Foreign ownership, control and influence (FOCI) risks associated with technology vendors have become a significant fault line in the Indo‑Pacific's strategic, technological and economic landscape. As global technology supply chains have become increasingly concentrated and interdependent, concerns have grown that some foreign vendors may be subject to external direction or legal obligations that could expose national systems to influence, coercion or disruption. Governments across the region face an enduring dilemma: their economies depend on affordable, high‑performing foreign technology, yet from the security perspective such dependence creates systemic vulnerabilities in critical infrastructure and national systems.
In this context, strategic autonomy in terms of technology depends on clearly defining who can be trusted, in what roles, and under what legal and operational conditions. While transparent principles are essential, full disclosure of specific determinations can equally be counterproductive, particularly when decisions rely on sensitive intelligence or could provoke retaliation. The goal is therefore transparency in principles, and discretion in application.
This report sets out policy and governance options to assist governments and industry to mitigate risks specifically from FOCI technology vendors. It offers a practical foundation for developing a vendor security framework to enable adaptation that's both country‑ and technology‑agnostic as a means for assessing and managing FOCI risks as new technologies, products and services emerge.
