PRC Targets NATO Frontline States

PRC Targets NATO Frontline States

Executive Summary:

• The People’s Republic of China (PRC) is expanding its presence along the North Atlantic Treaty Organization’s (NATO) frontline through technology access, influence networks, and dual‑use infrastructure, creating openings that could weaken alliance cohesion and expose vulnerabilities in Europe’s defense posture.
• NATO frontline states are responding to PRC‑linked cyber intrusions, surveillance‑capable consumer technologies, and intelligence‑driven infrastructure projects by tightening controls on data flows, restricting PRC technology in critical systems, and issuing broader security warnings to protect transatlantic defense networks. 
• The PRC cooperates with Russia, when convenient, in subversive activities against sensitive domains across NATO’s frontline. Ultimately, however, the PRC is not reliant on Russia to exploit NATO vulnerabilities and place sustained pressure on the infrastructure and information systems that underpin coordination across the Atlantic.

In December 2025, the Polish government announced that it was addressing serious threats to Polish and European security due to potential surveillance and sabotage linked to Chinese smart cars imported into the country (Rzeczpospolita, December 18, 2025). The announcement followed publication of a report by the Polish state-funded think tank, the Center for Eastern Studies, which warned that smart cars made in the People’s Republic of China (PRC) are equipped with technologies that can collect extensive amounts of personal and geospatial data (Center for Eastern Studies, December 17, 2025). The report cites the PRC National Standardization Commission’s claim that smart cars pose a potential threat to national security because their data can be used for “intelligence analysis, assessment of military and civilian infrastructure, and analysis of patterns of activity in the defense and economic spheres” (军事情报分析、重要军事民用设施研判、重大军事经济等活动规律分析，进而给国家安全带来潜在隐患。) (PRC National Standardization Commission, August 22, 2023). 

The PRC’s subversive activities, such as the Polish smart car threat, are not isolated incidents across the frontline of the North Atlantic Treaty Organization (NATO). They instead reflect a multi-dimensional strategy that combines technology penetration, economic leverage, and hybrid operations. Moscow has not publicly taken Beijing’s activities in East and Central Europe as threatening to its own subversive behavior in Europe and its war against Ukraine (see EDM, January 16). In reality, there is little Russia can do to oppose a PRC presence in the region as it remains dependent on Beijing for military, financial, and diplomatic support (see China Brief, June 7, 2025). Chinese military experts have benefited from insights related to capabilities and vulnerabilities of autonomous systems used in Russia’s war against Ukraine as lessons in a potential conflict over Taiwan (see China Brief, March 28, 2025). While Beijing pitches itself as a stabilizing force in a turbulent world, evidence suggests a deliberate effort to reshape Europe’s security architecture and exploit vulnerabilities where they exist (see China Brief, February 28, 2025).

The Chinese Communist Party (CCP) uses the united front work (统战工作) abroad to build relationships with individuals and their affiliated organizations, which it considers useful for solidifying the PRC as a global power (see China Brief Notes, April 10, 2024). It exploits technological dependencies by embedding dual-use infrastructure projects that can serve both civilian and intelligence purposes. Beijing also employs economic leverage through the One Belt, One Road (OBOR) initiative, which is presented as “win-win” investments that, in reality, create long-term dependencies. These efforts intersect with hybrid threats, as the PRC coordinates with Russia across critical domains, including undersea cables and cyber operations.

Frontline states are adopting defensive measures as PRC‑linked cyber and technology threats become more visible. In September 2025, a group of states, including Czechia, Finland, and Poland, along with the United States and other international partners, issued an assessment of global PRC state-sponsored espionage activities aimed at compromising telecommunications, government, transportation, lodging, and military infrastructure networks, among others (Joint Cybersecurity Advisory, September 2025). In March 2025, Czech authorities blocked the Chinese firm Emposat from operating a satellite ground station, following a warning from the Czech Security Information Service (BIS) about national security risks (TVP World, March 26, 2025). The decision reflects Prague’s heightened vigilance toward Chinese technology projects amid concerns over espionage and infrastructure vulnerabilities. Chinese companies, including Emposat, operate under the National Intelligence Law (国家情报法) and Cybersecurity Law (网络安全法), which require all entities to “support, assist, and cooperate with state intelligence work” (支持，协助，和配合国家情报工作) when requested (Office of the Central Cyberspace Affairs Commission, November 7, 2016; The National People’s Congress of the People’s Republic of China, June 27, 2017). This means any data collected through Emposat’s ground stations could be accessed by PRC security agencies.

