Mitigating the risk of a China–India conflict

More than a year has passed since Chinese troops began to occupy previously Indian-controlled territory on their disputed border in Ladakh. The crisis has cooled and settled into a stalemate. This report warns that it could escalate again, and flare into a conflict with region-wide implications.

The report assesses the risk of conflict by analysing its likelihood and consequences. A possible war would be costly for both India and China. But a possible war could also risk stirring Indian distrust of its new partners, especially in the Quad – Australia, Japan, and the United States. The report outlines some conditions under which a war would disrupt or dampen those developing partnerships.

The report concludes by offering a framework for policymakers to shape India’s expectations and the strategic environment before and during a possible war.

France’s Indo-Pacific Strategy and its overseas territories in the Indian and Pacific oceans: Characteristics, capabilities, constraints and avenues for deepening the Franco-Australian strategic partnership

The report analyses France’s military capabilities and cooperation activities in the Indian and Pacific Oceans, underlining its strengths and limitations. In terms of its economic presence and official development assistance commitments, it is clear that the French strategy suffers significant limitations. However, these may be offset by a growing commitment from the EU and through strategic partnerships allowing France to pool efforts at all levels to meet regional and global challenges.

To deter the PRC …

This Strategic Insights report is the first in a series of essays, workshops and events seeking to better understand the nature of deterrence, particularly from the viewpoint of the Chinese Communist Party (CCP) and its People’s Liberation Army (PLA).

The series is a joint project between the Australian Strategic Policy Institute (ASPI) and the US China Aerospace Studies Institute (CASI).

Over the coming months, ASPI and CASI, along with our research associates, will examine the concept of deterrence, how both democratic countries and the People’s Republic of China (PRC) approach deterrence, what liberal democracies are doing to deter China and what China is doing to deter them, and assess the impacts of those efforts.

The series will culminate in an in-person conference that will put forward policy options for Australia, the US and our allies and partners. These publications will draw heavily from original PRC and PLA documents, as well as interviews and personal experiences, to help understand the framework that the PRC uses when it thinks about what we call here ‘deterrence’.

What if …? Economic consequences for Australia of a US-China conflict over Taiwan

What if China were to attempt to seize Taiwan by force and the US and allies responded militarily? One consequence would be the disruption of China’s trade with many countries, including Australia. While strategic analysts have been working over such scenarios for years, there’s been little study of the likely economic consequences.
 
This study is focused on the short-term shock to Australia’s economy. The objective is to contribute to an understanding of the nature of Australia’s economic relationship with China and the likely paths of adjustment should that trade be severed. It also explores the options available to the Australian Government to ameliorate the worst of the effects of what would be a severe economic shock.
 
The conclusion of this report is that the disruption to the Australian economy would be significant. There would be widespread loss of employment, along with consumer and business goods shortages that would be likely to necessitate rationing.

Mapping China’s Tech Giants: Supply chains & the global data collection ecosystem

his report accompanies the re-launch of our Mapping China’s Technology Giants project.

This report is available for download in English and Arabic.

Other Reports that are part of this project include:

What’s the problem?

Most of the 27 companies tracked by our Mapping China’s Technology Giants project are heavily involved in the collection and processing of vast quantities of personal and organisational data — everything from personal social media accounts, to smart cities data, to biomedical data.1 Their business operations—and associated international collaborations — depend on the flow of vast amounts of data, often governed by the data privacy laws of multiple jurisdictions. Currently, however, existing global policy debates and subsequent policy responses concerning security in the digital supply chain miss the bigger picture because they typically prioritise the potential for disruption or malicious alterations of the supply chain. Yet, as we have defined it in this report, digital supply-chain risk starts at the design level (Figure 1).

For the People’s Republic of China (PRC), the designer is the Chinese party-state, through expectations and agenda-setting in laws and policy documents and actions such as the mobilisation of state resources to achieve objectives such as the setting of technology standards. It’s through those standards, policies and laws that the party-state is refining its capacity to exert control over companies’ activities to ensure that it can derive strategic value and benefit from the companies’ global operations. That includes leveraging data collection taking place through those companies’ everyday global business activities, which ASPI’s International Cyber Policy Centre (ICPC) described in the Engineering global consent report.2 Technology isn’t agnostic—who sets the standards and therefore the direction of the technology matters just as much as who manufactures the product. This will have major implications for the effectiveness of data protection laws and notions of digital supply-chain security.

What’s the solution?

This report recommends that governments, businesses and other organisations take a more multidisciplinary approach to due diligence. That approach needs to take into account the core strategic thinking that underlies the ways the Chinese party-state uses technology. It must also take into account the breadth of what’s considered to be ‘state security’ in China and the ramifications of the PRC’s cyber- and data-focused laws and regulations.

All governments should improve their regulatory frameworks for data security and privacy protection.

Doing so will put them in better ethical and legal positions to take meaningful long-term policy actions on a whole suite of issues. However, those efforts in isolation won’t solve all of the unique challenges posed by the Chinese party-state or other geopolitical challenges described in this report.

A more holistic approach, which would help to ensure that data is better protected, also requires a better definition of digital supply-chain risk and a reframing of global policy debates on these issues. There needs to be a greater understanding of how supply-chain risks manifest, including the intentional introduction of access and more subtle monitoring and information collection by malicious actors. Specific actions for managing potential data insecurity and privacy breaches in supply chains should include improving risk-based approaches to the regulation of data transfers.

Figure 1: Compromise of the digital supply chain without a malicious intrusion or alteration

Source: ASPI authors’ illustration.

1. The PRC’s data ecosystem

The PRC’s global data collection ecosystem was outlined in the ASPI ICPC policy report Engineering global consent: the Chinese Communist Party’s data-driven power expansion.3 In that report, we described ways the Chinese party-state directly and indirectly leveraged PRC-headquartered commercial enterprises to access troves of data that those enterprises’ products help generate.

That report was based on how the Chinese party-state articulated its objectives on data use and state security and a case study of the propaganda department–linked company Global Tone Communication Technology Co. Ltd (which we expand on in the ‘Downstream data access’ section of this report).

As part of the Mapping China’s Technology Giants project, we have identified the need to further define the PRC’s ‘global data ecosystem’ concept. In this section, we focus on the nature of interactions between political agenda-setting, active shaping of international technical standards, technical capabilities, and data as a strategic resource. This directly affects companies’ business activities, both domestic and global (Figure 2).

Figure 2: The PRC’s data ecosystem

Source: ASPI authors’ illustration.

The PRC’s data ecosystem begins with technical capability. That includes China’s advanced cyber offensive skills, but also extends to its companies’ normal business operations anywhere in the world providing access, collection, data processing or any combination of the three to the party-state.

The party-state’s ability to obtain large amounts of personal information and intellectual property through its state-sponsored cyber operations has been widely reported in detail, including in indictments by the US Department of Justice.4 However, the PRC’s policies and legislation— purposefully shaped by the Chinese Communist Party (CCP)—mean that the party-state’s ability to access data is extended even further than the normal operations of PRC-based companies with a global presence. It’s also consequential that those globally influential PRC-based technology companies occupy every layer of the ‘technology stack’.

In Table 1, we illustrate the ‘technology stack’ by using the ISO standard Open Systems Interconnection model as a reference (because it’s used for networking and data exchange but can also be illustrative of the technology industry ecosystem).5 We then charted it against the relevant companies in the Mapping China’s Technology Giants project and their US counterparts, which for several decades have had a dominant presence in every layer.

Table 1: Technology business ecosystem, referencing a simplified Open Systems Interconnection model

Source: ASPI authors’ illustration.

Technology companies everywhere are primarily driven by commercial interests. The difference between the US and China is that in China the way the state conceives of the usefulness of data goes beyond traditional intelligence collection. For the Chinese party-state, data and the information derived from it contribute to everything. Domestically, that ranges from solving policy problems to information control and state coercion. Globally, it ranges from expanding the PRC’s role in the global economy to understanding how to shape and control its global operating environment. In the next two sections, we elaborate on how the Chinese party-state’s laws, policies and actions, which apply to PRC-based technology companies, create an ecosystem that provides it with access to the data that those companies can obtain.

1.1 Who sets the standards matters

Technology isn’t values-agnostic. It takes on the values of its creator. Therefore, who sets the standards, and consequently the direction of the technology, matters. We know, for instance, that artificial intelligence has a history of racial and socio-economic bias built in from the design stage, reflective of the inherent biases of the designers and the choice of data used to train the algorithms.6

Technologies must be designed to be ‘values-neutral’7 to avoid those problems, but that aspiration might not ever be realistic.8

Liberal democracies don’t agree on what ‘values’ mean in this context. The European Union, for example, is increasingly prioritising indigenous technology development not just because of strategic competitors such as the PRC but also because of the US. That requires navigating often complex relationships with US-based technology giants such as Google, Apple and Facebook.9

Part of protecting values in any liberal democracy is about preventing the creep of illiberalism from sources both domestic and foreign. It’s also about introducing regulations and standards that protect the norms and freedoms underpinning democratic values. When it comes to Europe and the digital economy, much of that effort is currently targeted towards holding US technology companies accountable.10

The Chinese party-state is creating mechanisms and power structures through which it can ensure its ultimate and maximum access to datasets both domestically and globally. This is apparent through its agenda-setting (articulated in party and policy documents), its expectation-setting (signalled through new laws) and communications from the CCP (such as speeches and state media reporting). Part of the CCP’s effort takes place through the PRC’s attempts to set standards that guide the design of technologies. For example, PRC facial recognition systems are required to be designed to recognise ‘Uyghur faces’.11 Another example is big data platforms and systems designed to categorise individuals based on a politicised version of whom the CCP deems suspicious or potentially threatening (such as petitioners, Tibetans, Uyghurs or Falun Gong practitioners).12 Within the PRC, technologies are already being researched and developed to meet the needs of the party-state (see section ‘Data regulations: setting the standards’). When those technologies are exported, such design features can’t be erased by the technology’s end-user, whether it’s a global company or a foreign government.

1.2 Harnessing the strategic value of data

The Chinese party-state has deliberately formulated a strategy to harness the strategic value of data and the power of information to grow the power of the CCP over society. In 2013, Xi Jinping was quoted as saying, ‘big data is the “free” resource of the industrial society. Whoever has a hold of the data has the initiative.’13

In 2016, China’s 13th Five-Year Plan pushed for the creation of a ‘big data security management system’ alongside efforts to improve cyberspace governance by building an international consensus around the PRC’s ideas on cyberspace security.14 The 14th Five-Year Plan, unveiled in 2021, continues the party-state’s multifaceted priorities for the development and use of big data for economic and social governance and calls for building new data infrastructure and improving the rules governing data collection, storage and use.15

In addition to economic development, the party-state often describes big data technologies as contributing to ‘social management’ (also called ‘social governance’).16 Social management covers a broad and overlapping list of agenda items, from creating capabilities to improve public service administration to strengthening ‘public security’. Ultimately, social management refers to the party-state’s management of itself as well as of society. This process relies on shaping, managing and controlling its operating environment through capabilities that enhance service provision and the capacity for risk management.17

New and emerging digital technologies are valued because they’re viewed as a resource that can improve everyday governance capacity and facilitate problem-solving. In simplifying government service provision, the implementation of those technologies can in future facilitate communication across the PRC’s sprawling government apparatus.18 Digital and data-driven technologies obviously have multiple uses. For example, they can help streamline urban and social welfare services. In other respects, those same services can feed into the party-state’s totalitarian model of governance and the way it identifies and responds to what it believes are emerging threats.

