Western Technology and Chinese Ambitions: Where is the Boundary? The Oracle-TikTok Alliance Question
- Gabriele Iuvinale
- 30 giu
- Tempo di lettura: 14 min
The partnership between Oracle and ByteDance, highlighted by the new SemiAnalysis report, drives AI growth but raises serious national security concerns. Chinese legislation and the “Civil-Military Fusion” impose systemic state control, making AI data centers vulnerable to espionage and sabotage, as also highlighted by the Gladstone AI report. The challenge is to balance economic benefits with the protection of Western strategic interests in a context where trust in safeguards is constantly challenged.
In the rapidly evolving landscape of cloud computing and Artificial Intelligence (AI), the collaboration between Oracle Cloud Infrastructure (OCI) and ByteDance, the Chinese tech giant owning global platforms like TikTok, stands out as a driver of exponential growth for Oracle. At the same time, however, it raises deep and growing national security concerns. This partnership, highlighted in a SemiAnalysis study, brings to light a crucial strategic dilemma facing Western democracies: how to balance companies' economic freedom to operate globally with the imperative to protect a nation's strategic interests and data sovereignty, especially in light of Xi Jinping's China, characterized by increasingly pervasive state control and the integration of the private sector with national security objectives.
The root of these concerns lies in the systemic nature of the Chinese risk, not in alleged malicious intentions of individual companies. The National Intelligence Law (NIL) of 2017 unequivocally obliges all Chinese organizations and citizens to cooperate with government authorities on security matters, regardless of their geographical location. This legislation, coupled with the Military-Civil Fusion (MCF) strategy promoted by Xi Jinping, aims to systematically integrate civilian technological innovation with military and national security goals. The presence of Chinese Communist Party (CCP) Committees within large Chinese companies, including ByteDance, serves as a further mechanism of control and alignment with Party directives.
In this context, Artificial Intelligence data centers represent a primary target. An alarming Gladstone AI report (published last March) warns that every AI data center is inherently vulnerable to Chinese espionage. These facilities, which house invaluable AI models and sensitive data, are susceptible to asymmetric sabotage (low-cost attacks with devastating impact) and data exfiltration attacks on intellectual property. The report's authors revealed concrete instances of successful attacks and attempts to disable US AI infrastructures. Therefore, confidence in data "custodianship" mechanisms, like that offered by Oracle to TikTok, is called into question. How can it be guaranteed that a core algorithm and fundamental technology, remaining under Chinese control and subject to Beijing's laws, cannot be manipulated or exploited for intelligence or geoeconomic purposes, despite the supervision of a Western partner? This is a crucial question that permeates the entire Oracle-ByteDance partnership.
The dynamic of collaboration between Oracle and ByteDance is profound and global. Oracle has made a bold bet on providing large-scale AI capacity, becoming ByteDance's primary GPU customer—a company itself a giant in GPU utilization. This symbiosis has led to the transformation of Johor, Malaysia, into the "world's second-largest AI hub," with massive investments by Oracle to strengthen its cloud presence in the ASEAN region. Similarly, Oracle is the cloud provider for TikTok's operations in the United States, with key data centers in Virginia and Texas, and is expected to extend its support to ByteDance's expansion in Europe (with data centers in Ireland, Norway, Finland) and Latin America (like in Brazil). The speed of construction, often through Chinese partners like DayOne, is a competitive advantage for Oracle, but it raises questions about due diligence in such a sensitive sector.
This complex interdependence between commercial interests and geopolitical risks is also clearly visible in recent developments regarding TikTok negotiations in the United States. In March, talks between Oracle and the White House intensified, aiming to find a solution that would mitigate national security risks while allowing TikTok to operate. The proposal to rely on Oracle for supervising US user data was met with skepticism by some lawmakers, who doubted its effective implementability if the core algorithm and basic operations remained in Chinese hands. President Donald Trump's announcement about an acquirer for TikTok's US operations, presumably a consortium of "very rich people" requiring Chinese approval, further highlights the complexity and overlap between political decisions, economic interests, and Beijing's perennial influence. A previous attempt at sale, also involving Oracle, had already failed due to Chinese denial, demonstrating China's strong leverage over ByteDance.
