For nearly seven years, Washington has been building a regulatory firewall around Chinese facial recognition. What began in October 2019 as a discrete Entity List action against Hikvision, Dahua, SenseTime, Megvii, iFlytek and Yitu — sanctioned over their reported role in mass surveillance of Uyghurs in Xinjiang — has matured into a layered architecture of export controls, federal procurement bans and equipment authorization restrictions. In 2026, that architecture is no longer a US-only story. It is reshaping how allied police forces and critical infrastructure operators across the Asia-Pacific buy cameras.
The Stack: Three Overlapping US Regimes
The American restrictions on Chinese biometric vendors do not flow from a single statute. They are the cumulative effect of three distinct mechanisms, each with a different theory of harm:
- BIS Entity List (2019–present): The Commerce Department's Bureau of Industry and Security has steadily expanded controls on the original 2019 cohort, adding subsidiaries and tightening license review presumptions. The justification is human rights — specifically, complicity in Xinjiang surveillance.
- NDAA Section 889 (2018): Bars federal agencies and, since August 2020, federal contractors from procuring covered telecommunications and video surveillance equipment from Hikvision, Dahua, Huawei, ZTE and Hytera. The theory here is supply-chain risk to government systems.
- Secure Equipment Act / FCC Covered List (2021–2022): The FCC's November 2022 order, implementing the Secure Equipment Act, blocks new equipment authorizations for the same covered vendors. This bites the commercial market, not just government buyers.
The Trump administration's America's AI Action Plan, released in July 2025, did not invent this framework. It hardened it — pairing existing export controls with a more aggressive diplomatic push to align allies, particularly in Asia, where Hikvision and Dahua had captured a dominant share of the low-cost CCTV market that supplies municipal police, transit systems and ports.
How Asia-Pacific Allies Are Responding
Allied alignment has been uneven, and that unevenness is itself instructive. Australia moved fastest: in 2023, the Albanese government ordered Chinese-made surveillance cameras removed from defence sites after an audit by then-shadow cyber minister James Paterson identified hundreds of Hikvision and Dahua units across federal premises. The United Kingdom's Cabinet Office issued similar guidance in November 2022 directing departments to stop installing Chinese-made cameras at sensitive sites.
Japan and South Korea have moved more cautiously. Both governments have flagged supply-chain concerns and quietly shifted some critical-infrastructure procurement away from Chinese vendors, but neither has imposed a formal Section 889-style ban. Taiwan, for obvious geopolitical reasons, has been among the most restrictive — Taipei has pushed Chinese surveillance gear out of government and military procurement, and increasingly out of utility deployments.
The result is a fragmented but unmistakable trend: the Asian police-surveillance procurement market, where Hikvision and Dahua had been default low-cost suppliers, is being restructured around a new map of permitted vendors. Korean firms (Hanwha Vision), Japanese vendors (Sony, Panasonic), Taiwanese OEMs and Western players (Axis, Bosch, Motorola Solutions/Avigilon) are the obvious beneficiaries.
The Right Question Is Use, Not Just Origin
From a proportionate-regulation perspective, the US framework gets a lot right and a few important things wrong.
It gets the human-rights piece right. Sanctioning vendors with documented involvement in mass biometric surveillance of an ethnic minority is exactly what targeted export controls are for. The 2019 Entity List action — and its continued enforcement — is a defensible application of trade tools to address a clear harm. Section 889's narrow focus on federal systems is also defensible: governments have legitimate reasons to be choosy about the supply chain inside their secure networks.
Where the framework strains is in the broader implication that Chinese facial recognition is uniquely dangerous because it is Chinese. Facial recognition deployed by police at scale raises the same civil-liberties concerns regardless of who manufactured the cameras. A Hanwha or Axis camera feeding a real-time biometric matching system to municipal police is not meaningfully more privacy-preserving than a Hikvision one feeding the same system. Country-of-origin controls are a poor proxy for the question that actually matters: what is the government doing with the footage, under what legal authority, with what oversight, and for how long?
The real risk of a country-of-origin-only policy is that it lets liberal democracies feel they have addressed the surveillance problem by swapping vendors, when they have only swapped suppliers.
What a Proportionate Approach Looks Like
The most useful policy posture for the Asia-Pacific region is to treat the US restrictions as a floor for sensitive procurement — defence, critical infrastructure, and federal networks — rather than a ceiling that exhausts the policy agenda. Allied governments now adopting parallel covered-list regimes should pair them with three things the US itself still lacks at the federal level:
- Statutory limits on real-time biometric identification by police, modelled on the EU AI Act's prohibitions, with narrow exceptions and judicial authorization;
- Transparency requirements covering the number, location and purpose of facial recognition deployments by public authorities;
- Procurement neutrality on capability, ensuring restrictions actually target vendors with documented human-rights concerns rather than becoming a generalised industrial-policy tool.
The strategic logic of "small yard, high fence" was that the yard would stay small. As the fence lengthens — across allies, across product categories, across procurement domains — the risk is that the yard quietly grows to encompass any technology category where a Chinese firm is competitive. That is a different policy than the one originally announced, and it deserves a different conversation.
Allied governments rebuilding their surveillance procurement stacks in 2026 have a one-time opportunity to ask not just whose camera but whose data, under what rules. The first question is easier. The second is the one that actually protects citizens.