This use of data occurs in ways that provide both convenience and control. Routine services are intertwined with surveillance and coercive tools in ways that are often not legally possible in liberal democratic societies—or, when they do occur, can be genuinely challenged by the public, media and civil society. That distinction doesn’t simply apply to the ways different PRC Government departments use similar technologies (such as ways the public security bureaus use technologies versus the ways industrial work safety offices use them).

One example is Human Rights Watch’s findings on Xinjiang’s Integrated Joint Operations Platform, which is used to centrally collect data on individual behaviours and flag ‘those deemed potentially threatening’. One metric used to identify threats is energy usage from smart electricity meters: abnormally high energy use could indicate ‘illegal’ activity, but such meters in their normal use would also improve the accuracy of meter readings.19 Another example is building datasets for use in the PRC’s ‘national defence mobilisation system’ (a crisis response platform) using data sourced from a variety of government cloud networks, from smart cities to tourism-related cloud networks (Figure 3).20

Figure 3: The concept of defence mobilisation and smart cities data integration and processing

Source: ASPI authors’ illustration.

Despite the benefits it can derive, the CCP also sees sources of harm emerging from technology and its use, and it realises that technology isn’t an all-encompassing solution to its problems. Xi Jinping has described science and technology as a double-edged sword: ‘On one hand, it can benefit society and the people. On the other hand, it can also be used by some people to damage the public interest and the interests of the people.’21 Such risks could include companies or officials having the ability to exercise too much power with the aid of technology.22 They could also include the use of technology by the CCP’s political opponents to organise against the party-state, from either inside or outside the PRC.23

1.3 A global outlook

The PRC’s plans to harness the strategic value of data and the power of information to grow state power are also globally oriented. The party-state sees its reliance on technologies originating in the West (especially the US) as a threat to state security, for fear of how foreign powers might exploit that reliance, especially in a crisis.24 That fear helps drive the development of the PRC’s indigenous technology capabilities.25 Its capability effort includes planning on big data development to build an ‘industry ecosystem’ with ‘globally oriented key enterprises and innovative small- and medium-sized enterprises with distinctive features’.26 It also includes a plan to export PRC-originated technology standards, envisioned through the China Standards 2035 project.27 Economic benefits and objectives are included in each plan, but through them the CCP also sets specific political ambitions.

As part of its global vision (see Figure 4), the Chinese party-state ensures that it’s a part of the market-driven expansion and success of its global technology giants. Under Xi Jinping, the government has increasingly demonstrated the extraterritoriality inherent in PRC state security concepts and law. Moreover, the fact that companies have the right to do business in China at the party-state’s discretion has become abundantly clear. The ability to harness the benefits of data would help to achieve the CCP’s global vision because, through the processing and application of that data, the party can improve the sophistication of its efforts to shape, manage and control its global operating environment.

Figure 4: Explainer: The Chinese party-state’s vision for the PRC in the world

Sources: ASPI authors’ illustration. See endnote for detailed citations.28

2. The PRC’s developing data security framework

PRC legislation related to state security29 provides reasons for foreign governments to be concerned about the exposure of any PRC-based commercial enterprise to the political demands of the party-state.30 Recent state security laws, such as the 2017 Intelligence Law, haven’t changed the longstanding de facto practice of state power in the PRC, but have further codified expectations in China that every citizen is responsible for state security.31 Assessments of those risks have helped address what should be the obvious political and legal risks of doing business with PRC-based technology companies.

Some analysts have attempted to downplay the significance of such laws by claiming that the law is never black and white in the PRC and by describing compliance with PRC law as ‘a negotiation’.32 The latitude of officials to enforce the law and corporations’ efforts to maintain their freedom of action leave open grey areas, but that claim, in the context in which it’s being made, is false. Law may be a negotiation in the PRC, as it is elsewhere, but the party-state decides whether there’s a negotiation at all, and where that negotiation ends. 

Critically, the party-state itself isn’t bound by the law when it’s challenged or when its interests are threatened. A recent illustration of this is Alibaba and its founder, Jack Ma, who briefly ‘disappeared’ at the end of 2020 following his public criticism of PRC regulators’ attitude towards big business, accusing them of having a ‘pawnshop’ mentality that stifled innovation.33 In April 2021, it was announced that Alibaba would be fined US$2.8 billion after a probe determined that it had abused its market position for years.34 Nobody in the PRC is too big or too powerful to be subject to the party-state’s demands.35

PRC-based technology companies themselves have acknowledged their exposure to legal risks emanating from the PRC. It’s standard practice for global companies to acknowledge in their privacy policies that user data may be transferred and governed by laws outside of their own jurisdiction.

According to most privacy policies for websites and products of the 27 companies in our Mapping China’s Technology Giants project, users who live outside the PRC may have their data transferred to and processed and stored in a country that isn’t where they reside or have ordered services from, including the PRC, where all of the companies have business. When the data is transferred it will be governed by the law in that country’s jurisdiction, not only the law in the place where the data originated (Figure 5).36

Figure 5: New Mapping China’s Technology Giants product—‘Thematic snapshots’

Source: Mapping China’s Technology Giants project website, online.

Most of the 27 companies state that they’re committed to protecting personal information, but acknowledge that they may be required to disclose personal data to meet law enforcement or state security requirements. The definition of what meets the threshold of being a national security or criminal case can be highly politicised in the PRC, and the process of definition isn’t similar to those that occur in a liberal democracy.

The political system of the PRC creates this risk. Law in the PRC is first and foremost political and a governing tool that enforces political power. It’s meant to be wielded by the party-state and to uphold and expand the power of the state. Its implementation is reliant on the CCP’s leadership and is used to strengthen the party’s governing capacity, but the law isn’t above the party-state even if it’s used to manage its members.37 Nonetheless, the law is more than a blunt weapon of state power. It’s important to think through the implications of the fact that the law also functions as a tool to set and communicate the state’s expectations of its apparatuses, its entities and individuals. New developments related to data collection, storage and transfer make these issues more apparent.

The Chinese party-state is currently deliberating on a draft Data Security Law (DSL) and draft Personal Information Protection Law (PIPL).38 In April 2021, second draft versions were issued publicly (see the appendix to this report for translations of the articles of the draft laws that we focus on in this section). Both are expected to become law in 2021. The third and probably final version of the draft DSL is expected to be deliberated at a National People’s Congress Standing Committee meeting on 7–10 June 2021.39

These laws don’t exist in a vacuum. They should be read along with a suite of other relevant state security legislation, including, for example, the State Security Law (2015) and the Cybersecurity Law (2016).

2.1 Data regulations: limiting individuals and organisations while empowering the state

The draft DSL and draft PIPL should be read together. The main distinction is that the draft DSL lays out the responsibilities of the state in creating a data security system and in guaranteeing data security, whereas the draft PIPL defines the boundaries and personal information protection requirements for individuals and entities.40

What makes the framework unique, compared to any other country’s laws regulating data security, is that data security is unambiguously part of the party-state’s security strategy and is first about protecting the CCP’s monopoly hold on power (Figure 6). The draft DSL says that the effort to guarantee data security must adhere to the party-state’s ‘comprehensive state security outlook’.41

The draft establishes the state as the leader of the data security system, stating that the ‘central state security leading mechanism’ is ‘responsible for decision making and overall coordination on data security work, and researching, drafting and guiding the implementation of national data security strategies and relevant major guidelines and policies.’42

Figure 6: Explainer: The PRC’s state security concept

Figure 6 (continued): Explainer: The PRC’s state security concept

Sources: ASPI authors’ Illustration. See endnote for detailed citations.43

The law says not only that a party entity is in charge, but also that any significant policies will originate there. The term ‘central state security leading mechanism’ in legal documents is synonymous with the Central State Security Commission, which is a CCP body led by Xi Jinping.44 Therefore, the activity of other state regulatory departments and public and state security organs responsible for implementing data security efforts would flow from the decision-making and strategy that the Central State Security Commission is tasked with overseeing and implementing.45

The draft DSL also applies to data-handling activities taking place ‘outside the territory of the PRC’, if those activities are seen to ‘harm the state security, the public interest, or the lawful rights and interests of citizens’ and organisations of the PRC, they are to be pursued for legal responsibility ‘in accordance with law.’ Existing law and practice illustrate the global application of such concepts.

Hong Kong’s new National Security Law, passed in 2020, criminalises ‘separatism’, ‘subversion’, ‘terrorism’ and ‘collusion’ in addition to support for any of those activities by anyone, no matter where in the world they’re located.46

The draft PIPL, meanwhile, is intended to regulate the power of individuals and entities who handle the personal data of PRC citizens both inside and outside the country. It establishes a more robust system for protecting individuals’ data privacy from individuals and companies.47 It applies to activities outside the PRC involving the handling of personal information of natural persons within the territory of the PRC when those outside actors are providing products or services to persons within the PRC, analysing and assessing the conduct of natural persons within PRC or ‘other situations provided for by law or administrative regulations’. Just like the draft DSL, it leaves open the potential that the law can be used as intended: to protect the CCP’s power wherever necessary. Laws such as the Intelligence Law illustrate specific cases in which other legislation might be used to justify this reach, and a law such as the Hong Kong National Security Law illustrates the fact that political opponents of the party-state might also be targeted in vague ‘other situations’.48

The draft PIPL also superficially applies to the state. For example, it says that any retrieval of personal information requires following ‘legally prescribed duties’ and must be done ‘in accordance with the authority and procedures provided by laws’.49 Yet, Article 19 establishes that: [W]hen personal information handlers handle personal information, where there are circumstances that laws and administrative regulations provide shall be kept confidential or need not be announced, it is acceptable not to notify the individual.

On the basis of that logic, any case in which the 2017 Intelligence Law applies could be excluded from the PIPL’s protections. Article 7 of the Intelligence Law says that: [A]ny organisation and citizen shall in accordance with the law, support, provide assistance, and cooperate in national intelligence work, and guard the secrecy of any intelligence work they are aware of.50

The important takeaway is that digital technology can be applied in ways that expand the aforementioned capabilities of the party-state, but governance of its use can be managed in ways that restrict officials’ discretion in applying it. This doesn’t mean, however, that these regulations limit the party-state’s influence. In reality, the regulations enhance their ultimate influence over digital technologies and the flow of data.

