In the past, Romania, a key ally of the United States in Eastern Europe, has been clear-eyed about the security challenges that would result should the People’s Republic of China (PRC) infiltrate its telecommunications networks. That’s why it is so surprising that Romania recently approved Chinese-owned Lenovo’s participation in its 5G network. Stemming from a fundamental underestimation of the risks associated with Lenovo’s access, this Trojan Horse could wreak havoc on the Romanian network if Bucharest brings it within its digital walls.

Thankfully, there’s still time to act. Policymakers in Congress must work urgently to inform our Romanian friends that the decision to allow Lenovo to participate in the nation’s 5G network will reverse the pledges it made when it signed a 5G Memorandum of Understanding (MOU) with the United States in 2019. Washington must then insist that Romania withdraw its approval of Lenovo’s operations. 

That 2019 agreement stated that both nations “seek to avoid the security risks that accompany Chinese investment in 5G telecommunications networks.” It also elicited a strong reaction from major Chinese telecommunications company Huawei, who loudly proclaimed that such agreements were “predicated on several violations of EU law.” 

>>> The Emerging “Cold Tech War” Between the U.S and China

That was nonsense, of course, but it does reflect just how far China will go to access Europe’s current and future networks. Despite this bluster from Beijing, in June 2021, the Romanian Parliament passed—and President Klaus Iohannis signed—a bill that all but banned Chinese companies from taking part in building out the country’s 5G network due to the security risks associated with their participation.

More specifically, the law contends that companies taking part in the 5G buildout must “not be under the control of a foreign government that lacks an independent legal system; have a transparent shareholding structure; not have a history of unethical corporate conduct,” and “be subject to a legal system that enforces transparent corporate practices.” Moreover, this law not only applied to 5G but was “expanded to cover all technologies, equipment and software used in IT and communication systems of national importance.” 

And still, Romanian prime minister Marcel Ciolacu signed the authorization for Lenovo Global Technology HK Limited and Lenovo PC HK Limited to participate in Romania’s 5G network last month. Ciolacu’s decision was likely influenced by the fact that in July, the Supreme Council for National Defense (CSAT)—the entity responsible for issuing recommendations about specific companies to the prime minister—found “no elements likely to generate risks, threats, and vulnerabilities to security national and defense of the country.”

The rationale behind the recommendation is that the entities are owned by Lenovo Group Limited, “which operates as a limited liability company organized under the laws from Hong Kong.” As CSAT went on to explain, it believes that “the legal system of the Hong Kong Special Administrative Region is based on the rule of law and the independence of the judiciary under the principle of ‘one country, two systems.’” 

This is wildly off base. The Hong Kong of 2023 is not Hong Kong in 1983 or even 2013. Beijing has tightened its grip over the special region over the past few years, including its implementation of the Hong Kong National Security Law in 2020, which completely blows a hole in CSAT’s argument.

Today, the truth is that “the rule of law in the region is decreasing, the free flow of information is threatened, and a significant number of well-educated young people have emigrated.” Last October, Xi Jinping even crowed that China had achieved comprehensive control over Hong Kong.

>>> It’s a Strategic Imperative to Manage Our National Communications Spectrum Correctly

Moreover, while Lenovo is officially registered in Hong Kong, its office there serves only as a financial headquarters. The real work is done in Beijing, where Lenovo was founded and maintains its operational headquarters. Likewise, Lenovo’s manufacturing centers and suppliers are located overwhelmingly in mainland China. Notably, its 5G Business and Program Headquarters is located in Chongqing—not Hong Kong.

Chinese companies are required by law to “support, assist, and cooperate with national intelligence efforts.” That means if a Chinese company has access to data, you can be assured that the Chinese government does as well. That’s one of the reasons why Western intelligence agencies like the CIA and Britain’s MI6 reportedly banned the use of Lenovo equipment for nearly two decades. The U.S. military is also aware of the Lenovo line to Beijing, “In 2008, Marines stationed in Iraq stopped using Lenovo tech after discovering data was being transmitted back to China.” Since that time, the U.S. military has also, on multiple occasions, replaced Lenovo equipment.  

Despite this growing awareness, the United States remains significantly exposed, with government entities at the federal, state, and local levels continuing to spend millions of dollars in taxpayer money on Lenovo products. While this certainly needs to stop—partly because it makes conversations with our allies more difficult—that shouldn’t preclude Congress from confronting Romania about its recent decision.

By allowing Lenovo to participate in its 5G network, Romania has opened the door to a Trojan Horse that will undermine its otherwise exemplary efforts to secure its telecommunications networks. The message from U.S. policymakers should be crystal clear: Learn from our mistakes and withdraw Lenovo’s approval.