So, suppose you're Supermicro. When some CPC official comes around to tell you to make your technology a little easier for the intelligence department to access, you're going to do it.
Companies in China (especially those in the tech sector) have to keep close ties to the government, and most of their leaders are members are of the party. You don't GET to be a multi-billion dollar tech company* in China without toeing the party line [1] [2] [3]
The issues around regulating food safety and vaccines that you mentioned are irrelevant.
* Foreign companies must operate Chinese subsidiaries to run their operations in China.
I see your *, so I assume you do know SuperMicro is a US company? And that the breaches reportedly happened at local Chinese subcontractors?
Everything you say seems to be valid for Chinese companies. Which SuperMicro... isn't.
If they want to start auditing their incoming supply from China more closely, or even shift production elsewhere, there's nothing except cost stopping them from doing so.
And the rub is that any competitor also using Chinese supply (for cost savings) is vulnerable to the same attack. SuperMicro was presumably targeted because of their size and global customers.
Apple is not Apple Inc. in China, it is Apple Computer Trading (Shanghai) Co., Ltd. SuperMicro will have its own subsidiary/subcontractors to handle their operations in China.
As having worked for a subsidiary of a large multinational company in China, I can tell you that a lot goes on that you might find surprising. Middle management and those involved with establishing the deals with subcontractors would often have arrangements to make money through various means, such as through IP transfer or property theft. The subcontractors themselves are Chinese companies.
At our place a lot of shady things were going on and were, thankfully, found after a number of years. The global HQ had to step in and fire around 1/3 of employees working at the China branch.
Now, there is no reason to suggest that this was related to any government policy or request. But it should be clear by now that the CPC are not exactly opposed to shady things happening to foreign companies. My point is that this is an an environment where something like this can happen quite easily, especially when a lot of technology companies have close ties to the state.
Everything you say seems to be valid for Chinese companies. Which SuperMicro... isn't.
If they want to start auditing their incoming supply from China more closely, or even shift production elsewhere, there's nothing except cost stopping them from doing so.
And the rub is that any competitor also using Chinese supply (for cost savings) is vulnerable to the same attack. SuperMicro was presumably targeted because of their size and global customers.