Unlike the recent underwhelming EU DNA that gave telcos few set obligations, the latest revision of the EU Cybersecurity Act (CSA) left them with a list of mandatory regulations, which reinforce the continued focus on resilience. The most notable proposal from the CSA is the mandatory elimination of high-risk vendors, thought to be Huawei and ZTE, from 18 critical sectors across the European economy, including the telecommunications sector, greatly affecting the supply chain. At first glance, this seems like a good step towards ‘sovereignty’ for the EU, which is increasingly becoming a priority. However, in actuality it has dangerous potential to lead to overreliance on other vendors outside the EU, particularly those in America. A related concern is that implementing…