- With Sino-American trade tensions escalating, China's cybersecurity standards could be used as an "invisible tool" for retaliating against Washington's tariffs, according to one expert.
- Such standards are government-issued operational guidelines that are technically voluntary, but are oftentimes treated as mandatory by foreign firms' Chinese business partners.
- If Asia's largest economy were to weaponize the listing of standardized practices to hit American companies, the cost would be difficult to quantify, but the move's effects on foreign firms could outlive current tensions, according a report from a Washington-based think tank.
With Sino-American trade tensions escalating, China's cybersecurity standards could be used as an "invisible tool" of retaliation against Washington's tariffs, according to one expert.
Those so-called standards are government-issued guidelines about things like firewalls and software that are technically voluntary, but are oftentimes treated as mandatory by foreign firms' Chinese business partners. Over the past several years, Beijing has issued close to 300 new national standards, Washington-based think tank the Center for Strategic and International Studies said in a report earlier this month.
Those additions are contributing to China becoming an increasingly difficult market for some firms, the report said, explaining that the new standards could potentially hit foreign-owned firms with unforeseen costs and delays for operating in China — or they could even lead to companies shutting down their Chinese businesses.
Now, there's some concern that Beijing would use its standards regime to retaliate against the U.S. as the countries exchange salvos in their trade war.
And, if Asia's largest economy were to weaponize tech guidelines to hit American companies, the cost would be difficult to quantify, but the effects on foreign firms could long outlive current tensions, according to the report.
That is, cybersecurity standards, unlike tariffs, are less likely to be softened by Beijing when the trade war is eventually brought to a close. That's in part due to Chinese President Xi Jinping's ongoing drive to increase his country's cyber power: Although the new standards could be spurred by the trade spat, "this is much bigger than the dynamic with the U.S." Samm Sacks, CSIS senior fellow and one of the authors of the think tank's report, told CNBC.
CSIS's warning about the "unwritten" rules came as China responded to American tariffs by announcing a 25 percent charge on $16 billion worth of U.S. goods — Beijing's latest move in an escalating battle between the world's two largest economies.
The Chinese have been strategic and coordinated in their responses to the U.S. so far, Sacks said, so it is likely that Beijing will seek to counter American tariffs through an "invisible tool" like its cybersecurity standards.
Chinese standards are officially deemed "recommended," but "in practice many may often be required to do business in China," the report said. That's the case when they're listed as requirements for dealings with governments or state-owned enterprises, and private firms oftentimes expect business partners to have standards-associated certifications. On top of that, according to the report, standards can become legal requirements when regulations cite them.
Stephen Ezell, vice president of global innovation policy at tech-focused think tank the Information Technology and Innovation Foundation, said it was possible that China could use its tech rules as a trade war weapon. He expressed his hope, however, that Beijing would ultimately use the current spat as an opportunity to open up rather than "cheat again" with domestic practices he deemed unfair.
Analysts argue that Chinese security standards currently go beyond just preventing cyber attacks by also serving the purpose of protecting domestic firms from foreign competition.
While some digital standards have been implemented by the Chinese government to meet genuine cybersecurity goals, others have been created to meet "Made in China 2025" goals, Sacks said, referring to China's massive initiative to build up its expertise in advanced manufacturing sectors like robotics and clean-energy vehicles.
Sacks added that cybersecurity standards use intentionally vague language around verification and testing. That, along with their status as recommendations as opposed to laws, gives the government broad discretion in assessing foreign firms, she said.
The could be a wide-ranging impact on the corporate world if China decides to use its cybersecurity standards to hurt American firms, according to Sacks.
"Many think that the cybersecurity regulations will only affect tech firms or social media firms. But the effect is widespread," she said. "These regulations could affect all sectors reliant on (information and communications technology), so that includes firms that use websites or corporate (virtual private networks) to operate. This could affect shoe companies, retail, e-commerce, manufacturing."
—CNBC's Fred Imbert and Reuters contributed to this report.