China's Cybersecurity Directive: The Deep Logic and Global Impact Under the Game of Technological Sovereignty

In mid-January 2026, an exclusive report from Reuters dropped a depth charge in global technology and geopolitical circles. According to multiple informed sources, Chinese authorities have issued clear directives to domestic enterprises, instructing them to cease using cybersecurity software from approximately ten American and Israeli companies. The named list reads like an all-star lineup in the cybersecurity field: from the United States, VMware under Broadcom, Palo Alto Networks, and Fortinet are prominently featured; from Israel, Check Point Software Technologies has become a focal point. Further information supplemented that products from a host of top-tier security vendors, including Mandiant, Wiz (under Alphabet), CrowdStrike, SentinelOne, and McAfee, were all affected, with even Imperva under France's Thales Group not spared.

This is not an isolated administrative directive. Against the backdrop of intensifying competition for technological dominance between China and the United States, as well as delicate preparations for Trump's planned visit to Beijing in April, this move is widely interpreted as another critical step by China to accelerate de-Westernization in key technology sectors and build an independent and controllable technological system. Following the news, the stock prices of related cybersecurity companies came under pressure in pre-market trading on U.S. stock exchanges, with the immediate market reaction underscoring the weight of this decision. However, the underlying logic goes far beyond the simple notion of national security; it involves technological dependence, data sovereignty, geopolitical competition, and the reshaping of the global digital supply chain.

From the "Shadow of Snowden" to "Supply Chain Anxiety": The Evolution of China's Cybersecurity Perspective

To comprehend the underlying motivations of the current directive, it must be examined within the broader context of the evolution of China's cybersecurity strategy. The PRISM program exposed by Edward Snowden in 2013 undoubtedly marked a historic turning point. Substantial evidence revealed that U.S. intelligence agencies conducted large-scale surveillance globally through backdoors in the software and hardware of technology companies, with China being a primary target. This event fundamentally shook the global, and particularly China's, trust in Western technology products led by the United States. The shadow of Snowden has since become the most direct and powerful footnote for China's drive toward independent and controllable information technology.

Since then, China's cybersecurity perspective has rapidly evolved from traditional virus and attack prevention to a comprehensive national strategy encompassing infrastructure, core technologies, data sovereignty, and supply chain security. The Cybersecurity Law implemented in 2017 established a protection system for critical information infrastructure and explicitly required that personal information and important data collected and generated by operators of critical information infrastructure within the territory of the People's Republic of China during their operations must be stored domestically. This provided the legal foundation for a series of subsequent domestic substitution policies.

In recent years, as strategic competition between China and the United States has extended from trade to technology, finance, geopolitics, and other comprehensive areas, the weaponization trend of technology supply chains has become increasingly evident. The U.S. sanctions against Chinese technology companies such as Huawei and ZTE, along with efforts to unite allies in restricting exports of advanced semiconductor manufacturing equipment and artificial intelligence chips to China, clearly demonstrate how technology is being used as a tool in geopolitical games. Against this backdrop, the anxiety within Beijing's decision-making circles is twofold: on one hand, there is concern that Western equipment may contain inherent security vulnerabilities or backdoors that could be exploited by foreign intelligence agencies; on the other hand, a deeper worry lies in the possibility that, if geopolitical conflicts intensify, Western suppliers might follow directives from their home governments to abruptly suspend services or implant malicious code, thereby paralyzing China's critical infrastructure and economic lifelines.

This directive targeting cybersecurity software is a concentrated manifestation of such supply chain anxiety. Unlike ordinary applications, cybersecurity software is typically granted deep access to the core layers of enterprise networks for monitoring traffic, detecting threats, and managing endpoints. Analysts point out that the world's leading cybersecurity companies often employ a large number of professionals with backgrounds in national intelligence agencies and maintain intricate connections with their own country's defense and security departments. Their software, in theory, constitutes a potential, legitimate entry point for intelligence collection and technical control. When such software is deployed within the enterprise networks of China's critical sectors such as energy, finance, transportation, and communications, the potential risks it brings, from Beijing's perspective, have transcended the realm of purely technical risks and escalated into national security risks that cannot be ignored.

The Geopolitical and Technological Code Behind the List: Why the U.S. and Israel?

