Top considerations when transitioning to non-Chinese security cameras

The removal of Chinese-made cameras from sensitive sites in the UK

In 2022, the UK Government Security Group reviewed possible security risks associated with video security systems. It concluded that additional controls are required due to the increasing capability and connectivity of connected security systems.

As a result of this review, multiple government sites were ordered to halt the procurement and installation of Chinese-made security cameras. At the same time, government agencies were asked to disconnect existing Chinese-made security equipment from core networks and consider removing it entirely. The deadline for removing Chinese-made cameras from sensitive sites across the UK was set for April 2025. As of early 2026, this transition is largely complete, with government departments reporting full or near-full compliance.

Chinese camera removals came when increased concerns had been raised over how personal data is handled in the UK. For example, experts had warned that a ​“culture of retention” of biometric data in the UK was the cause of significant privacy and data protection concerns. Given the sensitive nature of the footage captured, it remains critical that security camera manufacturers demonstrate a commitment to reduce the risk of data breaches or unauthorized access.

The UK was not alone in prioritizing security equipment with transparent data practices and rigorous cybersecurity measures. The United States also implemented similar restrictions, with legislation like the National Defense Authorization Act (NDAA) prohibiting federal agencies and grant recipients from procuring equipment made by some Chinese manufacturers. Australia also took action to remove Chinese cameras from government buildings and sought alternatives that align with data protection and compliance standards.

Security risks relevant to Chinese security cameras

Modern security cameras are sophisticated, network-connected devices that incorporate cloud storage, AI-driven analytics and remote access capabilities. However, when cybersecurity and data protection aren’t prioritized in the design, these cameras can become entry points for malicious actors seeking to access and exploit sensitive data. Some of the common risks associated with connected cameras include: 

Weak default credentials

An investigation at the time found some Chinese camera models using easy-to-guess passwords, which users rarely change after installation. This makes it easy for threat actors to exploit these cameras, as passwords can be guessed or found online. Once they gain access, they can control the device, potentially turning it off, tampering with the footage or even using it to gain access to other systems on the same network. 

Unpatched vulnerabilities

Some camera models by a Chinese brand were found to contain critical vulnerabilities (e.g., CVE-2021 – 36260), and similar vulnerabilities have been discovered since then, which allow attackers to bypass authentication protocols entirely, gaining full access to the device without needing login credentials. This exploit is particularly dangerous in high-security environments, allowing hackers to intercept live video feeds or access stored footage. 

Cameras from another Chinese brand were affected by a vulnerability that allows attackers to tamper with video timestamps, altering security video footage (e.g., CVE-2022 – 30564), highlighting ongoing risks. For government sites, such vulnerabilities can result in unauthorized access or sabotage of security systems.

Outdated software and lack of regular updates

In 2022, security researchers discovered over 80,000 cameras from a Chinese brand to contain a critical vulnerability. Despite the severity of the vulnerability, cameras at the time continued to operate on outdated firmware and software. Without timely patches, these devices can be exploited by cyber threat actors who can leverage vulnerabilities to infiltrate networks. As technology evolves and cyber threats evolve, unpatched systems can act as weak links in an otherwise secure network.

Who was required to switch to non-Chinese security cameras in the UK?

The UK government’s directive required all government departments and agencies to remove and replace Chinese-made security cameras from sensitive sites. Although the definition of ​“sensitive sites” wasn’t publicly available, the directive primarily applied to government offices and facilities involved in national security, defense and critical infrastructure.

Many private sector industries have also made a shift to non-Chinese camera alternatives, even without a direct mandate. This has included organizations handling sensitive data or critical infrastructure, such as financial institutions and energy companies, where security risks could have resulted in critical service disruption. 

Considerations for education, healthcare and public sector facilities

Beyond government offices, other public sector organizations that handle critical operations or sensitive data have also considered non-Chinese camera alternatives. Schools, healthcare facilities and public service facilities often handle sensitive personal information and are subject to strict, industry-specific data regulations.

• Schools: compromised devices can put student safety at risk by exposing sensitive data, such as biometric data and contact information, to malicious actors. UK schools are required to follow several data protection laws, including the GDPR and the Data Protection Act (DPA) 2018. To remain compliant and reduce risks of data breaches, schools need to ensure their video security system operates and processes data in accordance with the guidelines outlined in applicable laws.
• Healthcare facilities: hospitals, clinics, pharmacies and similar healthcare institutions are required to protect patient data under regulations like GDPR, DPA 2018 and Common Law Duty of Confidentiality (CLDC). Vulnerable security cameras in healthcare environments not only put personal information at risk of unauthorized access but may also lead to violations for non-compliance.
• Public sector facilities: public sector sites such as police stations, social care facilities and housing associations are governed by strict data protection regulations, including the GDPR, DPA 2018 and, in some scenarios, the Surveillance Camera Code of Practice. Compromised security cameras could expose these institutions to significant risks, including unauthorized access to sensitive information, such as case files, operational data and personal details of employees and the public. These vulnerabilities can lead to data breaches, operational disruptions and legal consequences.

Why does the country of origin still matter for security cameras?

The security industry operates globally, combining components from various manufacturers from around the world into a single device. This global supply chain allows device manufacturers to produce devices more quickly and at a lower cost. However, this also means globally manufactured devices and software may contain parts sourced from countries or regions that can introduce additional risks. 