In essence, the Oracle-ByteDance partnership is an emblematic case of how the pursuit of growth and competitive advantages in strategic sectors like AI can become riskily intertwined with the geopolitical ambitions of an authoritarian power. The real challenge lies in determining whether "trust" mechanisms and technical safeguards, while necessary, can truly neutralize the systemic risk inherent in a business model that, by its very nature, is deeply intertwined with the imperatives of an authoritarian regime actively pursuing technological control and civil-military integration. The debate is far from over.
The dynamic of collaboration and rapid growth: Investments, activities, and locations
Oracle, traditionally a software giant, has made a bold transition to become a primary player in the AI cloud sector. Its strategy, defined by SemiAnalysis as an "Investment Grade Neocloud," combines the infrastructure of a hyperscaler with the flexibility of an AI-native Neocloud, significantly integrating the speed and cost advantages offered by Chinese data center developers. This approach has allowed Oracle to gain a notable competitive edge, particularly through:
Cost advantages: An optimized network architecture for AI workloads dramatically reduces interconnection costs, and the Original Design Manufacturer (ODM) approach, working directly with companies like Foxconn, allows Oracle to bypass intermediate margins and offer highly competitive pricing.
Massive and rapid capacity: Oracle's willingness to make bold bets on multi-year capacity contracts (as demonstrated by its commitment to over 2GW of capacity in the United States), combined with its partners' deployment speed, has positioned OCI as a gigawatt-scale AI compute provider.
Within this framework, ByteDance is no ordinary customer; it is the primary driver of this growth for Oracle in the AI sector. According to SemiAnalysis, the Chinese company is one of the world's largest and fastest-growing GPU users, comparable in scale to US hyperscalers, and currently Oracle's largest GPU customer. This symbiotic relationship has been the catalyst for the transformation of Johor, Malaysia, into the "world's second-largest AI hub."
The activities and investments of this partnership are concentrated in several key areas, demonstrating an integrated global expansion strategy:
Johor, Malaysia: The second AI hub globally: A large portion of Oracle's GPU capacity in ASEAN (Association of Southeast Asian Nations) is dedicated to ByteDance. SemiAnalysis's analysis identifies a significant "co-cluster" in Johor, projected to reach 600-700MW within a year and potentially up to 2GW by 2028. This site has become a vital hub for ByteDance's AI operations, including its global services. The speed with which partners like DayOne (formerly GDS International), known for their Chinese-origin construction efficiency, bring hundreds of megawatts of data centers online, underscores the pace and scale of this expansion. Oracle itself announced in 2024 an investment of over $6 billion in Malaysia to expand its public cloud region, a move that further strengthens the capacities available for clients like ByteDance.
United States: Oracle's crucial role for TikTok: Despite the current focus on Johor, it's essential to remember Oracle's role as the cloud provider for TikTok in the United States. TikTok's US user data is routed and stored on Oracle Cloud Infrastructure in the US, with data centers in locations like the Northern Virginia (Ashburn, Sterling, Leesburg) area and Texas (Abilene).
ByteDance's global expansion through Oracle: SemiAnalysis predicts that the partnership will aggressively extend to "many other countries," with significant growth for ByteDance in ASEAN, Europe, and Latin America. For example, ByteDance is investing in data centers in Europe (such as Dublin, Ireland, and Hamar, Norway) and has plans for a new hub in Finland with a 1 billion euro investment as part of "Project Clover" for European data sovereignty. Reports also mention plans for a 300MW data center in Brazil with potential expansion to 900MW. In many of these cases, Oracle is expected to play a significant role as a cloud infrastructure provider, supporting ByteDance's global expansion and, implicitly, its technological foundation.
