When Chinese state-affiliated hackers infiltrated Dutch semiconductor manufacturer NXP, they remained within NXP networks for more than two-and-a-half years, obtaining access to a large quantity of sensitive chip design data and research.
It’s far from an isolated incident.
Ever since the semiconductor industry emerged in the 1950s, spies have attempted to steal trade secrets. The problem recently became acute, and China is the biggest culprit. Sanctioned by the West and eager to develop its own chip industry, Beijing has intensified its industrial espionage.
ASML, the well-known Dutch semiconductor lithography firm, now faces “thousands of security incidents each year” with several successful Chinese infiltration attempts in the public record. Research champions such as Belgium-based imec are other prime Chinese targets. In recent years, Belgian authorities deported Chinese researchers at the institution suspected of spying.
In response, the European Union is upping security. The Commission has identified advanced semiconductors as one of four critical tech areas requiring risk assessments and increased research security. The timing for this initiative is crucial. Over the coming years, Europe plans to invest more than €3.3 billion in advanced semiconductor R&D via the Chips for Europe initiative. The funding package will focus on sub-2 nanometer technologies, advanced packaging, and alternative semiconductor materials.
Safeguarding this research will be key. IP theft generates economic costs – and a potential military danger. As per its long-term strategy of civil-military fusion, China will surely seek to exploit European semiconductor research to bolster its AI-enabled warfare capabilities.
The EU must be vigilant of malicious tampering with chip designs. Given the opportunity, China will be eager to insert carefully hidden vulnerabilities into chip designs in order to undermine the integrity of European critical infrastructure and defense. A similar phenomenon is already evident across the Atlantic where Chinese state-sponsored hackers have been busy burrowing into US critical infrastructure in anticipation of a potential conflict over Taiwan.
An initial European Commission proposal on research security lays out several practical responses. These include establishing a Research Security Advisory Hub, instituting research cooperation risk assessments aimed at discerning possible links to foreign military actors, and deploying basic security training and internal background screening for relevant university employees. These measures will provide a common set of standards for research organizations.
But more must be done. EU governments recently recommended launching formal cooperation between universities and national intelligence agencies. Under this plan, intelligence liaison officers would be assigned to give regular security briefings to research institutes.
Beyond research institutes, the EU must examine the most vulnerable points in its semiconductor R&D value chain and take steps to bolster its capability and capacity. Today, Europe depends on non-EU chip design tools, raising question marks over data security. Similarly, its photomask industry needs to catch up to East Asia’s, avoiding the transfer of sensitive chip data outside the bloc.
Europe can improve research security by building capability and capacity in these areas. The continent is a world leader in semiconductor innovation, and improved research security is needed to ensure it stays ahead.
Ian O’Connor is a Brussels-based consultant focusing on Deep Tech, Industrial Policy, and Security. He holds an MA in Peace and Security Studies from the University of Hamburg.
Bandwidth is CEPA’s online journal dedicated to advancing transatlantic cooperation on tech policy. All opinions expressed on Bandwidth are those of the author alone and may not represent those of the institutions they represent or the Center for European Policy Analysis. CEPA maintains a strict intellectual independence policy across all its projects and publications.
2025 CEPA Forum Tech & Security Conference
Explore the latest from the conference.
