It’s not just China: American technology companies should brace for new European supply chain security rules too, the key lawmaker reforming the European Union’s cybersecurity regulation said on Wednesday.

“I can see the Cybersecurity Act having an impact on U.S. companies if they don’t oblige by the rules,” Czech Pirate member of the European Parliament Markéta Gregorová, the lead negotiator on the revision of the cyber law for Parliament, said at POLITICO’s AI & Tech Week. “They will certainly be affected.”

The Commission’s proposal to reform the law, presented in January, seeks to address “non-technical” risks linked to third countries — a measure that is expected to affect Chinese vendors mostly. The EU’s proposal would mean authorities can designate a country as posing cybersecurity concerns, and companies based there could then be classified as high-risk suppliers.

But European governments have increasingly grown concerned that the U.S. administration under Donald Trump has a “kill switch” through the many tech companies providing critical services in Europe.

Gregorová said she wasn’t looking to propose “something like blacklisting or whitelisting” but rather impose “a systemic solution” to assess cybersecurity risks.

But, she added, U.S. firms didn’t have a good track record in following EU rules and that should give them cause for concern. “To be really honest, the Digital Services Act is sort of a hint on how U.S. companies approach legislation,” Gregorová said.