China fails Micron’s products in security review, bars some purchases

BEIJING (Reuters) -China’s cyberspace regulator said on Sunday that products made by U.S. memory chip manufacturer Micron Technology (NASDAQ:) had failed its network security review and that it would bar operators of key infrastructure from procuring from the firm.

According to China’s broad definition of critical information infrastructure, this could include sectors ranging from transport to finance.

“The review found that Micron’s products have serious network security risks, which pose significant security risks to China’s critical information infrastructure supply chain, affecting China’s national security,” the Cyberspace Administration of China () said in a statement.

Micron said it had received the CAC’s notice of conclusion of its review of the company’s products sold in China, and “look forward to continuing to engage in discussions with Chinese authorities”.

The CAC neither provided details on what risks it had found nor what Micron products would be affected.

China announced its review of Micron’s products in late March. The company said at the time it was cooperating and that its business operations in China were normal.

The governments of the United States and China are in a dispute about chip technology. Washington has imposed a series of export controls on chipmaking technology to China and moved to prevent Micron rival Yangtze Memory Technologies from buying certain American components.

Micron derives around 10% of its revenue from China, but it is not clear if the decision affects the company’s sales to non-Chinese customers in the country.

The larger chunk of Micron’s products flowing into China are being purchased by non-Chinese firms for use in products manufactured there, according to analysts.

China in September 2021 imposed rules aimed at protecting critical information infrastructure, which require their operators to comply with stricter requirements around areas such as data security.

Beijing has broadly defined the industries it considers “critical” as ones such as public communication and transport but it has not specified exactly what type of company or business scope this will be applied to.