OCI's global presence: To support this vast operation, Oracle manages an extensive network of public cloud regions and data centers in 51 locations across 26 countries. Its cloud regions are located in North America (e.g., Ashburn, Phoenix, San Jose, Chicago in the US), South America (e.g., Sao Paulo in Brazil), Europe (e.g., Frankfurt, Amsterdam, London, Milan, Paris), the Middle East and Africa (e.g., Dubai, Jeddah, Johannesburg), and Asia Pacific (e.g., Singapore, Tokyo, Seoul, Mumbai, Sydney). This global footprint of OCI makes ByteDance's continental expansion possible, creating a complex web of dependencies and potential vulnerabilities.
Concerning risks for national security in the era of Xi Jinping
This is where the situation becomes complex, and concerns grow acute. The scale and nature of this partnership, while economically advantageous, open the door to critical national security vulnerabilities. This is due to the intrusive nature of the Chinese regulatory framework under Xi Jinping's leadership, which has progressively strengthened state control over the technology sector and integrated civil and military objectives.
China's National Intelligence Law and Military-Civil Fusion: A systemic risk of technological control
National security concerns are not unfounded; they are rooted in the structural and ideological foundations of Chinese legislation and its development strategies. The National Intelligence Law (NIL), adopted in 2017, imposes an unequivocal obligation on all Chinese organizations and citizens to cooperate with government authorities on security and intelligence matters. This law reinforces the argument that the presence of Chinese companies in critical national infrastructures, especially those managing sensitive AI data, can pose a systemic risk for data control and access.
Relevant articles of the NIL include:
Article 7: "All organizations and citizens shall support, assist, and cooperate with national intelligence efforts in accordance with the law, and protect national intelligence work secrets they are aware of." This establishes an unequivocal obligation to cooperate, which overrides any commercial agreement or external jurisdiction.
Article 9: Provides incentives (praise and awards) for contributions to intelligence efforts, actively encouraging cooperation.
Article 12: Authorizes intelligence institutions to establish "cooperative relationships with relevant individuals and organizations" and to "detain them to carry out relevant work," suggesting that private entities can be directly tasked by intelligence agencies.
Article 14: Allows intelligence institutions to request "necessary support, assistance, and cooperation" from organs, organizations, and citizens, transforming such requests into binding legal obligations when interpreted in conjunction with Article 7.
The scope of this law is global: it applies to all Chinese groups, including overseas subsidiaries (like ByteDance and its global operations via TikTok), regardless of their geographical location. It applies to all organizations established in China, irrespective of ownership (private, public, or foreign), and to all Chinese citizens, even when residing outside the country.
This regulatory framework perfectly aligns with China's broader strategy of Military-Civil Fusion (MCF). This program, initiated by the Chinese Communist Party (CCP) and President Xi Jinping, aims to transform the People's Liberation Army (PLA) into a "world-class military" by 2049, systematically integrating the country's entire scientific and technological enterprise. Through MCF, new civilian innovations must simultaneously advance economic and military development. The CCP considers MCF fundamental for achieving its regional and global ambitions, believing that AI will drive the next revolution in military affairs and that the first country to apply it to next-generation warfare will achieve military dominance. MCF, therefore, aims to pave the way for China to be the first country to transition to "intelligent warfare" and develop the military capabilities deemed essential for achieving these objectives.
A further mechanism of control and influence is the presence of Chinese Communist Party (CCP) Committees within large companies, including those in the technology sector like ByteDance. These committees, composed of Party members, operate in parallel with formal corporate governance and ensure that business decisions align with the Party's political objectives. While their precise functions may vary, their existence creates a direct channel for CCP influence and oversight over companies' operations, strategies, and potentially, access to data, even when these companies operate outside China's borders. This internal control, combined with security legislation, reinforces the systemic risk.
