China's Cybersecurity Directive: The Deep Logic and Global Impact Under the Game of Technological Sovereignty
16/01/2026
In mid-2024, an exclusive report from Reuters dropped a bombshell in global technology and geopolitical circles. According to multiple informed sources, Chinese authorities have issued clear directives to domestic enterprises, instructing them to cease using cybersecurity software from approximately ten American and Israeli companies. The named list reads like an "all-star lineup" in the cybersecurity field: from the United States, Broadcom's , , and are prominently featured; from Israel, has become a focal point. Further information supplemented that products from top-tier security vendors, including , (affiliated with ), , , and others, have all been affected, with even under France's Thales Group not spared.
This is not an isolated administrative directive. Against the backdrop of intensifying competition for technological dominance between China and the United States, as well as delicate preparations for Trump's planned visit to Beijing in April, this move has been widely interpreted as another critical step by China to accelerate "de-Westernization" in key technological fields and build a self-reliant and controllable technology system. Following the news, the stock prices of relevant cybersecurity companies came under pressure in pre-market trading on U.S. stock exchanges, with the immediate market reaction underscoring the weight of this decision. However, the underlying logic goes far beyond the simple notion of "national security," encompassing issues of technological dependency, data sovereignty, geopolitical maneuvering, and the reshaping of the global digital supply chain.
From the "Shadow of Snowden" to "Supply Chain Anxiety": The Evolution of China's Cybersecurity Perspective
To understand the deep-seated motivations behind the current directive, it must be examined within the macro context of the evolution of China's cybersecurity strategy. The "Prism" program exposed by Edward Snowden in 2013 undoubtedly marked a historic turning point. Substantial evidence revealed that U.S. intelligence agencies conducted large-scale global surveillance through backdoors in the software and hardware of technology companies, with China being a primary target. This event fundamentally shook the global, and particularly China's, trust foundation in technology products led by the United States. The "Snowden Shadow" has since become the most direct and powerful footnote for China's drive towards self-reliance and controllability in information technology. To understand the deep-seated motivations behind the current directive, it must be examined within the macro context of the evolution of China's cybersecurity strategy. The "Prism" program exposed by Edward Snowden in 2013 undoubtedly marked a historic turning point. Substantial evidence revealed that U.S. intelligence agencies conducted large-scale global surveillance through backdoors in the software and hardware of technology companies, with China being a primary target. This event fundamentally shook the global, and particularly China's, trust foundation in technology products led by the United States. The "Snowden Shadow" has since become the most direct and powerful footnote for China's drive towards self-reliance and controllability in information technology.
Since then, China's cybersecurity perspective has rapidly evolved from the traditional focus on "preventing viruses and attacks" to a comprehensive national strategy encompassing infrastructure, core technologies, data sovereignty, and supply chain security. The Cybersecurity Law implemented in 2017 established a protection system for critical information infrastructure and explicitly stipulated that "personal information and important data collected and generated by critical information infrastructure operators during operations within the territory of the People's Republic of China shall be stored domestically." This provided the legal foundation for a series of subsequent policies promoting "domestic substitution."
In recent years, as strategic competition between China and the United States has extended from trade to technology, finance, geopolitics, and other comprehensive areas, the trend of "weaponizing" technology supply chains has become increasingly evident. The U.S. sanctions against Chinese technology companies such as Huawei and ZTE, along with its efforts to unite allies in restricting exports of advanced semiconductor manufacturing equipment and artificial intelligence chips to China, clearly demonstrate how technology is being used as a tool in geopolitical competition. Against this backdrop, the anxiety within Beijing’s decision-making circles is twofold: on one hand, there is concern that Western equipment may contain inherent security vulnerabilities or backdoors that could be exploited by foreign intelligence agencies; on the other hand, a deeper worry lies in the possibility that, should geopolitical conflicts intensify, Western suppliers might follow directives from their home governments to abruptly suspend services or implant malicious code, thereby paralyzing China’s critical infrastructure and economic lifelines.
This directive targeting cybersecurity software is precisely a concentrated manifestation of such "supply chain anxiety." Unlike ordinary applications, cybersecurity software is typically granted deep access to the core layers of enterprise networks to monitor traffic, detect threats, and manage endpoints. Analysts point out that top global cybersecurity companies often employ a large number of professionals with backgrounds in national intelligence agencies and maintain intricate ties with their countries' defense and security departments. Theoretically, their software constitutes a potential and legitimate entry point for intelligence gathering and technical control. When such software is deployed within the enterprise networks of critical industries in China—such as energy, finance, transportation, and communications—the potential risks it poses, from Beijing's perspective, have transcended the realm of purely technical risks and escalated into national security risks that cannot be overlooked.