2.2 Data regulations: setting the standards

Both draft laws contain directives on how the party-state expects data security and data privacy regimes to develop. They establish that, in the PRC, data shall be collected, stored and processed in a manner that’s consistent with the party-state’s paramount security concepts and objectives. Especially given the party-state security concept guiding data security, it’s notable that Xi Jinping has called for strengthening ‘the Party’s leadership over standardisation work’ and has described standardisation as the ‘commanding heights’ of international economic and technological competition.51

Beyond establishing which institutions are in charge and who is responsible for data security, the draft DSL also establishes expectations about how the PRC’s standardisation system is to function that are specific to data security. The draft DSL says that State Council administrative departments and other relevant State Council departments are responsible for organising ‘the formulation and appropriate revision of standards related to technology and products for the development and use of data and to data security.’52 The most relevant body under the State Council is the Standardisation Administration of China (SAC), which is an agency under the State Administration for Market Regulation. According to the revised 2017 Standardisation Law,53 the SAC is required to oversee standards initiation and implementation. At the practical level, technical committees develop standards, which are then accredited by the SAC.54

The technical committees working on the standards consist of stakeholders that are mostly government entities, government-linked research institutes and commercial enterprises. Many standards they develop are mandatory requirements, which companies must also meet to successfully bid for a project domestically. A March 2021 report by IPVM pointed to documents such as ‘GA/T1400.3—2017’ on ‘public security video image information application systems’ developed by the Science and Technology Information Technology Bureau of the Ministry of Public Security in coordination with several companies included in the Mapping China’s Technology Giants project, including Uniview, Hikvision and Dahua.55

As the standards develop domestically, they’ll also be projected globally, not just through market activity but also as the PRC seeks to participate and shape international technology standards. The SAC is also responsible for representing the PRC at international standards-setting bodies.56 Both the draft PIPL and the draft DSL have provisions stating that the state is required to participate in setting international rules and technology standards for data security and personal information protection.57

The expansiveness of that expectation-setting creates normalised pathways for the PRC to exploit data-sharing downstream in ways that can undermine the security of other countries, as we describe in the next section.

3. Rethinking digital supply-chain vulnerability

Not all methods used to acquire data need to be intrusive, subversive, covert or even illegal—they can be part of normal business data exchanges. Figure 1 illustrates how a digital supply chain can be compromised without a malicious intrusion or alteration. The data-sharing relationships that bring commercial advantages are also the same ones that could compromise an organisation.

Thinking about risk solely in terms of potential disruption ignores the ways in which supply-chain risk can emerge from normal processes, in which no disruption is required.

The vulnerability of supply chains was made apparent by the Covid-19 pandemic, which made supply-chain resilience even more important. As we become more digitally interconnected, the breadth of what’s considered a risk to the supply chain has grown to include risks to the digital supply chain—the electronic products we rely on and the data that flows through them.

Discussions about digital supply-chain security typically prioritise the potential for disruption or malicious alterations of the supply chain. Examples include cyberattacks, altered components inserted into the supply chain and limited access to critical supplies such as semiconductors. That kind of risk from well-resourced state and non-state actors is already well understood by governments thinking about supply-chain security.58 As we noted in the section on ‘The PRC’s data ecosystem’, the PRC’s sophisticated offensive cyber capability and its ability to obtain data through those methods are also well known. But a digital supply chain threat doesn’t necessarily require malicious alterations or cyber intrusions into a network.

The SolarWinds supply-chain attack of 2020 is one example of a supply-chain cyberattack perpetrated through the malicious insertion of software. In that case, threat actors, probably of Russian origin,59 compromised the software update service for the SolarWinds Orion platform to facilitate the distribution of malicious code to Orion customers.60

Another cybersecurity risk in the supply chain that’s hidden in plain sight comes from ‘white labelling’ of original equipment manufacturer (OEM) products.61 That was the case with US-headquartered Honeywell, which came under scrutiny in 2018 for selling Dahua cameras under its own brand, as Dahua was banned in the US under the National Defense Authorization Act.62 A simple example of risk for customers in this situation is that they may be monitoring cybersecurity vulnerabilities for Honeywell products, not knowing that in fact they should also be monitoring vulnerabilities for the underlying Dahua product.

Other areas of discussion include vendor trustworthiness. The 5G vendor debate within Australia a few years ago brought to light the importance of the ownership and control of network infrastructure.63 More broadly, it made organisations consider the risk of the vendors whose equipment their organisations’ data would be passing through and the obligations that those vendors have to their ‘home’ governments.64 Australia’s lead cybersecurity agency, the Australian Cyber Security Centre, in its guidance to organisations on identifying digital supply-chain risks, addresses this need to take into consideration foreign control, influence and interference.65

While these discussions are likely to lead to important policy responses that address some digital supply-chain vulnerabilities, they don’t capture the full scope of risk that currently exists. In the SolarWinds and Honeywell examples above, those charged with ensuring cybersecurity usually look for changes to normal activity as an indicator of a problem or threat. In cases where the risk lies within standard data exchange processes, therefore, it could be easily missed. 

3.1 Downstream data access: the GTCOM case study

The ASPI ICPC policy brief Engineering global consent focused on Global Tone Communication Technology Co. Ltd (GTCOM), which is a subsidiary of a state-owned enterprise directly controlled by the Central Propaganda Department of the CCP that collects bulk data globally in support of the party-state’s propaganda and state security objectives.66 The data ecosystem emerging from GTCOM’s commercial partnerships includes some of the PRC’s largest and most important technology companies. For GTCOM, strategic cooperation with globally recognisable PRC-based companies—notably Huawei and Alibaba Cloud—provides assistance in two key areas in the form of:

  • the opportunity to conduct bulk data collection by providing translation services to both companies, which have deeper market penetration
  • the development of or access to capabilities that support its bulk data collection.

As Figure 7 shows, GTCOM has commercial partnership agreements that provide it with access to bulk data from other PRC-based technology companies.

Data transfers can occur through processes built directly into the ecosystem. A technology company such as GTCOM provides an important case study in how the data ecosystem could reach far beyond the PRC’s data regulatory regime.

Figure 7: GTCOM and the global data collection ecosystem concept

Sources: ASPI authors’ illustration.

3.2 Processing power

The party-state prioritises data collection domestically and globally. As we’ve described above, it’s building an ecosystem that enables access to any bulk data collected through commercial enterprises.

It further recognises that technology will eventually catch up to its ideas for processing and generating specific outputs. Being able to collect data is useful, but it’s the ability to access and aggregate data for analysis and derive useful insights from it that’s powerful.

The business model of internet giants such as Facebook, Google, ByteDance and Tencent heavily relies on data and the use of artificial intelligence. They collect large volumes and many varieties of data from users of their service platforms. For example, they may collect such things as user platform preferences, platform behaviours (such as how long it took an individual user to click from one page to another), how long the user stayed on a page, what products they put into their shopping cart and who their friends are, as well as real-world information such as the running routes of the user and the user’s home location. The data is aggregated to generate profiles of individual users for marketing and advertising purposes, and also to improve the platform. That in turn leads to greater user engagement and provides additional opportunities to collect more data. Data brokers perform a similar aggregation and analysis task, but they usually use data that they’ve mined freely from the internet or purchased from other sources.

The concern isn’t necessarily that data is being collected, but rather the ability to infer sensitive details about individuals from the aggregation of seemingly innocuous bits of data from a variety of sources.

A single geolocation coordinate out of context isn’t meaningful, but, using location data from a single mobile device collected over time, it’s possible to identify an individual in a household and their pattern of life. All that’s needed is to identify their three primary locations—home, work and one other regularly used location.

That kind of data can be used to target individuals, such as by identifying and tracking the movements of the US President,67 and can identify sensitive military locations en masse,68 but it can also be used to create convenience. Google Search results provide popular times, wait times and visit durations for all users searching for a local business by using ‘aggregated and anonymised data from users who have opted in to Google Location History’.69

The use of big data analytics to monitor operations in smart cities can bring greater efficiency benefits to operations, facilitate data sharing and assist with decision-making and situational awareness overall. However, that same data, in the hands of adversaries, could give them macro-scale insights that would otherwise be difficult to obtain. If those systems are under the control of adversaries, the concern isn’t just about others having access to the data but also about adversaries’ ability to control or modify the data. As a consequence, the information used to create convenience, improve efficiency and enhance situational awareness is the same information that can be used by an adversary. The ability of some PRC-based technology companies to process big data is sufficiently large.

According to reporting in Foreign Policy, they’ve been used by the party-state to carry out intelligence tasks. According to ‘current and former officials’ cited in the report, this has included the acquisition of datasets from large data breaches, such as the 2014 cyber intrusion into the US Office of Personnel Management.70 It’s big data analysis like this that the US Central Intelligence Agency believes enabled the exposure of its undercover officers in Africa and Europe.71 The question that requires further research and analysis is why those PRC-based companies were chosen. For instance, were they chosen not just for their processing ability but also because, by ingesting the datasets and combining the data with their own holdings, they could enrich the information that could be derived from the data?

Commercial businesses aren’t the only entities carrying out large-scale data processing in the PRC.

The party-state is also doing it at the national level. The People’s Bank of China has included a ‘Big Data Analytics Centre’ as part of the design of the PRC’s ‘Digital Currency / Electronic Payments’ system. The bank’s officials have said that the data collected through the system will be used to improve macroeconomic policy. The bank will ‘analyse how money is being used, transacted, and stored; support tracking and surveillance using both static and real-time data; provide data and analysis inputs for monetary policy; and flag financial fraud’.72

Goals associated with harnessing the strategic power of data are a natural extension of long-enshrined goals in authoritative party-state documents and embedded in detailed economic policies and plans to ensure progress toward those goals.73 However, the party-state’s development of theory and policy is an iterative process and has always involved a degree of experimentation to ensure progress without too many unintended consequences.74 Control or the preservation of the CCP’s power isn’t a goal unto itself, but rather a prerequisite for achieving those ambitions. The collection, storage and processing of big data will play an increasingly key role in those efforts in future.

4. Recommendations

Adequately evaluating the risks associated with doing business with PRC-based technology companies, or companies that rely on their technologies in their supply chains, requires an understanding of the Chinese party-state’s articulation of its own intentions. It also requires an understanding of the implications of policy and legal documents that signal what steps will be taken to realise intended outcomes, as well as, of course, analysis of the party-state’s actual behaviour (domestic and global).

We recommend as follows.

1. Invest resources to better understand the PRC’s and the CCP’s articulation of their own intentions in order to set the tone for a more informed public debate that will generate targeted responses to the identified problems.

