Beijing orders firms to phase out U.S. and Israeli cybersecurity tools

Chinese authorities have instructed domestic companies to identify and phase out cybersecurity products from roughly a dozen U.S. and Israeli vendors, citing national security concerns that the software could collect confidential information and transmit it abroad. The notice was circulated in recent days, according to people briefed on the matter, although officials have not publicly detailed which firms or product classes are covered.

Officials from the Cyberspace Administration of China and the Ministry of Industry and Information Technology did not respond to requests for comment. People familiar with the directive said the guidance named a core group of suppliers and a broader roster attributed to a separate source, but the authorities did not specify how many Chinese companies received the instruction or the timetable for removal.

A core list of companies identified in reporting includes Broadcom-owned VMware, Palo Alto Networks and Fortinet from the United States, and Check Point Software Technologies of Israel. An extended roster named additional U.S. cybersecurity and related vendors: Mandiant, Wiz, CrowdStrike, SentinelOne, Recorded Future, McAfee, Claroty and Rapid7. Some vendors did not reply to queries about the notice and whether their products are affected.

Markets reacted quickly to the news. In premarket trading, shares of Broadcom and Palo Alto Networks were down more than 1 percent, while Fortinet fell nearly 3 percent, reflecting investor concern about potential revenue impacts from lost business in China. Analysts said the immediate market moves likely reflect uncertainty about how broadly Beijing will enforce the directive and which enterprise customers will comply.

The action fits into a broader Chinese push to reduce dependence on Western hardware and software and to accelerate adoption of domestic alternatives. State-backed and private Chinese firms such as 360 Security Technology and Neusoft are widely identified as local suppliers that Beijing could promote to replace foreign products. For Chinese enterprises, shifting complex security stacks presents operational and cost challenges, especially where vendors provide cloud, endpoint and threat intelligence services deeply embedded in networks.

Observers say the move also comes against the backdrop of intensifying U.S.-China technology and trade tensions. Washington has tightened export controls on advanced AI chips and other technologies, and Chinese authorities have responded with their own controls and trade measures in recent months. The directive arrives as planning continues for a planned April visit to Beijing by U.S. President Donald Trump, potentially adding diplomatic urgency to sensitive tech negotiations.

Key uncertainties remain. It is not clear which classes of products are targeted, whether the notice applies to legacy on-premises software, cloud services or threat intelligence feeds, or what grace period companies will be given to replace affected tools. Enforcement mechanisms and legal authority behind the directive were not described by sources.

The practical consequences for corporate security are immediate: enterprises will need to inventory affected products, evaluate domestic alternatives and manage migration risks without creating coverage gaps. For vendors on the list, the directive could mean lost contracts and reputational challenges in a major market. For global cybersecurity, the episode underscores the accelerating fragmentation of technology supply chains and the tension between national security measures and interoperable, resilient defenses.