China says Micron's products fail security review, bars some purchases

China says Micron's products fail security review, bars some purchases

Technology

China says Micron's products fail security review, bars some purchases

BEIJING (Reuters) - China's cyberspace regulator said on Sunday that products made by U.S. memory chip manufacturer Micron Technology (MU.O) had failed its network security review and that it would bar operators of key infrastructure from procuring from the firm.

"The review found that Micron's products have serious network security risks, which pose significant security risks to China's critical information infrastructure supply chain, affecting China's national security," the Cyberspace Administration of China (CAC) said in a statement.

Operators of critical information infrastructure will be required to stop procuring from Micron, the CAC added. According to China's broad definition of critical information infrastructure, this could include sectors ranging from transport to finance.

Micron did not immediately respond to a request for comment. China announced its review of Micron's products in late March and the company said at the time it was cooperating with the review and that its business operations in the country were normal.

The review and decision on Micron comes amid a spat over chip technology between Washington and Beijing, during which the U.S. has imposed a series of export controls on chipmaking technology to China and blacklisted Chinese firms, including Micron rival Yangtze Memory Technologies Co Ltd.

The CAC did not detail what risks it had found nor what Micron products this would impact.

Micron derives around 10% of its revenue from China, but it is not clear if the decision affects the company's sales to non-Chinese customers in the country.

The larger chunk of the company's products flowing into China are being purchased by non-Chinese firms for use in products manufactured in the country, according to analysts.

China in September 2021 imposed rules aimed at protecting critical information infrastructure, which require their operators to comply with stricter requirements around areas such as data security.

Beijing has broadly defined the industries it considers "critical" as ones such as public communication and transport but it has not specified exactly what type of company or business scope this will be applied to.