Incorrect assumptions are often made about the party-state’s intent. In addition, what’s being articulated and signalled through PRC policy and legal documents is too often ignored or not placed into the context in which it’s being articulated or signalled (such as being placed in an appropriate political context) or being described (for example, in the light of the CCP’s view that data security is a problem of state security, as the party-state defines ‘state security’).

2. Recalibrate data security policy and privacy frameworks to account for the Chinese state’s use of data to reinforce its political monopoly.

Companies and governments too often assume that other governments’ data and privacy regulations share the same goals as their own. That isn’t true when it comes to the Chinese party-state and PRC-based companies, even if common vocabularies are used or if some policy drivers are similar. In the PRC, unlike in liberal democracies, data security and privacy concepts (including draft legislation) reinforce the party-state’s monopoly power. Companies and governments need to recognise this risk and calibrate their policies to account for it.

3. Collaborate with like-minded countries to develop systems for improving risk-based approaches to improving the regulation of data transfers.

Organisations must assess the value of their data, as well as the value of that data to any potential party in their supply chain that may have access to it or that might be granted access. In an age in which information warfare and disinformation campaigns occur across social media platforms and are among the greatest threats to social cohesion, data that’s about public sentiment is as strategically valuable as data about more traditional military targets. Risk needs to be understood in a way that keeps up with the current threat landscape, in which otherwise innocuous data can be aggregated to carry meaning that can undermine a society or individuals.

4. Take a multidisciplinary approach to due diligence.

Governments, businesses and other organisations need to develop frameworks for conducting supply-chain reviews that take into account country-specific policy drivers. Developing such a framework shouldn’t be limited to just assessing a vendor’s risk of exposure to political risk. It should also include detailed analysis of the downstream actors who have access to the vendor’s data (and must include analysis of things such as the broader data ecosystem they’re a part of and the obligations those vendors have to their own governments). Taking this more holistic approach to due diligence will better ensure that data can be protected in an effective way.

Appendix: The draft Data Security Law and draft Personal Information Protection Law

Please download the PDF to access the appendix.


Acknowledgements

Thank you to Danielle Cave and Cheryl Yu for all of their work on this project. We would like to also thank our external peer reviewers Lindsay Gorman, Kara Frederick and Chris Crowley. We’re also grateful for the valuable comments and assistance provided by Peter Mattis, Tom Uren, Michael Shoebridge and Fergus Hanson.

This research report forms part of Mapping China’s Technology Giants, which is a multi-year project mapping and analysing the overseas expansion of key Chinese technology companies. The project seeks to:

  • analyse the global expansion of a key sample of China’s tech giants by mapping their major points of overseas presence
  • provide the public with analysis of the governance structures and party-state politics in which these companies have emerged, and are deeply entwined.

The Mapping China’s Technology Giants project is produced by researchers at ASPI’s International Cyber Policy Centre. The relaunch of this project, and associated research, was funded with a US$270,000 grant from the US State Department

What is ASPI?

The Australian Strategic Policy Institute was formed in 2001 as an independent, non‑partisan think tank. Its core aim is to provide the Australian Government with fresh ideas on Australia’s defence, security and strategic policy choices. ASPI is responsible for informing the public on a range of strategic issues, generating new thinking for government and harnessing strategic thinking internationally. ASPI’s sources of funding are identified in our annual report, online at www.aspi.org.au and in the acknowledgements section of individual publications. ASPI remains independent in the content of the research and in all editorial judgements.

ASPI International Cyber Policy Centre

ASPI’s International Cyber Policy Centre (ICPC) is a leading voice in global debates on cyber, emerging and critical technologies, issues related to information and foreign interference and focuses on the impact these issues have on broader strategic policy. The centre has a growing mixture of expertise and skills with teams of researchers who concentrate on policy, technical analysis, information operations and disinformation, critical and emerging technologies, cyber capacity building, satellite analysis, surveillance and China-related issues.

The ICPC informs public debate in the Indo-Pacific region and supports public policy development by producing original, empirical, data-driven research. The ICPC enriches regional debates by collaborating with research institutes from around the world and by bringing leading global experts to Australia, including through fellowships. To develop capability in Australia and across the Indo-Pacific region, the ICPC has a capacity building team that conducts workshops, training programs and large-scale exercises for the public and private sectors.

We would like to thank all of those who support and contribute to the ICPC with their time, intellect and passion for the topics we work on. 

If you would like to support the work of the centre please contact: icpc@aspi.org.au

Important disclaimer

This publication is designed to provide accurate and authoritative information in relation to the subject matter covered. It is provided with the understanding that the publisher is not engaged in rendering any form of professional or other advice or services. No person should rely on the contents of this publication without first obtaining advice from a qualified professional.

© The Australian Strategic Policy Institute Limited 2021

This publication is subject to copyright. Except as permitted under the Copyright Act 1968, no part of it may in any form or by any means (electronic, mechanical, microcopying, photocopying, recording or otherwise) be reproduced, stored in a retrieval system or transmitted without prior written permission. Enquiries should be addressed to the publishers. Notwithstanding the above, educational institutions (including schools, independent colleges, universities and TAFEs) are granted permission to make copies of copyrighted works strictly for educational purposes without explicit permission from ASPI and free of charge.

First published June 2021.
ISSN 2209-9689 (online),
ISSN 2209-9670 (print).

Cover image: ASPI ICPC, Nathan Attrill

Funding Statement: Funding for this report was provided by the US State Department.

  1. Mapping China’s Tech Giants, online. ↩︎
  2. Samantha Hoffman, Engineering global consent: the Chinese Communist Party’s data-driven power expansion, ASPI, Canberra, 14 October 2019, online. ↩︎
  3. Hoffman, Engineering global consent: the Chinese Communist Party’s data-driven power expansion. ↩︎

Mapping China’s Tech Giants: Reining in China’s technology giants

This report accompanies the re-launch of our Mapping China’s Technology Giants project.

This report is available for download in English and Arabic.

Other Reports that are part of this project include:

1. Introduction

Since the launch of ASPI ICPC’s Mapping China’s Technology Giants project in April 2019, the Chinese technology companies we canvassed have gone through a tumultuous period. While most were buoyed by the global Covid-19 pandemic, which stimulated demand for technology services around the world, many were buffeted by an unprecedented onslaught of sanctions from abroad, before being engulfed in a regulatory storm at home.

The environment in which the Chinese tech companies are operating has changed radically, as the pandemic sensitised multiple governments, multilateral groups and companies to their own critical supply-chain vulnerabilities. The lessons about national resilience learned from the pandemic are now being applied in many sectors, including the technology sector, where a trend towards decoupling China and the West was already well underway. As the geopolitical rivalry between the US and China has heightened, both sides increasingly see any reliance on the other for strategic commodities, such as rare-earth minerals and semiconductors, as dangerous vulnerabilities.

Supply-chain vulnerability has ignited work in Europe, North America and other regions to reduce dependence on China. Telecommunications companies such as Huawei and ZTE that are deemed ‘high risk’ by multiple countries are increasingly finding themselves locked out of developed markets. Amid the trade war between the US and China, which began in 2018, the Trump administration unleashed a relentless series of actions targeting Chinese companies in an effort to slow their advance. That onslaught has further convinced China’s leadership to redouble its efforts to dominate the commanding heights of technology as a source of strategic and economic power.

Among the measures meted out by the Trump administration were limits on investment by Chinese technology companies,1 blocks on the operations of Huawei and other Chinese telecom companies in the US,2 pressure on other countries to block Huawei’s operations,3 new export control regulations,4 tariffs on products benefiting from Beijing’s ‘Made in China 2025’ program5 and an attempt to ban ByteDance’s TikTok and Tencent’s WeChat apps.6 The effects of the actions have been uneven—dealing a major blow to Huawei, for example, while barely touching the major Chinese internet firms’ businesses.

For China’s leadership, the twin crises of the Covid-19 pandemic and the growing China–US strategic and technological competition highlighted the country’s need to achieve its long-held goal of ‘technological self-reliance’.7 The US’s ability to cut off China’s technology companies’ access to semiconductors, in particular, is seen by leaders from Xi Jinping down as an unacceptable ‘choke point’ holding back China’s progress.8 The 14th Five-Year Plan, unveiled in March 2021, reflected the Chinese Communist Party’s (CCP) sense of urgency. For the first time, it described technological innovation as a matter of national security, not just economic development.9

The now 27 Chinese technology firms that we cover on our Mapping China’s Technology Giants project (‘our map’) span sectors including biotechnologysurveillanceartificial intelligence (AI), e-commerce, finance, entertainment and telecommunications. All of them are set to play a key role in the coming years as Beijing ramps up major investments in strategic technologies such as 5G telecommunications, quantum computing and AI. Both state-owned and private businesses are being mobilised in a ‘whole country’ approach to reduce reliance on foreign technologies and seek breakthroughs in strategic science and technology projects.10 Beijing’s new goal is to increase R&D investment by 7% each year.11 Already, several of the companies featured on our map, including SenseTime, Huawei, ZTE, MegviiYITUCloudWalkBaiduAlibaba, Tencent and China’s three major telecommunications companies, have been recruited into a US$2 trillion ‘new infrastructure’ plan.12

Pushback on China’s technology giants didn’t just come from Washington, however; it also came from the CCP. Chinese regulators used the Covid-19 pandemic as an opportunity to tighten supervision over the companies, which had grown into behemoths with relatively light regulatory oversight in the past decade.13 The escalating geopolitical tensions with the US and the ensuing US–China trade war contributed to a government campaign to rein in Alibaba’s fintech affiliate Ant Group, as the Chinese state sought to head off risks in the banking system amid concerns that the stand-off with Washington could precipitate a financial crisis.14 Those concerns culminated in the abrupt cancellation of the company’s initial public offering (IPO), which was set to be the world’s largest ever, just two days before its launch in Shanghai and Hong Kong in late 2020.15

Since then, the CCP’s efforts to tighten state control over China’s internet companies have widened. In April 2021, Chinese e-commerce leader Alibaba Group was hit with a record US$2.81 billion antimonopoly fine, equivalent to around 4% of its 2019 domestic sales.16 A string of high-level resignations has followed as the government continues to seek to weaken the central authority of all the leaders of the major tech companies.17 China’s regulators, tasked with ‘tackling monopolies’ and ‘preventing disordered capital expansion’, have set their sights on a fundamental restructuring of the country’s biggest tech companies to ensure that they remain focused on technological innovation and align themselves even more closely with the strategic goals of the CCP.18

2. Covid-19

The Covid-19 pandemic has had a profound effect on the world economy. The International Monetary Fund estimates the global economy shrank by 4.4% in 2020, compared to a contraction of 0.1% in 2009 during the global financial crisis.19 China was no outlier in the first quarter of 2020, when its economy shrank by 6.8% in the first such contraction in at least 40 years.20 Yet, amid the turmoil, technology giants—particularly in the US and China—provided a rare bright spot as they seized the opportunity to expand aggressively.

