The U.S. and Europe are locked in an intense debate: Should a technology company’s country of origin determine whether its equipment should be included in critical national infrastructure and other sensitive supply chains? The answer could determine the future of the $5 trillion ICT industry — and the fate of globalization itself.
For the U.S., when it comes to Huawei, the answer is an unequivocal yes. For the past two years, Washington has been on the warpath against the Chinese 5G mobile networking equipment supplier, formalizing a de facto ban on the company in its own networks and urging other countries, including key European allies, to do the same, while systematically acting to cut off the flow of essential U.S. technology to Huawei.
The Europeans share the U.S.’s concern about securing 5G networks and other critical infrastructure from espionage or sabotage, but some key U.S. allies have resisted the American approach. Rather than ban Huawei outright, the U.K., for example, has opted to place restrictions on all “high-risk vendors” in its next-generation network — excluding them from core portions of the network, capping their share in the radio access network, and barring them from mobile edge computing and sensitive critical infrastructure. For now, this means Huawei and ZTE, but the U.K.’s restrictions could in theory apply to other suppliers and aren’t strictly dependent on political assessments about China’s policies, or its legal and political system. The U.K.’s approach sidesteps the question of “trustworthiness” and puts the focus back on supply chain security and risk management.
The U.S. approach could change the tech sector and derail globalization
The U.S. approach, which has focused particularly on Huawei, but also has been used with other tech companies such as Russian-based cybersecurity software maker Kaspersky, is to assume that a company’s country of origin matters. If you don’t trust the government where a tech company is domiciled, the reasoning goes, you cannot trust the company.
In making their case, U.S. officials have leaned heavily on China’s National Intelligence Law, particularly Article 7, which states that any organization or citizen shall support, assist, and cooperate with state intelligence work. The U.S. and others in the ban-Huawei camp cite this law as proof that Beijing can order its companies to commit espionage or sabotage on behalf of the Chinese government and Communist Party.
This argument has the benefit of being simple and easy to understand. But the focus on China’s National Intelligence Law is a red herring. First, it assumes that the law’s vague language concerning cooperation of individuals and organizations on national intelligence matters extends to all spheres of activity, domestic and overseas — and that the Chinese government would take advantage of this to force companies to conduct what amounts to offensive cyber operations at the behest of Beijing. Even if it were the case, other political and economic factors — such as a desire to not undermine a more than $100 billion company such as Huawei — might constrain Beijing from using this capability.
Second, fixating on China’s National Intelligence Law implies that if China were to repeal or amend the law, “trustworthiness” issues around Huawei and other Chinese suppliers would dissipate. The rub here is that governments with sophisticated intelligence capabilities, like China, do not require laws to use companies to assist in national security matters. Without getting into details, there are many other ways to go. So pointing to the National Intelligence Law as proof positive that the government could force companies to assist appears pretty weak in light of the broader political reality. And it is doubtful that policymakers in the ban-Huawei camp would suddenly warm to the company if China were to change the law.
Where does the logic of “trust” stop?
If the lack of trust in Chinese vendors is not really about one particular law, or even a particular company, but is instead about China’s broader political system and status as an economic, political, ideological, and military “adversary,” then the global technology sector is in a serious pickle.
That is because it is not clear where the logic of “trust” stops: If the risk of China using domestic technology companies for espionage or sabotage against critical infrastructure can’t be managed, but instead must be eliminated entirely, then excluding Chinese technology from Western critical infrastructure is unlikely to stop with Huawei. What about Chinese components in rival Western firms’ 5G base stations? Or Chinese laptops in other sensitive infrastructure, like refineries or power plants? Should sensitive applications be allowed to run on Western cloud servers that contain technology sourced from China?
There is some evidence that we may already be on the slippery slope. So far U.S. concerns have centered largely on Huawei, ZTE, and networked systems involved in next-generation mobile telecommunications networks, but end point devices are also on the radar. Congress is warily eyeing leading commercial drone maker DJI. U.S. lawmakers have raised concerns about Chinese state-owned companies manufacturing scanning equipment used in U.S. airports and even rail cars for the Metro system in Washington, D.C. Even though the the rail cars in question are actually assembled at factories in the U.S., some lawmakers have expressed concern China could somehow use them to spy on conversations between government employees commuting to work.
Chinese-origin electronics like personal computers, printers, and other devices are likely to fall under greater scrutiny in a world of “trustworthy vendors.” Like network infrastructure equipment, end-user devices contain a wealth of technology sourced from all over the world. Often most of the intellectual property of consumer electronics devices is of U.S. origin, including CPUs and software, while assembly and testing functions are carried out in China. Significant quantities of components could also be sourced from other countries such as Taiwan, Japan, and South Korea, and then assembled at a third-party facility in China, such as electronic contract manufacturing operations run by Taiwan giant Foxconn. Determining the “adversary nation” content in these devices will not be easy.
China has applied a similar approach to U.S. tech companies
Concerns about issues such as country of origin predate the Huawei debate. Beijing, in fact, has long been concerned about U.S. tech companies’ willingness to collaborate with the U.S. government. Several incidents highlight the concern. These include Beijing’s reaction to the alleged encryption back door in Microsoft Windows in 1999, and the Snowden revelations of 2012, which showed that the U.S. government had used access to U.S. companies to plant malware on products destined for target countries, including China.
As a result of the Snowden documents, some U.S. technology companies have steadily lost market share in China, as Beijing pushed its government, state-owned, and major private sector companies to reduce dependence on U.S. core technologies. The “anti-IOE” campaign, directed at IBM, Oracle, and EMC (Dell), was an early example of Beijing’s attempt to reduce dependence based on country-of-origin criteria similar to the approach being pushed by the U.S. on Huawei, ZTE, and other Chinese tech companies. Chinese ecommerce, cloud, and payments giant Alibaba also had a major role in the de-IOE campaign, eventually removing IBM and Oracle from its IT systems. Chinese banks have had a harder time, but are increasingly using domestic players such as Inspur to replace Western hardware in their networks.
