GKE does not support replacing the built-in CNI implementation(s) it uses.
Dataplane V2 (DPv2) clusters use an ebpf-based CNI achitecture based on Cilium but it is not the Cilium OSS plugin. With DPv2, Kubernetes NetworkPolicy is built-in so there is no need to enabled it.
For non-DPv2 clusters, GKE uses it’s own CNI implementation for basic networking functions. If you choose to enable NetworkPolicy on non-DPv2 clusters, then GKE installs a managed version of Calico to provide this functionality and handles the chaining for you.