Smart Device Empire: Beijing’s Expansion Through Everyday Digital Infrastructure
Chinese smart devices and the software that underpins them are present in millions of homes around the world, including in the United States. This is a result of an industrial strategy for the Internet of Things (IoT) that the government of the People’s Republic of China (PRC) has spent over a decade developing. In 2011, the Ministry of Industry and Information Technology released the country’s first national Five-Year Plan for IoT, aiming for supply chain dominance and establishing early data governance norms with a view to later shaping global standards. In the 15 years since, subsequent economic strategies, such as Made in China 2025, Internet+, and even the recently released “15th Five-Year Plan for National Economic and Social Development” have helped elevate the industry to global prominence.
Beijing has used its state-funded model of industrial policy to create a favorable environment for the emergence of companies like Xiaomi, TCL, Skyworth, and Hisense. These firms grew quickly under protectionist policies while benefiting from the rollout of Huawei’s 5G network, exporting their products first to “global south” countries and later to Europe and the United States. National prioritization and the consolidation of economic infrastructure have allowed the PRC to set global technical standards, entrenching the Chinese technical stack—and norms surrounding data management—in the market. PRC standards-setting along the Digital Silk Road also impedes the expansion of U.S. products and norms by imposing a high transition cost on firms.
The PRC’s prevalence in the smart device sector poses serious security risks. The 2026 Annual Threat Assessment of the U.S. Intelligence Community notes that the PRC “is the most active and persistent cyber threat” to the United States. National security legal frameworks in the PRC create obligations to serve national security interests as defined by the Party, and data stored on servers in the PRC can be accessed by state actors. Each device may collect and retain limited behavioral data, but when aggregated across tens of millions of devices in the United States, the intelligence risk is substantial. Chinese smart TVs have been found allowing unauthorized access devices’ data and media files and sending back data about other devices in users’ homes back to a Beijing-based company’s servers. Supply chain opacity complicates enforcement and awareness of this risk, as consumers may not realize that many non-PRC brand smart TVs are manufactured by Chinese companies and running Chinese software, and regulators are challenged by the obscured lines between U.S. and PRC corporate ownership.
This memo synthesizes five analyses published in The Jamestown Foundation’s China Brief publication between July 2025 and February 2026. These articles range from explaining the industrial policies behind the PRC’s IoT ecosystem, to detailing the extensive Party-building work within key firms, to the subsequent surveillance and intelligence risks exported devices pose. All are grounded in Chinese-language primary sources, including Five-Year Plans and industrial strategies, corporate disclosures and statements, and local news articles. Together, they connect the PRC’s longstanding industrial policy to current challenges in U.S.–PRC competition, in order to highlight that connected devices, while seemingly innocuous, pose more substantial security risks than commonly perceived.
To read the full report, click here.