Data privacy and compliance

The country where a security camera is manufactured can influence how data is collected, stored and shared. Different countries have varying laws governing data privacy and security, affecting how information captured by security cameras is handled. Cameras made in countries with less transparent data-sharing policies may pose compliance challenges for organizations operating in regulated environments. While the country of origin does not inherently determine whether a camera is secure, it can affect how well the device aligns with local privacy laws.

Varying cybersecurity standards 

Cybersecurity practices differ across countries, influencing the design, production and support for security cameras. Manufacturers from countries with advanced cybersecurity protocols often follow rigorous testing and encryption standards to ensure that their products can withstand evolving cyber threats. Choosing cameras from manufacturers that prioritize cybersecurity by design can help reduce risks and enhance the overall security of your networks.

Supply chain risks

The global nature of the security camera industry means that components are often sourced from multiple countries, making it difficult to verify the security and integrity of components and software. This can introduce risks like counterfeit parts, pre-installed malware or labor practices that do not align with international standards. These vulnerabilities can be difficult to detect and compromise the integrity of the cameras.

Considerations for choosing security cameras with data protection in mind 

When selecting a security camera system, it is important to prioritize data protection by focusing on vendors that implement strong privacy and security measures from the outset. Here are key considerations:

Security and privacy by design

Look for security camera vendors that incorporate data protection features directly into their systems from the design stage. Features like data encryption and role-based access limit who can access sensitive information, help prevent unauthorized data access, anonymize sensitive information and enforce strict access controls. For example, ensuring that all recorded footage is encrypted and only accessible via secure, role-based access helps prevent misuse of sensitive data.

Robust data protection measures

Consider security camera vendors who leverage strong cryptographic protocols and enforce the encryption of data in transit and at rest to help protect your data. Additionally, look for security device vendors who offer multi-factor authentication and have complex password requirements to help keep your data safe. To ensure your security system remains protected from evolving threats, prioritize systems that are regularly scanned for new vulnerabilities and receive automatic security updates. 

Clear policies and procedures

Effective data protection requires not only secure technology but also clear policies to guide data management and access. Your security camera vendor should provide clear information, tools and training to help you and your partners securely install and maintain the system. Additionally, look for vendors that conduct regular testing and auditing, such as rigorous penetration tests and third-party audits, to ensure that their solutions adhere to data security standards. Regular updates to these policies and ongoing training help to ensure that your video security system remains secure and compliant with the evolving regulations.

Transparency and compliance

Transparency in data management is critical to ensuring compliance with data security regulations. Vendors should clearly outline how data is collected, processed and stored, and demonstrate compliance through regular audits, certifications, and transparent reporting. A vendor committed to transparency and compliance helps ensure your organization meets its data protection obligations.

Protecting your business with the Avigilon security suite 

As the UK prioritizes data protection, government agencies and private businesses are exploring secure camera options. Avigilon provides comprehensive security solutions designed to help you meet stringent data privacy and security standards. Our products are built on principles of availability, confidentiality and integrity, helping protect your business from unauthorized access and data breaches.

With Avigilon, you benefit from: 

• Advanced analytics: AI-powered analytics offer real-time insights by detecting, classifying and alerting you to potential threats. Smart search uses AI to help you quickly locate video clips of interest and accelerate investigations.
• Security by design: enhanced authentication through multi-factor authentication and complex password requirements keep your data secure. Avigilon cameras also include automatic, over-the-air updates to help keep your system safe from new vulnerabilities. 
• Seamless integration: an open platform allows for integration with third-party systems for a comprehensive security solution. Easy installation with intuitive, plug-and-play options reduces setup time and costs.
• Robust image quality: high-resolution cameras up to 10K provide clear and detailed footage, even in challenging environments.
• Durable construction: weather and vandal-resistant casings ensure longevity and reliability in harsh conditions. 
• Local installation and support: benefit from local installation services and ongoing support from a network of trusted partners. 

Avigilon products are built on a trusted, cybersecure platform to comply with global security standards, including: 

• NDAA
• SOC2 Type II 
• SAFETY Act
• ONVIF Conformant
• ISO 27001, 27017, 27018, 27701 Certified 

Compliance is not a one-time task but an ongoing responsibility. Avigilon (part of Motorola Solutions) is committed to processing data in compliance with applicable privacy laws and regulations. Learn more about how Motorola Solutions protects your data by employing privacy and security protocols that support compliance with legal and regulatory frameworks.

Conclusion

As government offices, critical infrastructure providers, schools and hospitals increasingly rely on connected camera systems, ensuring robust cybersecurity measures in their design is not just a technical requirement — it’s a national security priority. Recognizing the risks of unauthorized data access and breaches, the UK government made the decision in 2022 to remove all Chinese cameras from sensitive sites.

While the decision to remove Chinese cameras did not explicitly extend to the private sector, organizations across the UK have been encouraged to review their existing camera systems and many have since upgraded to non-Chinese alternatives that align with government security recommendations.

When choosing a security camera system, organizations should prioritize vendors that emphasize security and privacy by design, implement strong data protection measures and maintain transparent policies.  If you are still considering a transition to a non-Chinese camera system or are looking to upgrade your current one, reach out to our security experts to find the right solution for your needs.