t been properly notified!).

Ultimately, the EC has now taken the view that the EU Treaties’ trade provisions justify EU-wide action even though security policy is reserved for Member States. Having all the systems at the Member-State level, the EC’s reasoning goes, creates investment barriers within the internal market. But that’s skirting around the real problem: it may be more satisfying for France and others in the short term to get their own authorities more coordinated instead of giving up any powers, but what if countries like Cyprus can’t and won’t operate a regime of comparable security?

Sometimes, big Member States are willing to make compromises on this sort of executive power. In 2021, Germany and France quietly cut a deal to let the EC enforce new antitrust measures on Big Tech, reducing pressure on the Irish and Luxembourgish authorities while keeping the right for their own competition authorities to undertake investigations (and ultimately report their findings to the EC for enforcement). A similar fix could work for FDI: the EC could be empowered to receive notifications and applications, and then undertake the primary ex ante clearance process, but with a consultation system so that Member States could automatically collaborate in the proceedings, as well as undertake their own investigations. Though imperfect, that kind of compromise would help guard against a system with glaring holes in it.

Export Controls

The EC also produced a white paper on expanding the EU’s export-control regime to cover more issues on economic-security grounds, especially on critical technologies. To be fair, the EU has made substantial progress in this arena already. It expanded its export-control regime well beyond dual-use goods in other areas. Impressively, it massively expanded its export-control regime on Russia and Belarus since 2022, covering everything from lithium batteries to PR services. (New sanctions, however, are subject to unanimous voting among the Member States, and Hungary in particular has increasingly moved to block any new measures in key areas like energy imports.)

Even so, the EU is still playing catch-up here. The most high-profile recent case of export controls for sensitive EU technology is that of ASML. There, the US Government, keen to cut off China from cutting-edge semiconductor manufacturing, directly approached the Dutch government and ASML itself, who blocked Chinese access. The EC — especially Internal Market Commissioner (and European Chips Act champion) Thierry Breton — was furious, even though it may well have ended up making the same decision. (France, Breton’s home state, just announced similar measures!) 

It’s not ultimately the EC’s fault that Member States haven’t yet set up a proper collective regime. But if some Member States are dragging their feet on developing a comprehensive policy aligned with today’s issues, then you can’t really blame a highly Atlanticist, capable government like the Netherlands for running ahead of the pack. Once again, the EU needs its Member States to be pragmatic and put the credibility of the bloc first — lest both the US and more cynical players prefer dealing with individual Member States.

There’s also an argument for making EU-level export controls from a business perspective. The top four technologies — advanced semiconductors, AI, quantum, and biotech — involve highly diversified supply chains. Managing multiple (in theory, up to twenty-seven) conflicting export regimes for what’s meant to be the same market would be very unattractive to businesses. That’s exactly the sort of problem the EU was created to solve collectively.

The Wider Strategy

The EC has also put out a new white paper to widen the scope of support and controls on dual-use technology. Again, they’re in the right space conceptually: moving beyond the traditional “duality” of civilian-military, and putting more effort into scrutinizing hybrid threats. But at the same time, many smaller Member States are resisting the burden of monitoring technology that they may not even produce. So this once again leaves us asking, how long will the EC have to strain with inadequate tools to solve Europe-level problems before the Member States give the Commission the right powers and resources?

Happily, at least some areas of the strategy are more manageable. The EC has also written a proposal seeking Member-State consensus on how to improve research security protocols. It’s smart to seek consensus here — but ultimately, action will come down to individual researchers and institutions, not the Member States, so there is less room to dispute over competence. Research security in its contemporary form is something new, but a lot of very encouraging work in key countries indicates that progress is possible when researchers are on board with it. (It’s also important to note that strong country-agnostic research security mechanisms should help guard against McCarthyism: having a system in place for more objective risk assessment over panicking and turning against, for instance, all Chinese researchers.)

Reviewing the arms of the EC’s strategy so far, and where else they might go, it’s clear that the main problem is not ambition in Brussels but buy-in at the Member-State level, especially the big players who have the leverage to kill a policy. (Macron recently stopped a new FTA with South American trade bloc, Mercosur, only hours before EU trade chiefs were going to fly to Brazil and sign.)

Accordingly, EU Member States need to recognize that a serious economic security strategy can be run only out of Brussels. This conclusion won’t be welcomed in all European countries. But given the level of economic and technological integration across Europe, Member States need to be secure — which means they need to become one serious player in the new geoeconomic landscape. With Ukraine already under-armed to take on Russia and the specter of a second and more vengeful Trump presidency less than a year away, the question has never been more urgent.