The Chinese government has set regulations for critical communications infrastructure providers buying tech, which is likely to hinder foreign vendors.
The new regulations were announced by the Cyberspace Administration of China (CAC) and will come into force on 1 June.
This move adds to widespread concerns about the global telecoms supply chain fracturing, with standardisation and interoperability becoming regional, driving up costs for all concerned, from R&D to consumers.
It is highly likely that local companies will opt to buy domestic products and services to avoid all the red tape and involvement of local authorities.
American firms have expressed concerns, although arguably the Chinese government’s actions mirror those of governments in Europe where Chinese vendors have been designated high risk on advice from various national and international cybersecurity bodies.
There is also a ban by the Trump Administration on American firms selling to Chinese vendors, which spend billions on software and silicon from US companies, although this has been subject to a series of exemptions.
Under the new regulations, operators must provide procurement documents, purchase agreements, and an analysis of the possible impact on national security for government scrutiny before signing a contract.
The CCA explicitly said the Chinese government will take into account “political, diplomatic, and trade factors”, and that the review cover scrutiny ahead of contracts being signed and “continuous supervision” thereafter.
The Chinese government said that the initial review procedure should typically take up to 45 working days.
The CCA said in a statement: “The network products and services mentioned in these measures mainly refer to core network equipment, high-performance computers and servers, mass storage devices, large databases and application software, network security equipment and cloud computing services.”
It continued, “The cyber security review focuses on assessing the possible national security risks brought by the purchase of cyber products and services, mainly considering the risk of key information infrastructure brought about by the use of products and services being illegally controlled, subject to interference or destruction, and the theft, leakage, or damage of important data and the disruption of the supply of products and services to the business continuity of critical information infrastructure.”