The selection of the countries targeted by the directive—the United States and Israel—is by no means accidental, as it is underpinned by clear geopolitical and industrial logic.

The United States, as the absolute dominant force in global cyberspace and China's primary strategic competitor, logically sees its technological products becoming the foremost targets for scrutiny and replacement. VMware's server virtualization technology, Palo Alto Networks' next-generation firewalls, Fortinet's UTM (Unified Threat Management) appliances, and CrowdStrike's EDR (Endpoint Detection and Response) platform are all leaders in the global enterprise market. They are deeply embedded within the IT infrastructures of various industries across China, holding vast amounts of network behavior and business data. In today's climate of high uncertainty in Sino-American relations, continuing to use these core security products from a competitor on a large scale is tantamount to handing over one's digital lifeline to another.

More profound is the restriction on Israeli cybersecurity companies. Israel, the innovation hub of the Middle East, possesses a cybersecurity industry that rivals, and in some areas even surpasses, that of the United States in sharpness. Check Point pioneered firewall technology, CyberArk dominates the Privileged Access Management (PAM) field, and others like Orca Security (cloud security) and Cato Networks (SASE) are also leaders in their respective niches. The Israeli cybersecurity industry is closely intertwined with the talent cycle of its own defense forces (particularly the 8200 Signal Intelligence Unit), with its technologies often battle-tested and characterized by a strong offensive mindset. Although Sino-Israeli bilateral relations were once close at the commercial level, under the U.S.-led Western security alliance system, Israel's strategic cooperation with the United States is extremely tight. In extreme scenarios, whether Israeli companies can withstand pressure from Washington to remain neutral is a variable that Chinese decision-makers must consider. Including Israeli companies within the scope of restrictions demonstrates the rigor and foresight of China's cybersecurity risk assessment—extending beyond direct geopolitical rivals to encompass the technological systems of their core allies.

Additionally, the inclusion of Imperva (application and data security) under France's Thales Group in the list suggests another dimension of the criteria: even if the parent company originates from a country not central to the U.S.-China strategic rivalry, its products may still fall under scrutiny if they hold a critical position in the market and pose potential supply chain risks. This sends a clear signal: China's efforts to build a self-reliant and controllable technology ecosystem are deepening, shifting from merely replacing American technologies toward reducing overall dependence on any single external technological system.

Opportunities and Challenges of Domestic Substitution: Can Local Manufacturers Take Over?

Policy directives have opened up a vast market space for domestic cybersecurity enterprises. Chinese local cybersecurity vendors, represented by companies such as Security Technology, Neusoft Group, Venus Star, NSFOCUS, and DBAPPSecurity, are ushering in a historic window of opportunity. For a long time, they have faced fierce competition from international giants in the high-end enterprise market, particularly in sectors such as finance, energy, and multinational corporations, which place extremely high demands on stability, advanced capabilities, and global threat intelligence. This directive will directly unleash a significant amount of demand for existing system replacements and new project procurement opportunities.

However, opportunities and challenges coexist. Domestic substitution is by no means a simple product replacement; it is a comprehensive test of the technical strength, service capabilities, and ecosystem development of China's cybersecurity industry.

Challenges in Technical Depth and Completeness: International giants such as Palo Alto Networks and Fortinet have developed comprehensive and deeply integrated security architectures spanning from the network layer, cloud layer, to the endpoint layer, honed over decades of development and global customer experience. Although domestic vendors have notable highlights in individual point products, there remains a gap in building cross-platform, integrated, and deeply fused security solutions. In particular, the security of the virtualization infrastructure layer, as represented by VMware, is extremely difficult to replace.

Shortcomings in Global Threat Intelligence: One of the core competitive strengths of top-tier cybersecurity companies is their real-time threat intelligence system, built upon a globally deployed sensor network. This is crucial for defending against attacks from global sources, particularly those by Western Advanced Persistent Threat (APT) groups. The threat intelligence of Chinese vendors often focuses more on domestic and Asia-Pacific regions, inherently lacking in global perspective and the richness of intelligence.

High-end Talent and Complex Scenario Experience: The experience accumulated from serving the complex IT environments of Global 500 companies is an intangible asset for international vendors. Domestic vendors need time to prove themselves in ultra-high complexity scenarios such as financial core trading systems and multinational corporate global networks.High-end Talent and Complex Scenario Experience: The experience accumulated from serving the complex IT environments of Global 500 companies is an intangible asset for international vendors. Domestic vendors need time to prove themselves in ultra-high complexity scenarios such as financial core trading systems and multinational corporate global networks.

