China Seals Its Digital Borders, New Cyber Law Squeezes US and Israeli Security Firms

New Delhi — China has significantly tightened its digital borders, effectively forcing major American and Israeli cybersecurity companies out of its core technology ecosystem. The revised Cybersecurity Law (CSL), effective January 1, 2026, imposes stringent regulatory requirements, turning non-compliance into high-risk legal and financial liabilities for Chinese firms using foreign software.

The law directly affects major US firms including VMware (Broadcom), Fortinet, CrowdStrike, SentinelOne, Mandiant, Palo Alto Networks, and Rapid7, as well as Israel’s Check Point Software Technologies. Chinese enterprises have been instructed to stop using foreign cybersecurity tools that fail to meet the government’s updated approval standards.

Legal Framework to Push Out Foreign Technology

The amended CSL represents Beijing’s toughest regulatory stance against foreign digital products. Penalties have been increased, and prior warning requirements removed. Using unapproved foreign software is now considered a serious legal exposure rather than a technical choice. Analysts note the law is designed to systematically replace foreign cybersecurity tools with domestic alternatives under China’s “Made in China” strategy.

Mandatory Government Certification

Article 23 requires every cybersecurity product to undergo a rigorous government security review. Products that fail to obtain certification are effectively barred from the market, putting foreign vendors at a structural disadvantage due to opaque review processes.

Heavy Fines and Compliance Pressure

Companies that continue using uncertified tools risk fines of up to 10 million yuan (~$1.4 million) under Article 62. This has made foreign software commercially untenable for many Chinese firms, accelerating the shift toward domestic solutions.

Global Impact and Digital Sovereignty

The revised law expands China’s concept of digital sovereignty. Article 35 mandates national security assessments for all critical information infrastructure (CIIOs), covering energy, telecom, finance, and transportation. Article 37 enforces strict data localisation, requiring all data generated in China to remain within the country—a major challenge for firms like CrowdStrike and SentinelOne that rely on global threat intelligence.

Extraterritorial Reach

The CSL now allows China to penalize foreign companies or individuals outside its borders if their actions are deemed a threat to Chinese cybersecurity. Authorities can freeze assets even without a physical presence in China.

Clear Signal to the West

Taken together, these amendments send an unmistakable message: China aims to decouple its digital ecosystem from Western technology. Market access in the digital sector will now hinge almost entirely on state security priorities.