The Czech Republic’s National Cyber and Information Security Agency (NUKIB) has issued a stark warning to organizations managing critical infrastructure, urging them to avoid using Chinese-made technology or storing data on servers located in China. According to NUKIB, such practices represent a high-level cybersecurity threat that could compromise the country’s national security, critical operations, and sensitive data.
The agency has raised its risk assessment of potential Chinese cyber disruptions to “High”, signaling a strong probability of hostile activities targeting Czech systems. NUKIB emphasized that modern critical infrastructure relies heavily on cloud storage, remote connectivity, and continuous updates, making trust in technology providers essential. Without reliable vendors, attackers could potentially exploit vulnerabilities to disrupt operations or exfiltrate critical data.
This warning is not purely theoretical. NUKIB highlighted confirmed cases of malicious cyber campaigns by Chinese threat actors, including an APT31 operation targeting the Czech Ministry of Foreign Affairs. The agency noted that under Chinese law, private cloud service providers are required to make stored data accessible to the Chinese government, creating an inherent risk of unauthorized access to sensitive information.
The advisory extends beyond traditional infrastructure. NUKIB also flagged consumer-grade devices produced by Chinese firms—including smartphones, IP cameras, electric vehicles, medical devices, photovoltaic converters, and large language models—as potential channels for data transfer to Chinese-controlled systems. While these devices may appear harmless, they pose significant risks if integrated into environments handling critical or sensitive operations.
Entities falling under the Czech Cybersecurity Act—such as energy providers, transport systems, healthcare institutions, financial services, and public administration—must now integrate these warnings into their risk analyses. Although the directive does not impose an outright ban on using Chinese technology, it obliges critical infrastructure operators to adopt adequate risk-mitigation measures, including stricter supplier vetting, enhanced monitoring, and implementing data protection controls.
For the general public, NUKIB’s recommendation is advisory rather than binding, but the agency encourages citizens to carefully assess the security risks of Chinese-manufactured products before adopting them. The broader message is clear: the reliability of technology providers directly impacts national resilience, and dependency on suppliers that could be influenced by foreign governments poses a serious long-term security challenge.
Conclusion
NUKIB’s directive represents a growing trend among European nations to reevaluate the security risks of foreign technology vendors, particularly in strategic sectors. While not an outright ban, the Czech Republic’s stance reflects rising concerns over China’s influence on global tech infrastructure. Organizations and individuals alike are urged to exercise caution, as safeguarding data integrity and operational stability depends on trusted partnerships and proactive cybersecurity measures.
