China bans, suspends top cybersecurity firms from military bids

China’s military procurement system suspended or barred more than a dozen cybersecurity firms since 2024 after at least 21 procurement-related enforcement actions from 2021–2026, Natto Thoughts found.

Research from Natto Thoughts shows China’s military procurement system suspended or permanently barred more than a dozen leading cybersecurity vendors since 2024. The group identified at least 21 enforcement actions dated 2021–2026 linked to contract-bidding misconduct rather than product or technical failures. Its review used public notices from the military procurement network cross-referenced with corporate disclosures and Chinese-language reporting.

The penalties follow a three-tier enforcement framework used by the People’s Liberation Army: a confidential warning list for early concerns, a suspension list for confirmed but limited violations, and a public blacklist for serious offenses. Public blacklists can carry lifetime bans and extend to affiliated companies and individual executives.

Two high-profile cases detailed in the research involve Beijing TopSec Network Security, an indirect subsidiary of TopSec Technologies Group, and Venustech Group. TopSec faced a suspension from specific services in 2024 tied to alleged collusive bidding on an Army contract; the suspension expanded to cover all military branches and, after a two-year probe, resulted in a lifetime ban on military procurement in January 2026. Venustech’s subsidiary, Beijing Venustech Information Security Technology, was suspended from a regional military command in August 2024 and from all military bidding in February 2025. In April 2026 authorities extended sanctions to the parent company; that action remains a suspension rather than a permanent ban.

Other companies named in the review include Legendsec, a Qi An Xin subsidiary; digital-certificate provider BJCA; Kylinsec; Westone (CETC Cyber Security); and Huaru Technologies. Several of the affected firms are publicly traded or hold classified-system and defense-related qualifications.

Eugenio Benincasa, a China-focused cybersecurity researcher at ETH Zurich and author of the Natto report, noted that TopSec and Venustech helped build China’s firewall market and that Qi An Xin has developed a position in threat intelligence. He added that none of the firms have been publicly tied to operating offensive hacking groups but that many have long-standing links to the PLA and other security services through training, service provision and investments.

The Natto report links the rise in enforcement to procurement oversight changes that began in 2024, including new rules on competitive bidding for military equipment and a growing enforcement role for China’s Cyberspace Force; the report attributes the Cyberspace Force to involvement in six of the reviewed cases. The researchers also cite commercial pressures on vendors. Venustech’s early-2025 financial outlook referenced softer security budgets and a market shift toward AI- and data-driven services.

Regulatory notices and company filings show a range of penalties from private warnings to temporary suspensions and permanent procurement bans. The notices indicate that sanctions can affect primary contractors as well as affiliated entities and individual executives, and that enforcement activity increased notably from 2024 onward.

Articles by this author

No related articles found.