Therefore, the substitution process driven by policy is likely to exhibit phased and scenario-specific characteristics. In non-core systems and areas with lower reliance on global intelligence, domestic substitution will advance rapidly. However, in core systems involving global operations and extremely stringent stability requirements, the substitution process will be more cautious, potentially requiring new collaboration models between domestic and foreign vendors—such as source code reviews, localized data residency, and others—as transitional measures. In any case, this substitution movement will significantly stimulate R&D investment and integration upgrades within China's cybersecurity industry, accelerating its transition from a follower to a parallel player and even a leader.

Global Ripples: The Tech Iron Curtain and the Fragmentation of the Digital World

The impact of China's move will certainly not stop at its borders. It will trigger a series of chain reactions globally, further fueling the wave of technological nationalism and accelerating the fragmentation of the digital world.

First, this is highly likely to trigger a reciprocal response. The United States and its allies may use this as a pretext to further scrutinize and restrict the use of Chinese technology products (such as communication equipment from Huawei and ZTE, surveillance equipment from Hikvision and Dahua, and applications like TikTok) in their critical infrastructure, leading to a bidirectional supply chain decoupling under the technological iron curtain. Measures such as reviews by the Committee on Foreign Investment in the United States (CFIUS) and the Federal Communications Commission's (FCC) list of equipment posing threats to national security will be employed more frequently.

Secondly, global enterprises will face the dilemma of choosing sides. Multinational companies' operations in China must comply with Chinese regulations and adopt more local Chinese cybersecurity and even IT solutions; meanwhile, in markets outside China, they may face pressure from their home governments to exclude Chinese technology. This will force companies to maintain two or even multiple sets of different IT and security architectures, significantly increasing operational costs and complexity, and giving rise to a digital Babel phenomenon.

Furthermore, it signifies the fragmentation of the global cybersecurity market. A Western market dominated by U.S. technological standards and ecosystems, and a Chinese market aimed at China's independent technology and standards, are rapidly taking shape. The difficulty of technological interoperability, data flow, and threat intelligence sharing between the two is increasing. This is detrimental to global collaboration in combating cybercrime and state-level cyberattacks and may lead to a more lawless cyberspace.

Finally, this incident occurred on the eve of Trump's planned visit to China and at a delicate moment when the U.S. Department of Commerce had just announced the relaxation of export restrictions on AI chips such as NVIDIA's H200 to China. This paints a complex picture: on one hand, there are limited, strategic signs of easing in hard technology areas like semiconductors; on the other hand, there is a continued tightening and demarcation in soft power and security core domains such as cybersecurity and data sovereignty. This reveals the multidimensional and long-term nature of the U.S.-China technology rivalry—competition remains the main theme, but limited cooperation and transactions will still exist in areas where both sides have urgent needs. Cybersecurity, due to its close ties with sovereignty and security, has become one of the most difficult fronts to compromise on in this rivalry.

Beijing's directive for domestic enterprises to discontinue the use of certain U.S.-Israeli cybersecurity software is far from an isolated adjustment in technology procurement policies. It represents a crucial step in China's systematic construction of technological sovereignty following profound reflection on the risks of external technological dependence; a concrete projection of strategic competition between China and the United States, and even broader East-West rivalries, into the digital domain; and another distinct marker of the global industrial chain's shift from prioritizing efficiency to prioritizing security and resilience.

This process will reshape the competitive landscape of China's domestic technology industry, compelling global enterprises to reassess their technological roadmaps and market strategies, and potentially leading to deeper fragmentation in what should be an interconnected global cyberspace. In a century where technology increasingly serves as the cornerstone of great power strength, the struggle for dominance over core technologies will only intensify. Cybersecurity, a critical battlefield devoid of smoke yet of immense importance, will see every offensive and defensive move, as well as every strategic layout, continuously define the balance of power and modes of interaction among nations for a long time to come. For all countries and enterprises involved, adapting to this new digital era—one that places greater emphasis on autonomy and security—is no longer an optional choice but an imperative necessity.