As reliance on digital products grew during the pandemic, demand for US and Chinese technology giants’ products and services surged. The combined revenue of the largest US tech companies—Apple, Microsoft, Amazon, Google-parent Alphabet and Facebook—grew by a fifth to US$1.1 trillion, while their combined market capitalisation grew by half during 2020 to US$8 trillion.21 As of May 2021, the 27 companies we cover on our map had a combined market capitalisation of more than US$2.2 trillion, ranking them, in estimated nominal GDP terms, as equivalent to the world’s eighth largest economy, after France.22 Only three of the companies on our map—Huawei, Megvii23 and CloudWalk— experienced slowing year-on-year revenue growth.

Some of China’s internet companies, including Tencent, Alibaba, ByteDance, Huawei and biotechnology company BGI, attempted to turn the crisis into a public relations opportunity by providing financial or material assistance to countries struggling to control the Covid-19 pandemic (Figure 1). To take one example: Tencent’s Covid-19 donations from its US$100 million Covid-19 fund included medical equipment to sporting teams such as Football Club Barcelona24 and the New England Patriots25, cities such as Nashville (US)26, countries such as Ethiopia27, hospitals in Los Angeles (US)28 and Karachi (Pakistan)29, and the World Health Organization’s Covid-19 Solidarity Response Fund.30

Figure 1: China’s technology giants’ overseas donations

The Mapping China’s Technology Giants project currently counts a total of more than 130 donations by all tracked companies combined. Over eighty of those donations are Covid-19 monetary and medical donations from ByteDance, Tencent and Alibaba.

Tencent’s largesse was possible due to its oversized success. Supercharged by the pandemic, the company was able to exploit falling valuations to scoop up Norwegian game developer Funcom, take a stake in German developer Yager and make multiple investments in fintech start-ups, mainly in Europe and the US. The company currently sits on a portfolio worth roughly a quarter of a trillion dollars.31

As Chinese consumers ensconced themselves at home, Tencent’s music and video service subscriber numbers swelled to 43 million and 112 million, respectively, growing by 50% and 26% from June 2019 to 2020.32 WeChat, the company’s ubiquitous social media app, ballooned to over 1.2 billion users in the first quarter of 2020, up by more than 8% from 2019, as Tencent worked in collaboration with the Chinese Government’s National Development and Reform Commission to create the WeChat Health Code app used to verify people’s exposure to Covid-19.33 Tencent’s profit for the whole of 2020 stood at US$25.1 billion (Ұ159.8 billion), a year-on-year increase of 71%.34 At the time of writing, Tencent’s market capitalisation is around US$800 billion, making it China’s most valuable company.

Despite 13 companies on our map having been added to the US Government’s Entity List (see box below) and facing challenges while operating during the pandemic, many continued to report strong growth throughout 2020.

The Entity List

The US Department of Commerce’s Entity List was created in 1997 to address risks related to the proliferation of weapons of mass destruction. The US Government has since expanded its basis for adding entities to the list to include countering Chinese military activity, countering spying and addressing human rights concerns.35 Companies placed on the Entity List are banned from buying parts and components from US companies without government approval.

BGI, for example, saw its profits surge as Covid-19 spread around the world, despite the addition of two of its subsidiaries to the Entity List in July 2020. As of August 2020, BGI had already sold 35 million Covid-19 rapid-testing kits to 180 countries and built 58 labs in 18 countries (Figure 2).36 Due to its rapidly expanding global presence, the company experienced a net profit surge of 653% during 2020, and the value of its shares climbed by 87%.37 BGI’s operating income in the North American market even increased by 556.23%, making up 9.91% of the company’s total operating income in 2020.38 By March 2021, BGI’s market capitalisation on the Shanghai stock exchange had jumped to US$7.9 billion (Ұ50.83 billion), up from its March 2020 market capitalisation of US$5.26 billion (Ұ33.86 billion).39

Figure 2: BGI’s overseas presence

The Mapping China’s Technology Giants project currently counts more than 100 points of presence for BGI overseas, including commercial partnerships, Covid-19-related donations, investments, joint ventures, memorandums of understanding, overseas offices, research partnerships and subsidiaries.

WuXi AppTech Group is another biotech company that experienced growth during Covid-19, increasing its market capitalisation by 130%.40 Since the beginning of the pandemic, WuXi has been involved in the research and production of antibody treatments for Covid-19, and in January 2021 announced its plans to begin producing vaccine components for British–Swedish pharmaceutical company AstraZeneca at WuXi’s manufacturing facility in Germany.41

Three of our mapped internet companies were responsible for donating notable sums of money globally in the fight to combat Covid-19. ByteDance, Tencent and Alibaba ranked in the world’s top Covid-19 corporate financial donors, donating close to US$436 million, US$173 million and US$144 million, respectively.42 Those sums fall behind donations from only two leading US technology companies: Google and Cisco donated US$1.3 billion and US$226 million, respectively.43

The three Chinese companies also experienced significant growth in 2020:

  • ByteDance’s revenue more than doubled despite the challenges that its subsidiary TikTok faced, including a ban from the Indian market and attempts by the Trump administration to force TikTok’s sale to an American owner.44
  • Similarly, Alibaba has been referred to as ‘one of China’s biggest corporate winners of the coronavirus crisis’, as the company’s online traffic skyrocketed in 2020 and the Chinese Government increased its reliance on Alibaba’s cloud services in response to the pandemic.45
  • Ant Group, which is an affiliate of Alibaba, was essential in China’s initial Covid-19 response. Early in the pandemic, the company assisted the Chinese Government in developing and implementing the Alipay Health Code to facilitate contact tracing.46 Ant’s small-business lending platforms accumulated a US$300 billion credit balance, and its wealth management platform facilitated US$590 billion worth of investments.47

Similarly, HikvisionUniviewSenseTime,48 iFlytek (Figure 3),49DJIMeiya Pico50 and Ping An Technology51—a collection of surveillance, AI and technology companies—grew by developing technology used in response to Covid-19. Many of those technologies include temperature-screening products and contact-tracing systems. SenseTime claimed it has improved its facial-recognition algorithm to identify individuals wearing masks using just the person’s visible facial features.52

Figure 3: iFlytek’s Covid-19 impact

Source: This is an extract from one of our ‘Thematic snapshots’ on the Mapping China’s Technology Giants project website (under ‘Analysis’), online.

Surveillance company Hikvision’s revenue initially fell in the first quarter of 2020, but rebounded in the second quarter due to the company’s overseas revenue growth from its ‘fever cameras’.53 Uniview followed a similar pattern, first experiencing a sales and profit slowdown in the first half of 2020 and then recovering by the end of the year due to strong overseas growth in temperature-screening products, according to our map (Figure 4).54

Figure 4: Overseas expansion by Hikvision, Dahua and Uniview during the Covid-19 pandemic

The Mapping China’s Technology Giants project depicts the overseas expansion of Hikvision, Dahua and Uniview as overseas demand for their temperature-screening products increased during the Covid-19 pandemic. The map contains 65 data points of overseas presence relating to Covid-19 for the three companies, including donations, commercial partnerships and surveillance equipment.

Drones manufactured by technology company DJI proved useful in helping counter the spread of Covid-19. The company sold drones to countries, including France, Norway, Italy, the Philippines, Spain and Indonesia, and 22 states in the US to disinfect public areas and to patrol streets.55

Although China’s economic growth slowed to 2.3% by the end of 2020, its economy emerged as the only major economy expected to have grown in 2020 as a result of the pandemic.56 China’s digital economy, in particular, was positively affected by Covid-19, expanding by 9.7% from 2019.57 While China’s economic recovery had a head start, the International Monetary Fund expects the global economy to recover and grow by 6.1% in 2021, estimating 5.1% growth for advanced economies and 6.7% growth for developing economies.58

Despite external pressures amid tense US–China relations, Covid-19 provided the technology giants on our map with an opportunity to expand both domestically and overseas. High-profile donations of personal protective equipment from the tech giants helped to burnish their brands as well as deflect criticism of the Chinese state’s cover-up of the Covid-19 outbreak in its early days. China’s tech giants may have received a short-term boost from the pandemic, but over the longer term their prospects are less certain as many countries begin to address their dependence on China in critical sectors.59 As those countries make changes to reduce their reliance on China, the overseas growth that Chinese tech companies have experienced may slow.

3. US-China tech tensions

As factories in China were shut down and exports from the country ceased in China’s early response to the Covid-19 outbreak, the pandemic triggered countries and companies to move away from their supply-chain reliance on China. Before the pandemic, the US Entity List played a role in the Trump administration’s push to decouple the US economy from China. Cooperating with blacklisted companies on the Entity List raised fears among Western businesses about the data security and privacy risks associated with continued collaboration.60 As those concerns and Entity List designations began affecting business between US and Chinese companies, the ramifications of the listings spread globally, influencing the actions of other countries against some of the technology giants on our map.

The impacts of the US Entity List and ensuing global actions against the Chinese technology companies that we observed have varied drastically, significantly slowing Huawei’s overseas growth and overall expansion, while sparing major internet companies, including ByteDance, Tencent and Alibaba.61 The Entity List designation of telecommunications companies Huawei and ZTE prompted other countries, such as the members of the Five Eyes group and the EU, to implement policies aimed at limiting and in some cases excluding those companies from their 5G infrastructure. Although Covid-19 provided several surveillance and AI companies with an opportunity to neutralise such effects, many countries are still responding to security concerns associated with China’s tech giants, and the impacts of further global actions can be expected to shift in severity in coming years.

In the five years since the US first blacklisted ZTE in 2016—in a move that threatened the corporate viability of the Chinese telecommunications company62—Washington has widened its net to include a range of other Chinese companies, including 16 of the 27 featured on our map. As of April 2021, more than 400 Chinese companies, organisations and affiliates had been placed on the Entity List.63

In addition to placing various Chinese companies on the Entity List, the Trump administration also prohibited US companies and citizens from investing in the securities of dozens of companies included in the Pentagon’s list of ‘communist Chinese military companies’ operating in the US (the CCMC List),64 including seven of the technology companies featured on our map: China Electronics Technology Group (CETC)China MobileChina TelecomChina Unicom, Hikvision, Huawei and Inspur.65 The Trump administration also proposed new rules that sought to eject Chinese firms from US stock exchanges for failure to comply with US auditing standards (Figure 5).

Figure 5: Timeline of US listings and other measures affecting Chinese tech companies

Note: For more information and sources, refer to Appendix 1.

3.1 The ZTE case

In March 2016, the US Department of Commerce added ZTE to the Entity List after it found that the company had schemed to hide its re-exports of US-origin items to Iran and North Korea, both of which were under US sanctions.66 The restrictions prevented suppliers from providing ZTE with US equipment, threatening the company’s supply chain.