Vulnerabilities of AI data centers: AI data centers are invaluable repositories of intellectual property, proprietary machine learning models, and sensitive training data. The sharing of infrastructure in "co-clusters" or reliance on developers with rapid but potentially less rigorous security methodologies in the supply chain (such as using ODMs without adequate deep due diligence) increases the risk of:
Data exfiltration and industrial espionage: Unauthorized access and copying of AI algorithms, sensitive user data, or trade secrets by state-linked Chinese actors, potentially facilitated by NIL and the influence of CCP committees.
Intellectual Property (IP) theft: The illicit acquisition of AI models and training techniques that could accelerate Chinese technological development and undermine the competitive advantage of Western nations, directly contributing to MCF objectives.
Supply chain compromises: The possibility of hardware or software backdoors inserted upstream in the production chain or during data center construction, a risk amplified by the MCF goal of fusing civil and military capabilities.
Intelligence and geopolitical risk: The vast amount of data processed (user behavior, preferences, interactions) can be an invaluable source for intelligence gathering, for both economic and strategic purposes. Furthermore, deep interdependence could complicate the enforcement of future sanctions or restrictions on entities like ByteDance, creating a potential conflict between commercial interests and foreign policy in a context of increasing geopolitical confrontation. The question is whether data segregation measures and "custodianship" by Oracle can genuinely withstand the pressure of extraterritorial laws and the sophistication of state-sponsored attacks highlighted by the Gladstone AI report.
Recent developments in TikTok negotiations in the US
Further concerns emerged more recently regarding the role that TikTok's Chinese founders might still play in its US operations. Oracle software company has continued to intensify talks with the White House for an agreement on TikTok's management. These negotiations, led by Vice President JD Vance and National Security Advisor Mike Waltz (tasked by President Donald Trump to oversee a deal to bring TikTok under US ownership), have been described as advanced. Senators had expressed a desire to be briefed on any talks.
This situation has reignited warnings from Congressional Republicans and other China hawks, who argue that any new ownership deal that maintains TikTok's core technology in Chinese hands might only be a superficial solution to the security concerns that led to the app's bipartisan outright ban last year. Leading lawmakers have summoned Oracle to discuss the possible agreement and growing national security concerns.
One person familiar with the discussions with Oracle revealed that the deal would essentially oblige the US government to rely on Oracle to oversee American user data and ensure the Chinese government doesn't have access to it. However, the same source expressed skepticism, stating that such a promise would be "impossible to keep." According to the POLITICO source, "If the Oracle deal went forward, this [algorithm] would still be controlled by the Chinese. That means all you'd be doing is saying 'trust Oracle' to disseminate the data and ensure there are no 'backdoors' to access it." This statement highlights the central criticism: if the algorithm is not completely rebuilt by its US owner or if ByteDance maintains a role in its operations, vulnerabilities could persist and be exploited by the Chinese government.
Despite these concerns, the data security company HaystackID, which serves as an independent security auditor for TikTok US, stated last February that it had found no indication of malicious internal or external activity, nor had it identified protected US user data shared with China. However, the anonymous source's statements and lawmakers' concerns demonstrate that trust in Oracle's "custodianship" mechanism, while an important step, is not universal when fundamental control of the technology remains in Chinese hands and subject to their laws.
TikTok's future in the United States appears set to change once again. President Donald Trump stated in an interview that a buyer has been found for the platform's US operations. It's described as a group of "very rich people," whose identity will be revealed within two weeks. Among the names vying for the acquisition of TikTok's US operations, besides funds like Blackstone and well-known venture capital firms like Andreessen Horowitz, tech giants like Amazon and Oracle itself stand out. During the "Sunday Morning Futures" program on Fox News, Trump confirmed that the deal would also need Beijing's consent: "We have a buyer for TikTok, by the way. It will probably need China's approval, and I think President Xi will grant it," he said. The sale comes as the US and China recently defined a new trade framework after a meeting in London, a context that might also facilitate Xi Jinping's green light. The TikTok issue has long been a source of tension: the US Congress had approved a law in 2024 to force ByteDance to divest TikTok's American operations or, alternatively, cease its activities by January 19. After Joe Biden's signature, the ban's effective date coincided with Trump's inauguration, who preferred to grant more time to find a buyer. Since then, the deadline has been extended three times; the latest deadline is set for September 17.
