China’s Participation in O-RAN

In recent months, it has become evident how the US sanctions against Chinese technology suppliers seem inconsistent, especially when it comes to the critical 5G infrastructure and participation in related standard-setting. Whereas Huawei – the principal target of US policy – has undeniably weakened. But the Chinese 5G behemoth never supplied any of the US mobile networks – and as such, it never posed a direct security threat to the US. Instead, the sanctions have indirectly helped Chinese state-owned and military-linked companies like ZTE who benefitted from bullish purchases and exclusion by China Mobile and other state-owned telcos at home. Exclusion of European suppliers in China have also helped Huawei to recoup whatever it may have lost in Japan, Australia, Singapore, and the UK.

The US tech lobby has successfully advocated for the O-RAN Alliance, establishing its misconception as the ‘western’ alternative standard to bring new non-Chinese alternatives to secure our networks. The O-RAN Alliance is a merger of two Chinese and US organisations, C-RAN and xRAN. China Mobile, China’s largest state-owned operator, does not just retain permanent board seats and veto rights as a founding member of O-RAN, it also co-chairs ten out of its fourteen working groups.

Under the dual China-US leadership, ‘western’ and Chinese military contractors are currently developing some key software in a manner that did not occur in 3GPP, ITU, or other standard development organisations. Nokia, Ericsson, Samsung and Huawei’s equipment may be interoperable, but 3GPP manufacturers do not have access to each other’s source code. And under no circumstances do they collude to review or write any portion of the code together.

The joint software developed under the O-RAN Software Community may be limited to the virtualisation and automation specifications (such as the near or non-runtime reconfiguration platforms). But these strategic functions are deeply embedded in the equipment to handle large amounts of traffic with very little supervision. US Government Accountability Office reports how the ‘attack surface of the network expands considerably’ with O-RAN – and for that reason, the risk-avert regulators in China are unlikely to allow its use in any larger scale. Instead, its principal interest for participation is access to western know-how, source code or a potential entry into the US market.

Despite the code-sharing between strategic adversaries, lawmakers in the US and Japan promise billions in subsidies and tax incentives. It seems market liberals are willing to pursue the same kind of industrial policy they once criticised in China. The same hawks who are usually (and rightly) dogmatic about Chinese market distortions (or criticise antitrust measures against US platforms) are now fiercely advocating for state intervention to break Europe’s lead on 5G.

If O-RAN claims of its ‘western’ provenance does not hold true and involves unprecedented software cooperation among strategic adversaries, who are some of its lesser-known members? The alliance comprises of over two hundred members, of which 36 are headquartered in Mainland China and subjected to its disciplines. In comparison, the European standardisation organisation – ETSI – has fifteen Chinese members who also tend to be more well-known. While the general argument can be made that any entities under Chinese jurisdiction may be subject to undue state interference through its National Intelligence Law, the following lists provide some background to some of these participants, looking primarily to their ownership, and known contracts with defence-related work.

Notably among these Chinese O-RAN members, there are:

• Three firms sanctioned by the US Government under the BIS Entity List for their proximity to the Communist Party of China and the People’s Liberation Army: Inspur, China’s leading cloud and data service provider, was added to the US Entity List in June 2020, while both Kindroid and Phytium followed suit in 2021. Licensing O-RAN’s commonly developed software is a clear violation of these sanctions. Another member (H3C) is a subsidiary of another Entity listed business.
• Another three companies are subject to US financial sanctions, including China Mobile, which is a founding member of the O-RAN consortium and one of the five companies holding a veto power in all its decisions. Also, the state-owned operators of China Telecom and China Unicom are also O-RAN members are also under US Treasury OFAC sanctions.
• At least two-thirds of the Chinese contingent in the consortium has state-ownership. Six O-RAN members are outright public institutions or agencies. At least 16 O-RAN members have publicised links with military or security activities.

Who are the sanctioned Chinese O-RAN members?

• China Mobile was forcefully delisted from New York Stock Exchange after it came under US financial sanctions as a Chinese Military-Industrial Complex (CMIC) company by US Treasury OFAC. In addition, the state-owned operators of China Telecom and China Unicom are also members who are listed under the Treasury OFAC’s sanctions list.
• Inspur Group is China’s largest data service provider, that develops server hardware, as well as services in data storage, cloud, AI, and big data. Inspur was placed on the US entity list in June 2020 for its ties to the People’s Liberation Army. It has retained a number of contracts with the China Public Security Bureau. Also, according to the New York Times, “Chinese military uses Inspur computers, mobile mapping systems and communications systems” and has a client roster that includes China Air-to-Air Missile Research Academy and the China Academy of Engineering Physics. Its principal owner is likely to be the Shandong government.
• (Tianjin) Phytium Information Technology was placed on the Entity List for collaborating with the People’s Liberation Army (PLA) on advanced missile work in April 2021 by the Biden administration. As a key chipset developer, it develops critical components such as designs for high-performance and massively parallel ARM-based microprocessors. The company originated from the Ministry of Industry and IT (MIIT) but is now held under the China Great Wall Technology Group (CGT) as a part of the China Electronics Corporations (CEC) group of companies, which is listed as a state military company by the Chinese State Administration for Science, Technology, and Industry for National Defence and placed under US sanctions.
• Kindroid has been sanctioned by the Biden administration, for acquiring US-origin items for the technological upgrade of the People’s Liberation Army. The true ownership of the company is veiled by complicated corporate structure and cross holdings, involving Beijing municipalities and China Development Bank. Note that Kindroid appears to have left the consortium after failing to pay the membership fees on time.