China’s country-of-origin de-risking process has taken on fresh urgency following the start of the U.S. campaign to restrict flows of advanced U.S. technology to China, and will accelerate further in 2020. As China’s domestic “secure and reliable” (安全可靠 ānquán kěkào) program kicks in, orders from a new leading group on tech decoupling are flowing out to government departments, SOEs, and key tech companies, all of whom have been ordered to de-risk supply chains quickly, though the overall program appears to have a five-year time horizon.
On the U.S. side, industry is pushing back hard on a new draft rule that could soon go into effect stemming from last year’s executive order on ICT supply chain security. The rule would potentially give the U.S. Commerce Department veto power over any critical infrastructure operator purchases of equipment or services from a company controlled by an “adversary nation.” In theory, this language could also be used to justify country-of-origin restrictions on technology from Russia, North Korea, or Iran. But these historical U.S. adversaries are not significant suppliers of technology to the U.S., nor are they target markets for U.S. technology leaders. That leaves China.
China will continue to “design out” U.S. technology
While Beijing has long attempted to reduce dependence on foreign core technology, its leading companies, particularly global players such as Huawei, have benefited massively from participation in global value-added supply chains and ecosystems for key technology sectors. Huawei, for example, uses U.S. electronic design automation tools, and until last May’s Entity List action, most of Huawei’s products, consumer, infrastructure, enterprise, and cloud/AI included significant U.S. technology inputs. Now Huawei’s strategy is in overdrive to “design out” U.S. technology. The company already claims to have succeeded in designing a 5G base station without any U.S. components.
Chinese AI companies that have landed on the Entity List for selling their products to public security organizations in Xinjiang are also heavily dependent on U.S. suppliers of graphical processor units (GPUs) for training AI algorithms. Most Chinese tech companies continue to use U.S.-origin CPUs from Intel and AMD, as there are few alternatives. China’s leading supercomputer company, Sugon, which was pursuing development of x86 technology for a CPU, was slapped with Entity List action last summer, effectively ending its ability to independently produce CPUs.
Tech companies from other countries, such as Europe, continue to manufacture in China and supply both domestic and global markets, including telecom vendors Ericsson and Nokia. U.S. pressure on Europe to ban Huawei led to recent Chinese threats to cut off China’s market to both European vendors.
Markets beyond the U.S. and China will be affected
Policies based on trustworthiness and country-of-origin criteria could soon take on a life of their own, going much further back in supply chains. As the U.S. and China continue to pursue this approach, it could spread to other major global markets, including the EU, Russia, Japan, and South Korea. Governments will feel pressure to apply the “adversary nation” and “untrustworthy vendor” labels more broadly. Lists of problem companies, entity lists, unreliable entity lists, high-risk vendors, and the like could soon become the new normal. For multinational technology companies used to operating in a rules-based, compliance-based order, the move toward values-based assessments of companies that depend on their country of origin is and will be a rocky process.
Will the Committee on Foreign Investment in the United States (CFIUS) roll back more mergers and acquisitions based on scouring paperwork for Chinese surnames as it is reportedly doing now? Will Zoom be tarred as an unreliable supplier because its founder was born in mainland China (he is a U.S. citizen)? How far back in the supply chain will the proposed U.S. software bill of materials (SBOM) go and how much Chinese-origin software will be tolerated? Will it matter whether the source code is written, compiled, or installed in China? What parts of complicated manufacturing supply chains and processes, such as for the iPhone, personal computers, 3D printers, or industrial robots and other industrial machinery, can be moved out of China?
Nations forced to take sides, hindering development of next-generation mobile networks everywhere.
As 30 years of tech supply chain optimization in China and Asia comes to a screeching halt, spurred by U.S. and China tech competition and now the coronavirus, these are the questions company management teams and boards will have to grapple with. How much deleveraging of ICT supply chains will be sufficient for hawks and industrial planners in both Beijing and Washington? What will be the impact of R&D in the technology sector, innovation, and interoperability? Last year, one of our firm’s top risks was Innovation Winter, which this year has spun into the Great Decoupling, primarily because the impact of this dynamic now goes well beyond the U.S. and Chinese technology sectors, and is forcing other nations to choose sides, while also likely delaying the rollout of next-generation mobile networks.
Advocates of trust-based, country-of-origin restrictions on ICT equipment are attempting to address legitimate national security concerns. But they should be clear what they are proposing, and clear-eyed about the potential implications for U.S.-China relations, the global technology sector, and the broader economy, depending on how far this goes.
The worst-case scenario is years of massive disruption to supply chains, an exodus of U.S. technology companies to offshore jurisdictions, and the emergence of at least two distinct tech ecosystems (possibly three, depending on how events unfold in Europe), with other countries and companies forced to choose sides at some level of the technology stack. Such a split would reduce the addressable market for global technology firms, with knock-on effects for investment and innovation across all technology sectors as markets are closed to companies deemed untrustworthy.
We are not quite there yet, and there are still several Rubicons to be crossed. One key test will be the eventual shape of U.S. policy on semiconductors and semiconductor manufacturing equipment going to China. A major interagency meeting at the end of the month that will include the U.S. departments of Defense, Commerce, and Treasury as well as the White House will go a long way to determining the trajectory of the current tech deleveraging process.
Hold on to your hats, because the collapse of globalized technology ecosystems is just getting started.