China's National Intelligence Law is the legal basis for most US concerns about Chinese networking equipment. Here's exactly what it says, who it applies to, and why security agencies consider it a structural risk.
China's National Intelligence Law (中华人民共和国国家情报法), enacted June 27, 2017, requires all Chinese organizations and citizens to support, assist, and cooperate with national intelligence work. Article 7 states: "Any organization or citizen shall support, assist, and cooperate with state intelligence work in accordance with law." Article 14 gives intelligence agencies the authority to demand this cooperation.
The law applies to all entities incorporated in China, including subsidiaries of foreign companies operating in China, and to Chinese citizens worldwide. It extends to Hong Kong under Article 23 of Hong Kong's national security law. It applies regardless of where the company's products are sold or used.
The law provides no opt-out mechanism. Companies cannot refuse intelligence requests from the Chinese government. Unlike in the US, where tech companies can and do challenge government data requests in court and publish transparency reports, Chinese law does not allow this. There is also a secrecy obligation - companies must not disclose intelligence requests or cooperation to the public.
A Chinese-owned router company is legally prohibited from refusing a request to insert a backdoor, modify firmware, or provide access to traffic data. The structural risk is that no matter what the company's public security claims are, they cannot credibly promise they have not or will not cooperate with Chinese intelligence, because disclosing this is itself illegal under Chinese law.
The Volt Typhoon investigation found TP-Link routers used as attack infrastructure in Chinese state-sponsored campaigns. US agencies (FBI, NSA, CISA) documented this in a 2023 joint advisory. Whether the routers were compromised through firmware backdoors, CVE exploitation, or other means has not been fully disclosed publicly, but the operational result was the same: TP-Link routers were deployed as nodes in a Chinese state intelligence network.
Yes. TP-Link Technologies Co., Ltd. is incorporated in Shenzhen, China. It is fully subject to China's National Intelligence Law and legally required to cooperate with Chinese intelligence requests. The law also prohibits TP-Link from publicly disclosing any such requests or cooperation.
Yes. China's national security law extended Chinese national security provisions to Hong Kong in 2020. GL.iNet, incorporated in Hong Kong with operations in mainland China, is subject to these laws.
Huawei's public denials are legally irrelevant under the National Intelligence Law. The company cannot credibly claim it has not cooperated with Chinese intelligence, because if it had, Chinese law requires that cooperation to remain secret. The structural risk exists regardless of Huawei's public statements.
No. Taiwan has its own legal system, entirely separate from the People's Republic of China. Taiwanese companies (Asus, D-Link, Synology) are not subject to China's National Intelligence Law. This is a fundamental difference between Taiwan-headquartered and China-headquartered brands.
The US has placed Huawei on the Entity List (banning US technology exports to them), established the FCC Covered List, blocked new Chinese-brand FCC authorizations, and is investigating TP-Link under the DOJ and FCC. Congress is actively working on legislation that would expand restrictions on Chinese networking equipment.
CHECK YOUR ROUTER
Enter your model to get a full security report - FCC status, CVEs, grade, and your action plan.
Check a Router → Top 10 Safe Routers