Other O-RAN members with defence and security ties

• ZTE – Huawei’s bitter rival from Shenzhen – is a self-admitted state-owned company of military origins. It was briefly added to BIS Entity List for selling US technology to Iran and North Korea in 2018 but was delisted by the Trump administration after a settlement negotiated on its behalf by the Chinese government.
• Sichuan Juizhou, or Jezetek, touts a civilian portfolio on its English website including smart city, electronic aeronautic components, and electronic weighing equipment. However, on its Chinese website lists security and military work, while celebrating Xi Jinping thought and the anniversary of the Chinese Communist Party.
• Grentech is a wireless communications and antenna provider. The company mentions its involvement with the Chinese military in its materials, and also attests its loyalty to the Party. The company has undergone an IPO via British Virgin Islands but later taken private with unclear ownership today.
• HGTech is the photo-optical subsidiary of its parent, Huagong Technology, which is controlled by Huazhong University of Science and Technology (HUST) with overlap of staff between them. ASPI, the Australian government think tank, alleges that HUST is closely tied to the People’s Liberation Army, conducting large amounts of its advanced research, consider it “very high risk”.
• Nanjing Haojun (HKTech), focuses on antenna technology, its own corporate materials note the use of their technology in military applications although this is not verified outside of the company’s own materials.
• SageRAN provides RAN protocol stacks for 5G and lists its work with Chinese municipalities and local law enforcement.
• SpiderRadio is a public-private entity controlled by the Suzhou government. Its marketing materials list China Public Security Bureau as one of its clients. Also, surveillance technologies (including prisons) are among its product portfolio.
• Sunwave specialises in network design that has works with Chinese security agencies, including IT solutions for prisons.
• Tsinghua University is a well-renowned science and engineering university where its staff advice on national defence and security research. Financial Times alleges that cyber-attacks regularly stem from IP addresses originating at Tsinghua University.
• H3C is a subsidiary of the Tsinghua Unigroup. The Obama administration blocked the group’s acquisition of Micron. New York Times alleged that a subsidiary (Tsinghua Tongfang) supplies military communications control, electronic countermeasures and satellite navigation equipment to the People’s Liberation Army. Another subsidiary, NucTec, is on the US Entity List.

Examples of O-RAN members with various degree of state-ownership

• China Academy for Information and Communications Technology (CAICT) is a government think tank that plays a role in R&D and telecom regulation under the purview of the Ministry of Industry and Information Technology (MIIT).
• China Institute of Computing Technology under the Chinese Academy of Sciences is a fully state-controlled research institute.
• Guangdong Communication and Network Institute (GDCNI) and Peng Cheng Laboratories are research institutes operated by the Guangdong provincial government in Shenzhen.
• Purple Mountain Laboratories is a recently created government research institute connected to the Southeast University.
• SGIT is the IT and telecommunication department of the State Grid Corporation of China, the world’s largest public utility company, which is a state agency.
• AsiaInfo is a major telecoms applications provider, with products in e.g. data management, network analytics or billing. The company is listed in Hong Kong via Cayman Islands. CITIC (the state-owned private equity firm) and China Mobile (O-RAN founding member) hold a majority ownership.
• Chengdu ArrayComm is a Chengdu-based company manufacturing BBUs, RUs, DUs, and physical layer technology for 5G. The company takes its name from an US company but was recently reactivated in China. Today, it has an opaque ownership structure that likely involves state investment and Fosun International, the conglomerate that also invested in another small O-RAN member,
• CertusNet provides enterprise network applications. There is some local state ownership through an investment firm that ties back to the Shenzhen government.
• Chengdu NTS Technology is at least partially owned by a Sichuan and Chengdu state investment vehicle.
• Lenovo faces accusations by US Department of Defense as a state-owned entity with “nearly 30% owned by state-controlled Legend Holdings” that “poses a cyberespionage risk”.
• Raisecom is a minor manufacturer of access network equipment. The company is approximately 25% state owned through a Chongqing government investment vehicle.
• Zealync is a recent startup with a minority state-linked investors, including Tsinghua.