Hong Kong’s Shift to Domestic Technology
Hong Kong’s technology infrastructure is undergoing a major transformation as local government and businesses replace Western products with domestic alternatives, driven by closer integration with mainland China and rising geopolitical risks, according to tech experts. This shift has sparked discussions about the future of Hong Kong’s digital landscape and its implications for cybersecurity, supply chain resilience, and international relations.
US tech giants like Microsoft have long “served as the bedrock of Hong Kong’s digital landscape,” but that dominance is now being actively contested, particularly in the government sector, according to Francis Fong Po-kiu, honorary president of the Hong Kong Information Technology Federation.
In a sign of this shift, the Hong Kong Police Force is replacing Microsoft SharePoint – a cloud-based platform used by organizations to build intranets and manage documents – with mainland China’s Seeyon software in one division, according to Stony Shi, Seeyon’s head of business for the Asia-Pacific region. Another department made the same switch in 2024, Shi added.
This move reflects broader concerns over the reliability of Western technology in an increasingly unpredictable global environment. The sweeping tech migration is fueled by fears over tightening US technology export curbs targeting both mainland China and Hong Kong. In an era of unpredictable US export controls and sanctions, the Hong Kong government views over-reliance on Western “black box” technology as a strategic liability that could be deactivated or restricted at any time, Fong said.
Impact of US Export Controls
Hong Kong used to be able to import hi-tech products from the US, including defense equipment and dual-use technologies, but the previous administration under US President Donald Trump removed that privilege for Hong Kong in 2020 after Beijing passed a national security law for the city. The Hong Kong Observatory said in 2020 that it expected scrutiny and red tape when purchasing US supercomputers.
Pressure is also mounting beyond government offices. Hong Kong companies designated as “critical infrastructure operators” by the city’s new cybersecurity bill, passed last year, are the front runners for adopting mainland tech solutions. Two Hong Kong utility providers – its railway operator MTR Corporation and electricity provider CLP Power – are under pressure to move away from US technology, ranging from semiconductors and routers to operating systems, according to a person familiar with the matter who declined to be named.
A CLP Power spokesperson declined to comment on critical infrastructure firms switching to domestic technology but said the company adopts “a diversified sourcing approach, including sourcing from the mainland, to help strengthen supply chain resilience.” MTR Corp did not respond to a request for comment.
The Office of the Commissioner of Critical Infrastructure (Computer-system Security) said in an emailed statement that it could not disclose whether any particular organization was designated as a critical infrastructure operator. The office noted that while Hong Kong’s new law did not place explicit restrictions on hardware choices, it had issued a generic code of practice to provide guidance on cybersecurity in January.
Xinchuang Initiative and Greater Bay Area Integration
The code stipulates that “depending on the level of assessed supply chain risk and geopolitical risk,” critical infrastructure operators should adopt components from diverse sources to “better manage risks arising from potential export controls.”
While Hong Kong has not established an official policy mandating a technology swap, the regional shift mirrors a Beijing-backed initiative known as Xinchuang. Launched on the mainland with the formation of the Information Technology Application Innovation Working Committee in 2016, also known as the Xinchuang Committee, the program is tasked with deploying domestic technology across the public sector.
Even without a formal legislative mandate in Hong Kong, local lawmakers suggested as early as 2022 that the government should follow the mainland’s Xinchuang practice to better safeguard systems and data, according to the Legislative Council’s published meeting minutes.
Increasing integration in the Greater Bay Area development zone – Beijing’s effort to link a collection of 11 cities including Hong Kong, Macau, Guangzhou and technology hub Shenzhen – is also likely driving the transition, as it requires more seamless data flow and technical compatibility between Hong Kong and the mainland, Fong said.
Growth of Mainland Tech Companies in Hong Kong
Sangfor Technologies, a Shenzhen-based cloud and cybersecurity company, tripled its revenue and market share in Hong Kong from 2024 to 2026, according to Keith Lee, cloud business director at the company, who said the biggest growth sectors for Sangfor were government, education and banking, including some large enterprise firms.
According to Lee, mainland China’s Xinchuang initiative was a major driver for the Hong Kong public sector’s adoption of Sangfor technology. He said the IT replacement programme had contributed to about half of Sangfor’s business in Hong Kong over the past two years.
Sangfor plans to expand aggressively in the city in the coming years, Lee said, taking advantage of local companies’ need for alternatives after their VMware licenses expire. VMware, a cloud software provider, was acquired by US chipmaker Broadcom in 2023.
Government Stance on Technology Adoption
Hong Kong’s Digital Policy Office (DPO) said in an emailed statement to the SCMP that the government’s approach to adopting technology solutions is “technology-neutral and vendor-neutral,” and that Hong Kong “remains open to technology solutions from a wide range of providers, including local, overseas and Chinese mainland-based companies, on a fair and nondiscriminatory basis.”
The OGCIO, previously responsible for engaging with mainland enterprises for tech solutions, was merged with the Efficiency Office (EffO) in 2024, creating the DPO.
Government bureaus and departments, which procure IT solutions primarily through “open and competitive tender processes,” should adopt equipment from “diverse sources where appropriate, and avoid over-reliance on a single or limited number of platforms or products” to better manage cybersecurity and information security risks, the DPO said.