While the ban brought the company to the brink of collapse, Washington extended a series of lifelines to ZTE, allowing it to maintain ties to its US suppliers before it agreed to pay US$892 million in a plea deal in March 2017.67 In April 2018, the US announced a seven-year ban on American firms selling parts and software to the company after it was found to be shipping US goods to Iran in violation of its agreement.68

The ban had an immediate effect on ZTE, bringing the company’s production to a grinding halt. It announced in April 2018 that it was ceasing ‘major operating activities’.69 The following month, US President Donald Trump threw an unexpected lifeline to the company, tweeting that there would be ‘too many jobs in China lost’ due to the US Government’s actions against ZTE.70

ZTE went on to report revenue growth hitting a five-year high during 2020. The company’s operating revenue reached almost US$16 billion (Ұ101.45 billion), indicating a year-on-year increase of 11.8%.71 Its net profit experienced a year-on-year increase of 17.3%, totalling US$672 million (Ұ4.26 billion).72 While sales had declined in the US and Europe, the company was able to achieve sufficient growth in Asian markets and domestically, where it made over two-thirds of its revenue.

In August 2018, Washington reached for another tool. The annual Defense Authorization Bill barred government agencies from procuring equipment from five Chinese companies, including ZTE.73 The Bill covered any substantial or essential technology component of any system used by US Government agencies, and especially mentioned technology used to track or view user data. As a result of the Bill, all agencies that were already using equipment provided by the Chinese companies were directed to allocate specific funding to replacing it.74 When the Bill was enacted, it also targeted other Chinese companies, including Huawei and Hikvision.75

3.2 Huawei’s global struggles

Similarly to its competitor, ZTE, Huawei continues to experience turbulence due to its addition to the US’s Entity List. The company was first blacklisted on 16 May 2019 by the US Commerce Department’s Bureau of Industry and Security, together with 66 of its non-US affiliates.76 The bureau later added several other affiliated entities in August 201977 and August 2020.78

In addition to using the Entity List, the Trump administration blocked global chip supplies to Huawei in May 2020, further impeding the global expansion of the company’s business.79 As the crackdown on the company continued, Huawei was designated as a national security threat, together with ZTE, by the US Federal Communications Commission on 30 June 2020, which effectively barred them from receiving federal broadband subsidies to expand broadband access across the US.80 Finally, in November 2020, Huawei and 30 other Chinese companies were included in an executive order that designated them as being backed by China’s People’s Liberation Army.81

As the US has taken action against Huawei, it has also actively encouraged and publicly pressured other countries to adopt similar policies.82 But many countries have taken their own, and often different pathways, to arrive at their decisions on 5G over the last few years. And some, like Australia, made their decisions long before the United States.

The Five Eyes countries have responded with some of the toughest policies against Huawei. In 2018, Australia became the first country to exclude ‘high-risk vendors’ from its 5G networks.83 New Zealand similarly rejected Huawei’s first bid in the country in 2018 due to national security concerns.84 The UK most recently banned mobile providers from purchasing new Huawei 5G equipment and announced that providers must remove all Huawei 5G equipment from their networks by 2027.85 Although Canada hasn’t formally blocked Huawei, the country has delayed its decision long enough to effectively force its telecom companies to exclude Huawei equipment from their 5G networks.86

According to the Dell’Oro Group, countries representing more than 60% of the world’s cellular-equipment market are now considering or have already acted to restrict Huawei.87 The EU and several of its members have taken similar actions to block or limit Huawei’s presence in their 5G network deployments . In January 2020, the EU recommended that its members limit ‘high-risk 5G vendors’, including Huawei, stopping just short of recommending an outright ban of the company.88 Swedish regulators banned wireless carriers from using Huawei’s 5G equipment, citing national security concerns. In response, however, Huawei challenged the decision in Swedish courts and has since threatened to exclude Ericsson from participating in China’s 5G growth.89

Romania and Poland both enacted policies aimed at blocking Huawei from their 5G networks, although the policies didn’t explicitly ban Huawei.90 Huawei sent a letter to the EU competition chief, in which the company argued that Poland’s and Romania’s proposed 5G security rules were ‘predicated on several violations of EU law’.91 In its letter, Huawei also cited the involvement of the US in those actions against the company, referencing ‘joint declarations’ and ‘memoranda of understanding’— aimed at pushing out 5G suppliers subject to foreign interference—that the US signed with several European countries, including Romania, Poland, Estonia, Latvia, the Czech Republic, Slovenia, Slovakia, Cyprus, Bulgaria, North Macedonia and Kosovo.92

In 2020, as a result of global actions against it, Huawei reported its slowest annual revenue increase in a decade.93 Specifically, Huawei’s revenue increased year-on-year by 3.8%, totalling US$136.7 billion,94 which was a drastic decline from its 19% revenue growth during 2019 (Table 1).95 Although the company still managed to grow overall, China was the only region where it experienced positive revenue growth.96 The company’s carrier business, which is responsible for building its telecom networks, grew by only 0.2%.97 That stall was largely due to the decision of several Western countries to exclude Huawei’s 5G equipment from their networks.98

Table 1: Huawei’s 2020 business revenue, by region

Source: Huawei Investment & Holding Co. Ltd, 2020 annual report, 2021, online.

While Huawei’s decline in growth was most pronounced in North and South America in 2020, Europe, the Middle East and Africa collectively showed the next greatest decline, followed by the Asia–Pacific. This resulted in the company’s decision to pivot its priority industries to focus on developing software. In an internal memo made public in May 2021, Huawei founder Ren Zhengfei wrote that Huawei should strive to ‘lead the world’ in software as the company seeks growth beyond its hardware operations.99

Although Huawei’s deputy chairman, Eric Xu Zhijun, said in an interview that the company’s goal for 2021 is ‘to survive’, experts such as Dan Wang, an analyst with Gavekal, have speculated that Huawei may pivot to new businesses, such as self-driving and electric-vehicle technologies.100 Already, Huawei reportedly has plans to invest US$1 billion into researching self-driving and electric vehicles and is reportedly in talks to acquire a domestic automaker’s electric vehicle unit.101 Through investing in businesses that are less reliant on advanced chips and through strengthening its software business, Huawei is searching for new revenue sources.102

US sanctions have particularly affected Huawei’s access to international technologies, such as advanced chips, that are essential for the company’s products. When the US Government barred Huawei from purchasing semiconductors produced using US software or technology without a special licence, the move crippled Huawei’s smartphone business and resulted in the sale of its Honor budget smartphone brand.103 US sanctions also required Google to revoke Huawei’s Android licence, leaving the company without access to Google apps and services that have been critical for the functioning of Huawei’s smartphones.104

In response to losing its Android licence, Huawei created a ‘forked’ version of Android to serve as its own operating system, Harmony OS, which is likely to face challenges as it seeks to attract developers and create apps.105 If it’s successful, however, Harmony OS would provide Huawei with complete control over an operating system with potential implementation in smartphones internationally, enabling Huawei to control the information environment—including which apps are banned—outside of China’s borders.106

Despite losing access to several markets globally, Huawei has signed new 5G and cloud-computing agreements with countries in Africa, the Middle East and Southeast Asia (Figure 6). Access to those markets will be critical for Huawei’s future as the US and the EU move to confront their supply-chain dependence on China.107

Figure 6: Huawei’s 5G and cloud-related overseas presence

Note: The Mapping China’s Technology Giants project website contains 200 data points of overseas presence relating to 5G and cloud technologies for Huawei.

3.3 Sanctions for all

Similarly to Huawei, state-controlled surveillance technology company Hikvision was added to the US’s Entity List in October 2019.108 Along with Hikvision, six other technology giants on our map were added at that time, including surveillance company Dahua, AI companies iFlytek, Megvii, SenseTime, and YITU, and digital forensics and security company Meiya Pico.109

Although Hikvision’s growth was boosted by Covid-19, a March 2020 disclosure detailed the negative impacts of sanctions on the company’s overseas market and income. The disclosure stated that, as a result of its Entity List designation, Hikvision had increased its R&D costs significantly to allow for expanding upstream technology, changing materials and adjusting product designs.110 Additionally, Hikvision has been restricted in other countries, such as India, where the company is prohibited from bidding on government projects.111 The company also faces scrutiny in Australia, where, as recently as January 2021, the South Australian health department removed all cameras made by Hikvision from public hospitals and nursing homes.112

Predicting its addition to the Entity List in 2019, Hikvision stockpiled essential components in preparation, which proved helpful in mitigating the immediate impacts.113 As the global chip shortage continues to affect the technology industry, however, Hikvision’s president has indicated future uncertainties for the company if the situation persists.114

Among the companies we tracked, BGI Group—a key supplier of Covid-19 testing technology—experienced the greatest growth despite being blacklisted by the US. In July 2020, the US Department of Commerce placed two of BGI’s subsidiaries (Xinjiang Silk Road BGI and Beijing Liuhe BGI) on the Entity List.115 However, due to the company’s key role in providing Covid-19 testing equipment, BGI reported a surge in its net profit and share price during 2020.

Other Chinese tech companies on our map that were affected by US sanctions include DJI and Nuctech. The US Department of Defense first issued a ban on the purchase and use of DJI’s commercial drones on 23 May 2018 and later added the company to the export blacklist in December 2020.116 Although DJI continued to expand during 2020, it faced challenges in maintaining its large presence overseas, reportedly having to make sweeping cuts to its global sales and marketing teams.117 Despite its Entity List designation, DJI maintains control of more than 70% of the global drone market, and North America remains its largest market.118

China’s major telecommunications companies—China Telecom, China Unicom and China Mobile—have been targeted by Washington in several capacities (Figure 7). Most recently, in January 2021, the three companies were added to the Pentagon’s CCMC List, which triggered a series of delistings and relistings of the companies by the New York Stock Exchange, eventually resulting in the final delisting of all three.119 The companies were also among 31 Chinese companies included in a November 2020 executive order that designated them as being backed by the People’s Liberation Army.120 Before those designations, the US Federal Communications Commission had already begun taking action against China Telecom and China Unicom in April 2020.121 Despite being added to the lists, all three telecom companies experienced growth during 2020 as they expanded their 5G operations—especially in China.

Figure 7: Chinese telcos’ overseas presence

Note: The Mapping China’s Technology Giants project counts more than 480 points of overseas presence for China’s three major telecommunications operators (China Mobile, China Telecom and China Unicom) combined.

Apart from those tech giants, several major Chinese technology companies on our map have been largely spared US economic countermeasures, specifically Alibaba, Ant Group, Baidu, ByteDance and Tencent. There were, however, disparate attempts by the Trump administration to take action against those companies, which all eventually failed during Trump’s term of office.

