Having been slow to conduct foreign influence screening, Europe has jumped to intervening.  On October 13, 2025, The Netherlands invoked a never-before-used relic from the cold war — the 1952 Goods Availability Act — to place Nexperia, a Chinese-owned chipmaker based in the Netherlands, under ministerial oversight. Citing serious governance shortcomings and risk of “knowledge loss,” court measures also sidelined Wingtech’s chair from Nexperia roles and handed decisive control to a Dutch-appointed director. The Dutch government deems these extraordinary steps necessary to ensure the availability of Nexperia’s chips, which are vital to Europe’s auto industry, in the event of an emergency.

When Chinese firm Wingtech Technology acquired Nexperia from Philips in 2018, the Netherlands didn’t have a formal foreign investment screening mechanism. The VIFO Act of 2023 introduced a mandatory screening regime for investments and M&A that pose risks to national security. Since then, Nexperia’s Chinese influence has come under increasing scrutiny, especially in the growing trade war on semiconductor chips between China, the US, and Europe.

The UK already set a precedent when it forced Nexperia to divest Nexperia’s Newport Wafer Fab in 2022, operationalizing the same playbook inside the EU and setting a template for future state action when IP flight or supply risk is suspected. The UK’s Newport decision showed the path; the Dutch move operationalizes it inside the EU. This is a playbook that Brussels is likely to formalize.

The EU’s 2023 Economic Security Strategy already defines IP protection, technological leakage, and dual-use dependencies as core resilience priorities. The Dutch move translates that doctrine into action, creating a template for direct intervention inside the EU. It’s not an isolated case: France’s AI-chip export controls and Germany’s blocked semiconductor acquisitions show a continentwide tightening of oversight over strategic tech assets.

What It Means For Risk Leaders And CISOs

  • Chip supply is now an economic and geopolitical risk. Semiconductor chips are critical to military defense systems, infrastructure resilience, and AI leadership. This move by the Dutch government to ensure uninterrupted access to Nexperia’s chip supply underscores how foreign ownership of even less-advanced chips can inflict economic pain on entire industries and become a national security risk.
  • Suspected IP flight or governance failures can cost you control. If your company falls under government interest for IP flight or governance concerns, you may lose operational control and managerial oversight.
  • Sovereignty beats neutrality. Expect the EU to use more crisis or screening powers when governance lapses imply IP flight or export-control evasion — this is unlikely to be a one-off.
  • IP flight is now a board-level cyber risk. When governments fear “knowledge leaks,” they’ll intervene. Your IP controls, joint venture ringfencing, and insider threat programs are part of the national-security risk calculus.
  • Screening isn’t ‘one and done”; sanctions adjacency matters. Sanctions screening is often considered a one-time due diligence requirement. However, treating it as a check-box exercise rather than part of the third-party risk reevaluation process misses important changes, such as new ownership, M&A activity, or updates to sanctions lists. Additionally, it’s not enough to screen third-party entities — you must include parent companies and other beneficial ownership structures to make sure your third party is truly ‘clean.’ Treat it like an elevated-risk third party.
  • Continuity isn’t guaranteed by “production continues.” Legal freezes can stop capital moves, hiring, or tech transfer, degrading roadmap reliability even as lines run.

What To Do Next

  1. Map exposure. Pull your (S)BOM and inventory all critical suppliers and components, not just first-tier. Identify single source points and qualify alternates. Long certification cycles are operational debt; start diversification early. For parts with 6–18 month cycles, delays risk production impact by Q2 2026.
  2. Rescore risk models. Expand your supplier schema to log parent-level sanctions, trustee oversight, and government vetoes. Automate ingestion from sanctions APIs (Dow Jones, Kharon, OFAC XML). Trigger sourcing reviews when a supplier or parent is listed or placed under control. Governance instability now outweighs balance-sheet health.
  3. Contract for intervention events. Update contracts with explicit government-control clauses. Include termination rights and escrowed transfer of design and test documentation within ten days. Use a neutral escrow agent to automate releases on intervention.
  4. Ringfence IP. Block suppliers tied to sanctioned or state-supervised parents from direct access to design files or source code. Use black-box testing, segregated tenants, and time-limited admin rights. Audit for technology-transfer activity quarterly.
  5. Scenario planning. Model concurrent disruption and export retaliations on critical items, such as rare earth materials. Run cascading-failure and revenue-loss scenarios at 90, 180, and 360 day intervals to prioritize alternate sourcing and inventory buffers.
  6. Strengthen insider-risk telemetry. Apply data loss prevention across code, mask sets, and artifacts. Use just-enough-privilege access with automatic expiry. Flag abnormal download volumes, after-hours access, or credential sharing; correlate with staff departures and joint venture activity.
  7. Board-level reporting. Consolidate geopolitical, legal, and IP risk metrics into one dashboard. Track single-source components, second-source progress, IP-control maturity, and sanction exposure across tiers. Refresh quarterly to steer funding toward diversification and IP-protection measures.

Europe has crossed from passive screening to active control to keep IP and capacity in-region. Treat this as the baseline, not the outlier. Your supply-chain, IP protection, and sanctions governance must be designed for political intervention as a normal operating condition, not an exception. This is no longer just a governance exercise in IP flight; export-control circumvention and insider-risk telemetry have become part of the national-security risk calculus. Boards should treat these metrics as strategic indicators, not compliance afterthoughts.