A previous sale attempt, initiated last spring to transfer US operations to a new American-majority company and involving investors like Oracle, Blackstone Inc., and Andreessen Horowitz, had failed after China denied consent following Trump's announcement of new tariffs. Among the parties interested in the dossier in recent weeks, diverse names have emerged, such as YouTuber Mr Beast, AI company Perplexity, and entrepreneur Kevin O'Leary from "Shark Tank." Trump's words suggest there will not be a single buyer, but a consortium of investors that could pool strengths and resources.
The strategic dilemma: Economic freedom vs. national security
The issue is inherently delicate. On one hand, companies like Oracle operate in a global economy, and the freedom to pursue market opportunities is a cornerstone of the capitalist system. Impeding such collaborations could slow down the innovation and competitiveness of Western companies, depriving them of crucial markets and mutually beneficial partnerships.
On the other hand, the nature of authoritarian regimes, like China's under Xi Jinping, which do not distinguish between state and private entities in terms of cooperation obligations for national security, poses an existential risk. This is no longer merely traditional espionage but a potential systemic exploitation of global technological infrastructure for geoeconomic and intelligence purposes, with the risk of compromising the technological sovereignty and strategic resilience of democracies.
It is imperative that governments and the private sector collaborate to develop a calibrated and risk-based approach. This includes:
Strengthening due diligence: Thorough and continuous investigation of partners and supply chains, with particular attention to geopolitical risks and the regulations of countries of origin.
Robust contractual safeguards: Including explicit clauses in contracts that protect data sovereignty, guarantee transparency on external data requests, and provide for stringent and independent audit rights. However, how truly enforceable these clauses are in the face of imperative national laws like China's, which mandate intelligence cooperation, remains a fundamental question.
Advanced security architectures: Implementing zero-trust, advanced encryption, and rigorous data segregation, even among clients on the same infrastructure, to minimize the attack surface and prevent unauthorized access.
Clear regulatory frameworks: Governments must define precise guidelines and, if necessary, regulations that establish the limits of collaborations with high-risk entities, especially in critical sectors like AI and data infrastructure. This could include mandatory hosting in secure jurisdictions and certification by trusted third parties.
Promotion of secure alternatives: Incentivizing the development of national or trusted-partner cloud and AI capabilities to reduce dependence on actors with potential problematic ties, thereby strengthening the overall resilience of critical infrastructures. But is it economically sustainable to replicate such massive and costly infrastructures without the scale and cost advantages offered by current partnerships, or does it risk creating a "Manhattan Project" doomed from the start, as suggested by the Gladstone AI report?
Global regulatory monitoring: Understanding and responding to the evolution of regulatory frameworks in other jurisdictions, such as the Digital Services Act (DSA) and the Digital Markets Act (DMA) in Europe, which, while focused on transparency and competition, reflect a growing attention to data control and governance, contributing to a more regulated digital ecosystem.
The Oracle-ByteDance partnership is a symbol of this complex interdependence. Its economic success for Oracle is undeniable, but its potential impact on national security is too significant to be ignored. It is a striking demonstration of the need for critical examination and coordinated action to protect vital interests in an era where technology has become a geopolitical battlefield and Xi Jinping's China actively pursues its global strategic objectives. The true challenge lies in determining whether "trust" mechanisms and technical safeguards can effectively neutralize the systemic risk inherent in a business model that, by its very nature, is deeply intertwined with the imperatives of an authoritarian regime.
Comments