The Geopolitical and Technological Code Behind the List: Why the U.S. and Israel?
The selection of the countries targeted by the directive—the United States and Israel—is by no means accidental, as it is underpinned by clear geopolitical and industrial logic.
The United States, as the absolute dominant force in global cyberspace and China's primary strategic competitor, logically sees its technological products becoming the primary targets for scrutiny and replacement. VMware's server virtualization technology, Palo Alto Networks' next-generation firewalls, Fortinet's UTM (Unified Threat Management) appliances, and CrowdStrike's EDR (Endpoint Detection and Response) platform are all leaders in the global enterprise market. They are deeply embedded within the IT infrastructures of various industries across China, holding vast amounts of network behavior and business data. In today's highly uncertain Sino-U.S. relations, continuing to use these core security products from the "adversary" on a large scale is tantamount to handing over one's digital lifeline to others.
More profound is the restriction on Israeli cybersecurity companies. Israel, the "Startup Nation" of the Middle East, possesses a cybersecurity industry that rivals that of the United States, and is even more formidable in certain areas. Check Point is a pioneer in firewall technology, CyberArk leads the field in Privileged Access Management (PAM), and others like Orca Security (cloud security) and Cato Networks (SASE) are also leaders in their respective niches. The Israeli cybersecurity industry is inextricably linked to the talent circulation with its national defense forces, particularly the Unit 8200 signals intelligence unit. Its technologies are often battle-tested, with a strong offensive mindset. Although Sino-Israeli bilateral relations were once close at the commercial level, under the U.S.-led Western security alliance system, Israel's strategic cooperation with the United States is extremely tight. In extreme scenarios, whether Israeli companies can withstand pressure from Washington to remain neutral is a variable that Chinese policymakers must consider. Including Israeli companies in the restrictions demonstrates the rigor and foresight of China's cybersecurity risk assessment, which is not limited to direct geopolitical rivals but extends to the technological systems of their core alliance circles.
Additionally, the inclusion of Imperva (application and data security) under France's Thales Group in the list suggests another dimension of the criteria: even if the parent company originates from a country not central to the U.S.-China strategic rivalry, its products may still fall under scrutiny if they hold a critical market position and pose potential supply chain risks. This sends a clear signal: China's efforts to build a self-reliant and controllable technology system are evolving from "replacing the United States" to "reducing overall dependence on any single external technology system."
Opportunities and Challenges of Domestic Substitution: Can Local Manufacturers Take Over?
Policy directives have opened up a vast market space for domestic cybersecurity enterprises. Chinese local cybersecurity vendors, represented by companies such as Security Technology, Neusoft Group, Venus Star, NSFOCUS, and DBAPPSecurity, are ushering in a historic window of opportunity. For a long time, they have faced fierce competition from international giants in the high-end enterprise market, particularly in sectors such as finance, energy, and multinational corporations, which place extremely high demands on stability, advanced capabilities, and global threat intelligence. This directive will directly unleash a significant amount of demand for existing system replacements and new project procurement opportunities.
However, opportunities and challenges coexist. Domestic substitution is by no means a simple product replacement; it is a comprehensive test of the technical strength, service capabilities, and ecosystem development of China's cybersecurity industry.
Challenges in Technical Depth and Completeness: International giants such as Palo Alto Networks and Fortinet have developed comprehensive and deeply integrated security architectures spanning from the network layer, cloud layer, to the endpoint layer, honed over decades of development and global customer experience. Although domestic vendors have notable highlights in individual point products, there remains a gap in building cross-platform, integrated, and deeply fused security solutions. In particular, the security of the virtualization infrastructure layer, as represented by VMware, is extremely difficult to replace.
Shortcomings in Global Threat Intelligence: One of the core competitive strengths of top-tier cybersecurity companies is their real-time threat intelligence system, built upon a globally deployed sensor network. This is crucial for defending against attacks from global sources, particularly those by Western Advanced Persistent Threat (APT) groups. The threat intelligence of Chinese vendors often focuses more on domestic and Asia-Pacific regions, inherently lacking in global perspective and the richness of intelligence.
