Italian customs authorities will award more than €15 million (US$16.3 million) in European Union funds to Nuctech for cargo scanning equipment, even as the Chinese state-controlled company is investigated for possible violations of the bloc’s foreign subsidies regulations.

Nuctech won two tenders in September to provide scanning equipment to Italy’s Customs and Monopolies Agency, according to documents obtained by the South China Morning Post.

One contract – to supply six wheel-mounted mobile scanning systems to inspect trucks in a range of Italian ports – was awarded, with Nuctech’s bid of €11.28 million plus value-added tax well under the tender’s asking price of slightly more than €18 million. With a near-perfect evaluation score of 99.06 from the procurement authorities, it beat the second-placed bidder, the Italian arm of Britain’s Smiths Detection, which scored 96.50.

Nuctech was also awarded a second contract, this one for four mobile scanners that use “backscatter” technology – producing chalklike X-ray images of the item or person scanned – that are to be used by Italian customs offices. The company bid €4.779 million, just under the €4.82 million asking price.

Assessments of the bids showed Nuctech out-performing rivals on its “technical offer”, which accounted for 80 per cent of the evaluation criteria and suggested that the Chinese firm committed to delivering and installing the equipment quicker. In both tenders, competitors Distek and Smiths Detection scored better on price, which was given a weighting of 20 per cent on both awards.

In both instances, the funds are to come from the European Commission’s Customs Control Equipment Instrument (CCEI) budget, a €1 billion programme adopted in 2021 that seeks to upgrade and harmonise the bloc’s customs systems.

Beijing-based Nuctech’s cost-effective model has helped it outstrip rivals to become widely used across Europe. Its scanners are present in customs operations in 25 of 27 EU member states, according to Associated Press, despite the growing concerns of policymakers.

But the awards also suggest the limits Brussels faces in trying to clamp down on what it sees as risky Chinese business operators in the EU.

For example, the commission has for years urged capitals to root out Huawei Technologies equipment from their broadband infrastructure because of security concerns, but Huawei is still widely used.

Last year, EU institutions, including the European Parliament, banned the use of Chinese-owned TikTok on official devices, also for security reasons, but lawmakers continue to flock to it. The short-video platform is so popular among MEPs that TikTok will host a training session next week for accredited aides close to the parliament, according to an invitation seen by the Post.

Nuctech also falls into this category.

Its parent company is the state-owned Tsinghua Tongfang, an entity under China National Nuclear Corporation. Hu Haifeng, son of former president Hu Jintao, was Tsinghua Tongfang’s president from 2003 to 2008, and is now vice-minister for civil affairs.

Some European authorities fear these links pose a security threat, while others believe its market position has been bolstered by unfair assistance from Beijing.

In an embarrassing twist for Brussels, the contracts were awarded while Nuctech was embroiled in a series of legal disputes about alleged subsidies from Beijing.

In dramatic dawn raids earlier this year, EU authorities entered the premises of the firm’s Dutch and Polish subsidiaries. The commission had opened a case under its powerful new foreign subsidies regulation (FSR), intending to crack down on market-distorting state handouts on the books of companies operating in the EU’s single market.

Nuctech challenged the reach of the FSR, arguing that the raids caused reputational damage. It also refused to hand over information stored in China, arguing that doing so could violate Chinese criminal laws involving data security.

In August, the EU’s second-highest court – the General Court in Luxembourg, one of the courts making up the EU’s Court of Justice – dismissed Nuctech's arguments, ruling that a company operating in Europe must comply with local laws.

Since then, an official register of EU tenders showed that authorities in Poland and Croatia have also awarded smaller contracts to Nuctech for scanning equipment and its maintenance.

Lea Zuber, the commission’s spokeswoman for competition matters, said the FSR case was pending but it had no impact on Nuctech’s ability to compete in public tenders, or for authorities to award it contracts.

She added, however, that while member states made their own decisions on how they used CCEI funds, the commission could intervene if it determined that security risks had not been properly considered.

As geopolitical tensions soar, some EU security hawks contend that a company owned by the Chinese government should not be able to harvest sensitive information at EU air or sea ports.

Beijing’s national security laws, critics argue, could force Chinese companies to hand over any scanner data collected – potentially passenger, cargo or even military information.

“The commission, acting as granting authority, could take action in case of irregularities during the implementation of the CCEI grants projects as envisaged in the financial regulation or grant agreements,” Zuber said, pointing to a security checklist that awarding authorities should work through before selecting winning bids.

Nuctech did not respond to a request for comment, but has previously denied any data transfer to the Chinese government and said it fully complied with EU data privacy laws.

Last year, in response to a letter from 50 EU lawmakers asking her to exclude Nuctech’s scanners from the CCEI funding because of the security concerns, European Commission President Ursula von der Leyen appeared sympathetic.

“Security requirements need to be properly reflected in the procurement selection and award criteria, and … those considerations should prevail over other criteria such as price,” she wrote.

Von der Leyen said the EU’s 27 member states “should take all security, data protection, and cybersecurity aspects into consideration by already including relevant provisions in the CCEI grants documentation”, adding that the commission “provided guidance” on how to do this, according to a Politico report from March 2023.

The awarding body in Italy did not respond to questions about how it assessed those risks.

Presented with Nuctech’s contract awards, Bart Groothuis, a Dutch MEP and the author of the original letter of complaint, urged Italian authorities to reverse their decision. There is precedent for this: Belgium last year banned Nuctech’s machines from its ports, citing national security concerns.

“The extent of the ‘no problem’ attitude is baffling,” said Groothuis, who was previously the top cybersecurity official in the Netherlands.

“EU funds intended to secure our borders should not go to a Chinese military-linked company that is under investigation for unfair subsidies.”