In 2020, Romania canceled its 2015 deal with the China General Nuclear Power Corporation (中国广核集团, CGNPC) to construct new reactors at the Cernavoda nuclear power plant (Bursa, June 15, 2020). Later that year, the government banned Huawei from Romania for failing to meet Romania’s security requirements (Radio Free Europe/Radio Liberty, November 1, 2020). In 2021, the Romanian government issued a memorandum that excludes companies based in the PRC from participating in tenders or investing in major infrastructure projects (G4Media; Radio Free Europe/Radio Liberty, February 1, 2021). Romania cited poor work quality and the unfair competitive advantage that Chinese companies receive due to state funding as the reasons for the memorandum (G4Media, February 1, 2021). Romania ultimately banned Chinese companies from government projects to maintain a positive relationship with its partners in the European Union and NATO, particularly after the United States had just placed CGNPC and other Chinese entities on a “blacklist” prohibiting most U.S. cooperation and technology exports. 

In May 2025, the Czech government accused the PRC of conducting a cyber campaign since 2022 directly against the Czech Ministry of Foreign Affairs (Ministry of Foreign Affairs of the Czech Republic, May 28, 2025). According to the Czech government, the campaign was carried out by the cyberespionage actor APT31 and affected an institution designated as Czech critical infrastructure (European Council, May 28, 2025). The investigation led the Czech government to issue a general warning to critical infrastructure operators of threats linked to data transfers and remote management from the PRC (National Cyber and Information Security Agency, September 3, 2025). The warning included data transmitting dangers related to smart meters, smartphones, smart watches, and some electric cars. The U.S. Department of Justice has identified APT31 as a cyberespionage program run by the PRC Ministry of State Security’s Hubei State Security Department, located in the city of Wuhan (U.S. Department of Justice, March 25, 2024). APT31 has a record of cyberespionage against the Finnish Parliament in 2019 and Norwegian officials in 2018 (Helsingin Sanomat, February 7, 2019; NRK, June 17, 2021; Cyber Defense Magazine, June 22, 2021; The Jamestown Foundation, December 2022).

In 2021, the Lithuanian government blocked a deal for the PRC state-owned enterprise Nuctech (同方威视) to supply baggage scanning equipment to its three international airports, citing national security concerns and the company’s legal obligation under the PRC law to cooperate with Beijing’s intelligence services (IntelNews, February 18, 2021). Later that year, the Lithuanian Ministry of National Defence recommended that public institutions and consumers avoid using PRC-made smartphones after the National Cyber Security Centre (NCSC) discovered built-in censorship capabilities in Xiaomi devices and security vulnerabilities in Huawei handsets (China Digital Times, September 22, 2021). Estonia has pursued similar decoupling measures. In 2020, the government rejected a proposal for the Tallinn–Helsinki undersea tunnel funded by the PRC’s Touchstone Capital Partners (点石基金), warning that the project could create strategic vulnerabilities through PRC control of critical infrastructure (GMF, July 31, 2020). 

This vigilance also extended to the counter-intelligence domain. In 2021, an Estonian court sentenced NATO maritime scientist Tarmo Kõuts to prison for being recruited by PRC military intelligence, a rare public conviction of a PRC asset within a NATO member state (ERR, March 19, 2021). By 2025, Latvia also moved to purge PRC technology from its borders, awarding a contract for automated monitoring systems on its eastern border to the domestic firm Citrus Solutions (LSM, February 20, 2025). This project aims to establish a defense system entirely free of PRC components along the border with Russia. 

The PRC has joined Russia in targeting critical undersea infrastructure in the Baltic and Arctic regions, as well as around Taiwan (see EDM, February 5, 2025; see China Brief, June 7, 2025). This coordinated action manifests as a form of hybrid warfare. In the Baltic Sea, PRC-owned commercial vessels, such as the “NewNew Polar Bear” (新新北极熊号) and “Yi Peng 3” (伊鹏三号), stand accused of utilizing “accidental” anchor-dragging incidents, in coordination with Russia’s shadow fleet, to sever critical gas pipelines and telecommunications cables connecting NATO allies (Radio Free Europe/Radio Liberty, August 14, 2024; EJIL, December 31, 2024; CBS News, September 28, 2025). These cables carry essential energy and data flows that support NATO members’ military and civilian operations. Disruptions could affect power transmission and secure communications, creating vulnerabilities in regions already exposed to geopolitical tensions.

In the Arctic, the PRC leverages dual-use scientific research expeditions and infrastructure investments, such as observatories in Iceland and Svalbard, to conduct seabed mapping and intelligence gathering, laying the groundwork for future submarine warfare and control over Arctic shipping routes (High North News, August 30, 2024; Hudson Institute, January 19). Notwithstanding sanctions, the PRC and Russia are moving forward with joint projects in the Payakha oil field, Zarubino Port, and along the Northern Sea Route (The ASAN Forum, August 5, 2024). These establishments may eventually serve as resupply bases for PRC naval and intelligence ships, enabling them to overcome geographical barriers in the Arctic.

These developments indicate that the PRC is embedding itself across multiple transatlantic security domains. The combination of technology transfer, data access, influence networks, and collaboration with Russia, when convenient, is a systematic exploitation of NATO vulnerabilities. Russia ultimately remains a convenient yet expendable partner for the PRC in mounting sustained pressure on the infrastructure and information systems that underpin coordination across the Atlantic and shape future security dynamics in Beijing’s favor.