Why has China Banned a Host of Major Cybersecurity Firms?

Amid accusations of hacking and cyberwarfare, China has reportedly banned the use of cybersecurity software from a host of major US and Israeli firms.

The ban has been justified under “national security concerns”, according to Reuters, as the Chinese authorities worry software could “collect and transmit confidential information abroad” as the geopolitical and trade standoff between US and China intensifies under US President Donald Trump. 

Those banned include CrowdStrike, Palo Alto Networks, Fortinet, Wiz, Check Point, Broadcom (VMware), SentinelOne, Recorded Future, Claroty, McAfee, Rapid7, Google (Mandiant), Orca, CyberArk, Imperva and Cato Networks.

CrowdStrike, CheckPoint and Palo Alto networks have previously published material that implicates China in global hacking efforts, which the authorities vehemently deny. 

Cyber firms react to China’s ban 

While most of the firms blacklisted do not have significant Chinese clients, some have offices in mainland China, Hong Kong and Shanghai. 

The shares of Broadcom and Fortinet fell by 4% and more than 2% respectively, while Palo Alto Networks stayed relatively stable after the news of the ban. 

Crowdstrike told Reuters it would “only be negligibly affected” as it "did not sell into China and did not have offices, hire people or host infrastructure there”. SentinelOne offered a similar response, stating it had “no direct revenue exposure to China”.

Orca Security CEO Gil Geron told Reuters the ban “would be a step in the wrong direction". 

China’s Xinchuang Initiative puts cyber ban in context 

Established in 2016, China's Xinchuang Initiative is designed to support its homegrown technology infrastructure and decrease reliance on importing foreign technologies. 

In its mission to achieve technology self-reliance, Xinchuang, which is short for Information Technology Application Innovation, stands to potentially benefit from the Chinese ban of western cyber firms. 

China has more than 5,000 domestic cybersecurity vendors to pick from, including Volt Typhoon, which has been linked to espionage campaigns, meaning the ban is unlikely to affect the domestic infrastructure. 

The blacklisting of foreign firms to assure data sovereignty makes further sense when examined in the context of the Xinchuang policy. Its projected deadline for the localisation of China’s IT industry is 2027. 

EU, US and UK among countries banning Chinese vendors

Amid suggestions the EU plans to slowly phase out Chinese suppliers from member countries’ critical infrastructure over security concerns, the ban by Chinese authorities further reflects a lack of trust. 

The US has a ban in place from 2022 that denies the approval of new telecommunications equipment from Chinese Huawei and ZTE, as well as products from Hytera, Hikvision and Dahua as the government said it “poses national security risks”. 

The UK recently cracked down on Chinese companies associated with the Salt Typhoon espionage campaign, while the nation had previously instated bans on CCTV cameras from Chinese vendors such as Hikvision and Dahua for privacy and security reasons. 

Taiwan, Czech Republic and Canada are among other countries with restrictions on the use of Chinese products, including DeepSeek AI. 

The West’s continued efforts to reduce reliance on Chinese technology, coupled with China’s retaliation by restricting Western access to its tech ecosystem, highlight growing mistrust and escalating tensions between nation states.