In January 2021, for instance, the US Department of State and Department of Defense pushed to add Alibaba, Tencent and Baidu to the CCMC List, which would have banned US investors from holding stock in the three companies.122 Previously, in August 2020, Trump issued two executive orders prohibiting any American company or person from conducting transactions with ByteDance, which is TikTok’s parent company, and Tencent’s WeChat.123 The bans were halted a month later by a US federal judge, citing First Amendment rights.124 In October 2020, the US State Department proposed adding Ant Group to the Entity List, which was seen as a move to discourage US investors from taking part in Ant’s upcoming IPO in Shanghai and Hong Kong. The bid was later put on hold by the Trump administration.125 Any impacts of attempted bans on those companies were neutralised as demand for digital products skyrocketed during the Covid-19 pandemic.

Although the attempts to take action against Alibaba, Ant Group, Baidu, ByteDance and Tencent were unsuccessful, they attracted global attention to the data privacy and security risks associated with using products and applications developed by the Chinese technology giants. Following US attempts, India permanently banned 59 Chinese apps from its domestic market in January 2021, while Germany’s intelligence agencies warned consumers that personal data provided to Chinese technology companies could end up in the possession of the Chinese Government.126 As the US and other countries continue targeting China’s tech giants through various regulatory measures, they’re being pushed to address their reliance on China just as China is seeking to reduce its dependence on the US for critical technologies, particularly semiconductors.

4. Localising supply chains: from a ‘choke point’ to ‘dual circulation’

From the perspective of Beijing’s policymakers, 2020 was a year in which, as Vice Foreign Minister Le Yucheng put it, China experienced a ‘plot reversal’ and ‘turned a crisis into an opportunity’.127 ‘Rather than being a “Chernobyl moment”’ for China, the pandemic became a ‘highlight moment for socialism with Chinese characteristics’, Le told a think-tank forum in December 2020. The triumphalist note came as China’s ability to contain the spread of Covid-19 before other major economies allowed it to rebound faster and end 2020 on a high note as the only major economy to report positive growth, achieving an economic expansion of 2.3%.128

Despite their upbeat tone, China’s leaders also recognised that the combination of the Covid-19 pandemic and the US–China trade war had exposed the country’s fragility in technological innovation. In a speech to scientists in September 2020, Xi Jinping stressed the need for China to ensure secure and stable supply chains and to pursue indigenous innovation: ‘We must give full play to the significant advantages of our country’s socialist system that concentrate power on large undertakings, and successfully fight tough battles for the key core technologies,’ he instructed.129

While the Chinese state’s goal of achieving self-reliance in technology has been a longstanding policy, the combination of the Covid-19 pandemic and the ever-tightening technology blockade imposed by the White House put the issue front and centre for the Chinese leadership. In December 2020, China’s Central Economic Working Conference announced that science and technology work would be the top priority in 2021. The 14th Five-Year Plan, unveiled in March 2021, described technological innovation as a matter of national security, not just economic development, for the first time.130

4.1 Mobilising the tech industry

China’s technology companies are set to play a key role in addressing that fragility as they’re mobilised in what Beijing’s top policy official, Jiang Jinquan, calls a ‘whole country approach’ to reduce reliance on foreign technologies.131 That effort would seek breakthroughs in ‘strategic and fundamental key science and technology projects’ so that the country can overcome ‘choke points’ in its technological progression, Jiang said in his interpretation of an as yet unpublished keynote speech made by Xi to China’s provincial-level leaders in early January 2021. As part of the plan, the country will establish ‘national teams’ to strengthen scientific research and innovation, according to Jiang. The private sector will be encouraged to invest in R&D, and the state will reward companies through ‘state purchase of research results’.

Several of the companies featured on our map, including SenseTime, Huawei, ZTE, Megvii, YITU, CloudWalk, Baidu, Alibaba, Tencent and China’s three major telcos, have already been recruited in a US$2 trillion new infrastructure campaign that the Chinese state introduced in the early days of the pandemic to boost the economy and cushion the impact of the global slowdown. The campaign targets high-tech sectors such as 5G infrastructure, AI, big data centres, the industrial internet, ultra-high-voltage high-speed intercity rail and electric vehicle charging infrastructure.132 The plan is largely a continuation of the Made in China 2025 campaign that was launched in 2015, with some minor cosmetic changes.

Made in China 2025 targeted investments in 10 strategic industries now largely dominated by the US, including aerospace, semiconductors, information technology, robotics, green energy, electric vehicles, agricultural machinery, pharmaceuticals and advanced materials. The campaign attracted sustained criticism from the Trump administration for its attempt to capture market share from China’s foreign technology rivals. The new infrastructure campaign dropped any reference to that plan as well as any explicit requirements that core technology must be sourced domestically. The campaign is funded mainly by the private sector and local governments instead of the national government.133

China’s three national telecom carriers (China Unicom, China Telecom and China Mobile) collectively promised in March 2020 to invest around US$34 billion (Ұ220 billion) to build 5G base stations in China. Tencent said that it would invest US$77 billion (Ұ500 billion) over the following five years in new infrastructure technologies, such as cloud computing, and cybersecurity. Alibaba also pledged US$30 billion (Ұ200 billion) in new infrastructure investments over three years.

4.2 All about the chips

Over the long term, the success of the new infrastructure campaign hinges on China’s access to the world’s most advanced semiconductor chips, which are the basic building blocks for emerging technologies such as 5G, AI and autonomous vehicles, in which Beijing hopes to lead the world. China’s reliance on a globalised value chain to source semiconductor chips is seen by Chinese leaders from Xi Jinping down as a key obstacle to the country’s technological ambitions.

The Trump administration’s assault on China’s ability to source semiconductor chips resulted in a flurry of panic buying. Imports of semiconductors jumped by 33.6% to US$155.6 billion in the first three months of 2021—an increase of 77.6% from 2019.134 Beijing’s attempts at achieving self-sufficiency in semiconductors have been beset by setbacks, and large subsidies for semiconductor projects have failed to produce successes. China’s self-sufficiency ratio for semiconductors is expected to be only 19.4% in 2025.135

In an effort to achieve self-sufficiency, public and private entities in China have facilitated the organisation of several technology-focused alliances. In 2016, Huawei, ZTE, Inspur and the Ministry of Industry and Information Technology were among 27 entities that established China’s High End Chip Alliance, which aims to promote the production of, research into and collaborative innovation on chip technology.136 The National Integrated Circuit Standardisation Technical Committee was later proposed by the China Electronics Standardisation Institute in 2021. Huawei, Tencent and Alibaba are among 90 Chinese tech companies that joined the committee in an effort to strengthen the domestic semiconductor supply chain.137

Huawei’s addition to the US’s Entity List further spurred its efforts to create a domestic supply chain but it also served as a warning to other Chinese tech companies featured on our map, such as ByteDance, Baidu, Alibaba and SenseTime, that now view reliance on US technology as a vulnerability that must be eliminated. ByteDance is exploring the feasibility of developing its own AI chips.138 Baidu has completed one round of financing for its Kunlun AI chip unit and is considering commercialising its chip design capabilities.139 Alibaba has also unveiled an AI chip for its cloud-computing products.140 After being added to the Entity List in 2019, SenseTime began developing its own AI chips.141 Meanwhile, Huawei is reportedly constructing a dedicated chip plant in Shanghai that won’t use American technology.142

4.3 Dual circulation

The Covid-19 pandemic and the growing China–US strategic and technological competition also prompted a major rethink in economic policy for the CCP. A new strategy began to take shape in a series of key speeches and party documents as China emerged from its Covid-19 economic slump in early 2020. In April 2020, in a seminal speech on China’s economic development that was kept under wraps for six months, Xi Jinping said that the impact of the pandemic had exposed hidden risks in China’s industrial and supply chains and that the country ‘must strive to have at least one alternative source for key products and supply channels, to create a necessary industrial backup system’.143

Referred to as a need to speed up China’s ‘dual circulation’ growth model, the new economic strategybecame the focus of the 14th Five-Year Plan adopted on 11 March 2021, which charts a course for China’s economy from 2021 to 2025.144 It envisages a future in which Beijing steadily weans itself off high-end imports from industrialised nations while using the ‘powerful gravitational field’ of its economy to make other nations heavily reliant on China for high-tech supplies and as a market for raw materials. As Xi said in his April 2020 speech:

We must sustain and enhance our superiority across the entire production chain … and we must tighten international production chains’ dependence on China, forming a powerful countermeasure and deterrent capability against foreigners who would artificially cut off supply [to China].

By pursuing a strategy of ‘dual circulation’, Beijing hopes to build fully domestic supply chains while binding foreign companies to the Chinese market even more strongly. Over the long term, the aim is for a stronger China able to withstand economic coercion, but also for China to be in a stronger position to inflict coercion on other countries. The CCP’s use of economic coercion against countries such as Australia and companies such as Swedish retailer H&M foreshadow how the Chinese state is likely to use its enhanced power if its ‘dual circulation’ strategy is successful.

5. Reining in the tech giants: tougher regulation at home

China’s regulatory agencies have treated the country’s tech giants with a light touch for most of the companies’ history, favouring their pursuit of technological dominance and economic prosperity over the need for regulating their growing monopoly power.

In October 2020, the scales tipped in the opposite direction after Jack Ma, the co-founder of Alibaba and its fintech affiliate, Ant Group, made a public speech in Shanghai in which he levelled a scathing critique of financial regulators and implicitly rejected Xi Jinping’s signature campaign to combat financial risks.145 The speech reportedly infuriated the leadership in Beijing and prompted Xi to personally call off Ant Group’s impending US$34 billion IPO and order regulators to investigate risks posed by Ma’s business.146

Regulators cited the systemic financial risks posed by Ant Group as the reason for the company to reorganise itself as a financial institution, subject to oversight by the country’s central bank, the People’s Bank of China. Escalating geopolitical tensions with the US and the ensuing US–China trade war contributed to the regulator’s efforts to rein in Ant Group, as Beijing sought to head off risks in the banking system amid concerns that the stand-off with Washington could precipitate a financial crisis.