High-end Talent and Complex Scenario Experience: The experience accumulated from serving the complex IT environments of Global 500 companies is an intangible asset for international vendors. Domestic vendors need time to prove themselves in ultra-high complexity scenarios such as financial core trading systems and multinational corporate global networks.High-end Talent and Complex Scenario Experience: The experience accumulated from serving the complex IT environments of Global 500 companies is an intangible asset for international vendors. Domestic vendors need time to prove themselves in ultra-high complexity scenarios such as financial core trading systems and multinational corporate global networks.
Therefore, the substitution process driven by policy is likely to exhibit characteristics of being "phased and scenario-specific." In non-core systems and areas with lower reliance on global intelligence, domestic substitution will advance rapidly; whereas in core systems involving global operations and with extremely stringent stability requirements, the substitution process will be more cautious, potentially requiring new collaboration models between domestic and foreign vendors (such as source code review, localized data residency, etc.) as transitional measures. In any case, this substitution movement will significantly stimulate R&D investment and integration upgrades in China's cybersecurity industry, accelerating its transformation from a "follower" to a "parallel runner" and even a "leader."
Global Ripples: The Tech Iron Curtain and the Fragmentation of the Digital World
The impact of China's move will by no means be confined within its borders. It will trigger a series of chain reactions globally, further fueling the wave of "techno-nationalism" and accelerating the fragmentation of the digital world.
First, this is highly likely to trigger a reciprocal response. The United States and its allies may use this as a pretext to further scrutinize and restrict the use of Chinese technology products (such as Huawei and ZTE's communication equipment, Hikvision and Dahua's surveillance equipment, applications like TikTok, etc.) in their critical infrastructure, leading to a bidirectional supply chain decoupling under a "tech iron curtain." Tools such as reviews by the Committee on Foreign Investment in the United States (CFIUS) and the "List of Equipment and Services Posing a Threat to National Security" by the Federal Communications Commission (FCC) will be employed more frequently.
Secondly, global enterprises will face the dilemma of choosing sides. Multinational companies' operations in China must comply with Chinese regulations and adopt more local Chinese cybersecurity and even IT solutions; while in markets outside China, they may face pressure from their home governments to exclude Chinese technology. This will force companies to maintain two or even multiple different IT and security architectures, significantly increasing operational costs and complexity, giving rise to the phenomenon of the "Digital Babel Tower."
Furthermore, it signifies the fragmentation of the global cybersecurity market. A "Western market" dominated by U.S. technological standards and ecosystems, and a "Chinese market" aimed at China's independent technology and standards are accelerating their formation. The difficulty of technological interoperability, data flow, and threat intelligence sharing between the two will continue to increase. This is detrimental to global collaboration in combating cybercrime and state-level cyberattacks, potentially making cyberspace more "jungle-like."
Finally, this incident occurred at a delicate moment just before Trump's planned visit to China and shortly after the U.S. Department of Commerce announced the relaxation of export restrictions on AI chips like NVIDIA's H200 to China. This paints a complex picture: on one hand, there are limited, strategic signs of easing in "hard tech" fields such as semiconductors; on the other hand, there is a continuous tightening and demarcation in "soft power" and security core areas like cybersecurity and data sovereignty. This reveals the multidimensional and long-term nature of the U.S.-China tech rivalry—competition is the main theme, but limited cooperation and transactions will still exist in areas where both sides have urgent needs. Cybersecurity, due to its high degree of linkage with sovereignty and security, has become one of the most difficult fronts to compromise on in this rivalry.
Beijing's directive requiring domestic enterprises to cease using certain U.S.- and Israel-made cybersecurity software is far from an isolated adjustment in technical procurement policies. It represents a crucial step in China's systematic construction of "technological sovereignty" following profound reflection on the risks of external technological dependence; a concrete projection of the strategic competition between China and the United States, and even the broader East-West rivalry, into the digital domain; and yet another distinct marker of the global industrial chain's shift from "efficiency-first" to "security and resilience-first."
This process will reshape the competitive landscape of China's domestic technology industry, compelling global enterprises to reassess their technological roadmaps and market strategies, and potentially leading to deeper fragmentation in what should be an interconnected global cyberspace. In a century where technology increasingly serves as the cornerstone of great power strength, the struggle for dominance over core technologies will only intensify. Cybersecurity, a critical battlefield devoid of smoke yet of immense importance, will see every offensive and defensive move, as well as every strategic layout, continuously define the balance of power and modes of interaction among nations for a long time to come. For all countries and enterprises involved, adapting to this new digital era—one that places greater emphasis on autonomy and security—is no longer an optional choice but an imperative necessity.
Reference materials
https://www.yahoo.com/news/articles/exclusive-beijing-tells-chinese-firms-094036030.html