Geopolitics of Cryptography: The Impact of New Regulations in China and Russia on Critical Infrastructure and Global Security

China and Russia are introducing stringent regulations on the use of cryptography to protect their critical infrastructure, an action that represents a decisive move in the context of "hybrid warfare." The new provisions mandate the use of nationally certified cryptographic technologies and services, with the goal of ensuring digital sovereignty and security from external threats.

China, with the entry into force of its "Provisions on the Administration of the Use of Commercial Cryptography," on August 1, 2025, aims for pervasive control over its information infrastructure, including satellite communications.

Russia, for its part, will require satellite and television communication operators to use equipment certified by the FSB starting in March 2026.

These initiatives show a coordinated strategy to reduce technological dependence on the West and consolidate state control.

The recent granting of the first commercial license for satellite communications in China to China Unicom on September 9, 2025, highlights how Beijing is also using the private sector to accelerate its technological supremacy, while maintaining tight security oversight.

Details of the Chinese and Russian Regulations

China: An Integrated Regulatory Framework

The "Provisions on the Administration of the Use of Commercial Cryptography in Critical Information Infrastructure" were reviewed and approved on April 21, 2025, and entered into force on August 1, 2025. The document was jointly issued by the National Cryptography Administration, the Cyberspace Administration of China, and the Ministry of Public Security of the People's Republic of China.

The regulation applies broadly to all critical information infrastructure (CII), defined as those systems that, if compromised, could jeopardize national security, the economy, and public interests. This implicitly includes satellite communication networks, which are considered a vital extension of terrestrial infrastructure.

CII operators are required to:

• Use cryptographic products and services that have been tested and certified.

• Submit cryptographic algorithms and protocols for review and evaluation by the National Cryptography Administration.

• Conduct security assessments of cryptographic applications at least once a year.

• Use cryptography to protect sensitive data such as "core data, important data, and personal information".

Russia: The Targeted Protection of Satellites

Russia has issued an order that requires all satellite and television communication operators to protect their control lines through means of cryptographic information protection (SKZI). The order was published by the Ministry of Digital Development, Communications and Mass Media.

Operators will have to install the necessary equipment starting in March 2026. A fundamental requirement is that these devices must be pre-certified by the FSB, the Russian Federal Security Service. The stated goal is to "significantly reduce the likelihood of obtaining unauthorized access" to satellite control lines.

Geoeconomic and National Security Implications

The provisions in China and Russia are not simply administrative acts; they represent central elements of a hybrid warfare strategy and the defense of national sovereignty.

Hybrid Warfare and the Defense of Infrastructure

Both China and Russia consider digital space and satellite communications as a strategic battlefield. The regulations are a direct countermeasure to threats of external interference and cyberattacks. Russia's move to mandate FSB-certified cryptography is a direct response to the risks of "jamming" (signal disruption) and infiltration of satellite systems, which are perceived as vulnerabilities that could be exploited by hostile actors.

Digital Sovereignty and Global Competition

The common goal is clear: to reduce technological dependence on foreign countries, particularly the United States, and to affirm their digital sovereignty. By requiring that cryptographic technologies be nationally certified, both countries ensure that they maintain complete control and avoid "backdoors" hidden in foreign products. This strategy also promotes internal innovation and fosters the development of a national industry capable of providing proprietary technological solutions.

The Chinese Case: The Commercial Satellite Move

In contrast to the past, when the Chinese space sector was dominated by state entities, China has recently accelerated the development of a commercial sector. This move is not a deviation from its control strategy but a tactical evolution of it.

On September 9, 2025, the Ministry of Industry and Information Technology granted the first commercial license for satellite mobile services to China Unicom. This move is strategic for several reasons:

• Competition with Starlink. China is using the commercial sector as a new engine of growth to develop its own satellite constellations and compete with giants like SpaceX's Starlink.

• Security and control. While encouraging commercial development, the government has reiterated that it will continue to "tighten security surveillance" of the sector. This ensures that even commercial operations remain subject to state regulations on cryptography and security, preserving state control over a critically important infrastructure.

In summary, China is integrating its economic development goals with its national security goals, using the private sector to consolidate its position as a global digital and space power.

Global Consequences and Future Perspectives

The imposition of national cryptographic standards in China and Russia creates risks and opportunities for companies and nations around the world. For businesses operating in these markets, the obligation to use locally certified products could require substantial investments in research and development to comply with standards that are not compatible with Western ones. This also raises serious concerns about data security, with fears that local governments could have privileged access to information.

This approach risks accelerating the fragmentation of cyberspace and digital commerce into distinct blocks. In the long run, a division could emerge between an Eastern and a Western "digital bloc," with proprietary standards and technologies that make interoperability difficult. The West's response could be a strengthening of its own regulations and cyber defense capabilities, turning technological competition into a true digital "arms race."