/i.s3.glbimg.com/v1/AUTH_da025474c0c44edd99332dddb09cabe8/internal_photos/bs/2023/1/X/nkkB7tSdirnIUbGhakCQ/favicon-o-globo.png){kind=small}
Overview
- The instruction is detailed in a government directive dated Dec. 19, 2025, reported by outlets that reviewed the document.
- Organizations are told to identify designated foreign security products in use and switch to domestic alternatives in the first half of 2026.
- Named vendors include Palo Alto Networks, Fortinet, VMware (Broadcom), Check Point, CrowdStrike, SentinelOne, Rapid7, McAfee, Recorded Future, Claroty, Imperva, CyberArk, Cato Networks, Wiz, and Orca Security.
- The directive alleges risks of sensitive data being sent abroad and claims links to intelligence agencies, while offering no public evidence and drawing no official comment from Chinese regulators.
- Several companies said they have limited or no business in China or had not been notified, and reporting notes that enforcement details and the practical scope remain unclear within a broader push to replace Western tech.