When a customer requests an audit of your supply chain as part of their due diligence. For legal reasons they might want to know who _you_ do business with, for example in case of international sanctions.
There are several different audits a company might need to do. Having a Chinese SaaS as a vendor would definitely prevent me from passing certain audits and doing business with certain customers. At minimum, it would be something I have to disclose and it would be a talking point, so better to just avoid it for simplicity.