Third-country suppliers in public procurement in the EU
The role of third-country suppliers in the European Union’s public procurement framework has become increasingly relevant. This is due to the evolving security environment within and beyond the EU and EEA, which includes Norway, Iceland and Liechtenstein.
Two key questions arise at the intersection of procurement rules and security risk management. First, to what extent do suppliers that may pose security risks benefit from rights under the legal framework? Second, how can contracting authorities manage risks when tenders involve goods produced outside the EU and EEA?
Standing and rights of third-country suppliers
Under the EU Public Procurement Directive (Directive 2014/24/EU), rights holders are suppliers established in an EU or EEA state or in countries that benefit from access under the WTO Government Procurement Agreement or other bilateral trade agreements. Suppliers outside these categories do not have enforceable rights to participate in procurement procedures.
More complex issues arise where a supplier is established in the EU or EEA but is owned or controlled by individuals or entities from third countries that may pose security concerns, such as China, Russia or Iran.
The Court of Justice has confirmed that, in principle, the origin of shareholders does not affect the application of the fundamental freedoms. In Case C-106/22 Xella, the Court stated:
“[I]t does not follow from any provision of EU law that the origin of the shareholders, whether natural or legal persons, of companies resident in the European Union affects the right of those companies to rely on freedom of establishment, since the status of an EU company is based, under Article 54 TFEU, on the location of the registered office and the legal order under which the company is incorporated, and not on the nationality of its shareholders” (paragraph 46).
In Case C-313/24 Opera Laboratori, the Court examined whether a company established in an EU Member State, owned by EU nationals but with Russian nationals in its management, could be excluded. The Court held that there is no automatic obligation to exclude such a company. Instead, contracting authorities must carry out a thorough and case-specific assessment.
The International Procurement Instrument (IPI) (Regulation (EU) 2022/1031) introduces measures that allow the European Commission to restrict access by suppliers, goods and services from third countries to the EU public procurement market. The objective is to improve access for EU suppliers, goods and services to procurement markets in third countries.
Rejecting offers involving third-country goods
EU procurement directives give contracting authorities broad discretion when drafting technical specifications, in particular in sensitive sectors, see Case C-413/17 Roche Lietuva, paragraphs 29 and 42. Authorities may set requirements to safeguard security interests, as recognised in Case C-601/21 Commission v Poland, paragraphs 93–94. They may also impose particularly strict requirements, as confirmed in Case C-187/16 Commission v Austria, paragraph 86.
Beyond statutory requirements, contracting authorities may define additional minimum criteria. Failure to meet these criteria must lead to rejection of the tender, as illustrated by Case C-546/16 Montte and Case C-561/12 Nordecon.
A key question remains whether a contracting authority may reject a tender submitted by a supplier established in the EU or EEA where the goods offered originate from a third country.
Conclusion
The interaction between procurement law and security policy requires careful balancing. The legal framework provides contracting authorities with significant tools. However, authorities must ensure that any measures are proportionate, non-discriminatory and based on legitimate security concerns.