Ma’s speech served as a tipping point for agencies, such as China’s antitrust authority, the State Administration for Market Regulation (SAMR), that have now become much more assertive with their agenda to draw clear lines between tech companies and financial services companies—lines that Jack Ma was intending to further blur. As Ma removed himself from public view, the campaign widened out to other companies in late April 2020, when the People’s Bank of China and four other regulatory agencies told 13 firms, including Tencent and ByteDance, that their apps should no longer provide financial services beyond payments.147

Ma’s speech may have been a catalyst for some regulatory agencies, but the groundwork for action had been put in place much earlier. In January 2020, the SAMR proposed the first major revisions to the country’s 2008 antimonopoly law in over a decade, including provisions for large internet platforms.148 The regulatory push has been spearheaded by Vice Premier Liu He, who is Xi Jinping’s top economic adviser.149 The principles underlying the campaign—‘tackling monopolies’ and ‘preventing disordered capital expansion’—emerged during several high-level government meetings, including the Fifth Plenary Session of the 19th CCP Central Committee in October 2020 and the Central Economic Working Conference at the end of the year.150

Beijing’s effort to tame the outsized power of China’s internet companies has continued to widen. A week after Ant Group’s IPO was scuttled, the SAMR published draft rules to curb monopolistic behaviour in the country’s tech sector, immediately wiping US$280 billion from the market capitalisation of the internet giants Tencent, Xiaomi, Meituan and JD.com.151 In April 2021, Alibaba Group was hit with a record US$2.81 billion antimonopoly fine, which was equivalent to around 4% of the group’s 2019 revenue. An investigation into Tencent is currently underway, and some reports suggest that it, too, may be hit with a fine of at least US$1.54 billion (Ұ10 billion).152

The SAMR went on to summon 34 technology companies and warn them to ‘heed the warning’ provided by Alibaba’s case. The companies, which included Baidu, Tencent and ByteDance, were given one month to undergo ‘complete rectification’ to ensure that they weren’t in breach of anti-monopoly laws. In a statement, the monopolies regulator stressed that the companies must ensure that they’re not doing anything that ‘harms the interests of operators and consumers’ and that they should give ‘priority to national interests’.153 Between December 2020 and April 2021, the regulator fined 11 companies, including Tencent, Baidu, Alibaba and ByteDance, for failing to disclose past acquisitions and investments.154 As the government continues to clamp down on this sector, investors have grown nervous, leading to a plunge in the combined market capitalisation of 10 leading technology companies by over US$800 billion from its peak in February 2021.155

Beijing’s campaign, which is set to continue throughout 2021, comes at the same time as efforts in the West to rein in companies such as Facebook and Google have gained momentum. The efforts share some similar worries: regulators in the US, Europe and China all cite concerns that the technology giants have built market power that stifles competition, misuses consumer data and violates consumer rights. But, for China’s regulators, the need to discipline their country’s tech companies goes beyond those concerns to a broader sense that the companies’ interests aren’t sufficiently lined up with the CCP’s industrial policy or its goal of achieving technological self-sufficiency.

An editorial in the People’s Daily in December 2020 urged the country’s internet giants to focus on innovation instead of the ‘community group-buying’ market.156 ‘Internet giants with access to big data and advanced computing should have a greater responsibility, greater pursuits, and a greater role in scientific and technological innovation,’ the CCP mouthpiece wrote. The CCP has now moved on from merely chiding the tech companies to enforcing their adherence to its strategic goals. In January 2021, the head of the SAMR emphasised that one of his priorities for 2021 was to ‘promote the coordination of industrial policy and competition policy’.157

6. Conclusion

The Covid-19 pandemic may have been a short-term boon to many of China’s technology giants, but, for the CCP, the pandemic and the US–China trade war were a stark reminder of the country’s fragility in technological innovation. While the Chinese state’s goal of achieving self-reliance in technology has been a longstanding policy, the combination of the Covid-19 pandemic and the ever-tightening technology blockade imposed by the White House elevated the issue to a higher level of importance than ever before.

The onslaught of sanctions and other related measures from the US helped to further align the interests of China’s tech giants with the CCP’s goal of achieving technological self-sufficiency. A newly launched rectification campaign in the technology sector is designed to ensure that this alignment continues. The campaign, which looks set to continue throughout 2021 and beyond, is already bearing fruit as major internet companies warn investors that they’re preparing to funnel capital into areas that the Chinese state has identified as priorities, such as cloud computing, autonomous vehicles and AI.158

Already, a string of high-level resignations have taken place in various Chinese technology companies, including Ant Group, Pinduoduo and ByteDance, as the government seeks to weaken the central authority of all the leaders of the major technology companies.159 The Chinese state is embarking on a fundamental restructuring of the technology industry and the private sector more broadly so that, as CCP guidelines released in September 2020 put it, ‘ideological guidance’ is strengthened to ‘create a core group of private sector leaders who can be relied upon during critical times’.160

The Chinese state is more determined than ever to rein in China’s technology giants and push them, and the country, towards technological self-sufficiency.

Appendix 1: Timeline of US entity listings and other measures

For Appendix table, please download the full report.


Acknowledgements

Thank you to Danielle Cave and Cheryl Yu for all of their work on this project. We would like to also thank our external peer reviewers Lindsay Gorman, Kara Frederick and Chris Crowley. We’re also grateful for the valuable comments and assistance provided by Peter Mattis, Tom Uren, Michael Shoebridge and Fergus Hanson.

This research report forms part of Mapping China’s Technology Giants, which is a multi-year project mapping and analysing the overseas expansion of key Chinese technology companies. The project seeks to:

  • analyse the global expansion of a key sample of China’s tech giants by mapping their major points of overseas presence
  • provide the public with analysis of the governance structures and party-state politics in which these companies have emerged, and are deeply entwined.

The Mapping China’s Technology Giants project is produced by researchers at ASPI’s International Cyber Policy Centre. The relaunch of this project, and associated research, was funded with a US$270,000 grant from the US State Department

What is ASPI?

The Australian Strategic Policy Institute was formed in 2001 as an independent, non‑partisan think tank. Its core aim is to provide the Australian Government with fresh ideas on Australia’s defence, security and strategic policy choices. ASPI is responsible for informing the public on a range of strategic issues, generating new thinking for government and harnessing strategic thinking internationally. ASPI’s sources of funding are identified in our annual report, online at www.aspi.org.au and in the acknowledgements section of individual publications. ASPI remains independent in the content of the research and in all editorial judgements.

ASPI International Cyber Policy Centre

ASPI’s International Cyber Policy Centre (ICPC) is a leading voice in global debates on cyber, emerging and critical technologies, issues related to information and foreign interference and focuses on the impact these issues have on broader strategic policy. The centre has a growing mixture of expertise and skills with teams of researchers who concentrate on policy, technical analysis, information operations and disinformation, critical and emerging technologies, cyber capacity building, satellite analysis, surveillance and China-related issues.

The ICPC informs public debate in the Indo-Pacific region and supports public policy development by producing original, empirical, data-driven research. The ICPC enriches regional debates by collaborating with research institutes from around the world and by bringing leading global experts to Australia, including through fellowships. To develop capability in Australia and across the Indo-Pacific region, the ICPC has a capacity building team that conducts workshops, training programs and large-scale exercises for the public and private sectors.

We would like to thank all of those who support and contribute to the ICPC with their time, intellect and passion for the topics we work on. 

If you would like to support the work of the centre please contact: icpc@aspi.org.au

Important disclaimer

This publication is designed to provide accurate and authoritative information in relation to the subject matter covered. It is provided with the understanding that the publisher is not engaged in rendering any form of professional or other advice or services. No person should rely on the contents of this publication without first obtaining advice from a qualified professional.

© The Australian Strategic Policy Institute Limited 2021

This publication is subject to copyright. Except as permitted under the Copyright Act 1968, no part of it may in any form or by any means (electronic, mechanical, microcopying, photocopying, recording or otherwise) be reproduced, stored in a retrieval system or transmitted without prior written permission. Enquiries should be addressed to the publishers. Notwithstanding the above, educational institutions (including schools, independent colleges, universities and TAFEs) are granted permission to make copies of copyrighted works strictly for educational purposes without explicit permission from ASPI and free of charge.

First published June 2021.
ISSN 2209-9689 (online),
ISSN 2209-9670 (print).

Cover image: ASPI ICPC, Nathan Attrill

Funding Statement: Funding for this report was provided by the US State Department.

  1. Humeyra Pamuk, Alexandra Alper, Idrees Ali, ‘Trump bans US investments in companies linked to Chinese military’, Reuters, 12 November 2020, online. ↩︎
  2. ‘FCC designates Huawei and ZTE as national security threats’, news release, US Federal Communications Commission, 30 June 2020, online. ↩︎
  3. David E Sanger, Julian E Barnes, Raymond Zhong, Marc Santora, ‘In 5G race with China, US pushes allies to fight Huawei’, New York Times, 26 January 2019, online. ↩︎
  4. Jeanne Whalen, Ellen Nakashima, ‘US bans technology exports to Chinese semiconductor and drone companies, calling them security threats’, Washington Post, 18 December 2020, online. ↩︎
  5. James McBride, Andrew Chatzky, Is ‘Made in China 2025’ a threat to global trade?, Council on Foreign Relations, 13 May 2019, online. ↩︎
  6. Adam Segal, ‘Seizing core technologies: China responds to US technology competition’, China Leadership Monitor, 1 June 2019, online. ↩︎
  7. Nigel Inkster, Xi steers China towards economic and technological self-reliance, International Institute for Strategic Studies, 11 November 2020, online. ↩︎
  8. ‘习近平:在科学家座谈会上的讲话’ [Xi Jinping: Speech at the Symposium of Scientists], Xinhua, 11 September 2020, online.. ↩︎
  9. ‘中华人民共和国国民经济和社会发展第十四个五年规划和2035年远景目标纲要’ [The 14th Five-Year Plan for National Economic and Social Development of the People’s Republic of China and the outline of the long-term goals for 2035], Xinhua, 12 March 2021, online. ↩︎
  10. ‘江金权:把握构建国内大循环的着力点 ——学习习近平总书记在省部级专题研讨班上重要讲话精神的体会’ [Grasp the focus of constructing the domestic circulation—Learning the spirit of General Secretary Xi Jinping’s important speech at provincial and ministerial seminars], Study Times, 25 January 2021, online. ↩︎
  11. ‘China ramps up tech commitment in 5-year plan, eyes 7% boost in R&D spend’, Reuters, 5 March 2021, online. ↩︎
  12. Liza Lin, ‘China’s trillion-dollar campaign fuels a tech race with the US’, Wall Street Journal, 11 June 2020, online. ↩︎
  13. Rui Ma, ‘Old Extra Buzz post from Dec. 2020: Internet platforms: antitrust regulations are here’, Tech Buzz China, 11 December 2020, online. ↩︎
  14. ‘Playing by the rules’, Week in China, 16 April 2021, online. ↩︎
  15. Jing Yang, Serena Ng, ‘Ant’s record IPO suspended in Shanghai and Hong Kong stock exchanges’, Wall Street Journal, 3 November 2020, online. ↩︎
  16. Raymond Zhong, ‘China fines Alibaba $2.8 billion in landmark antitrust case’, New York Times, 9 April 2021, online. ↩︎
  17. Yuan Yang, Ryan McMorrow, Miles Kruppa, ‘ByteDance staff and investors shocked as founder steps back’, Financial Times, 22 May 2021, online. ↩︎
  18. ‘Xi focus: Xi chairs leadership meeting on economic work for 2021’, Xinhua, 11 December 2020, online. ↩︎