When the Chip War Enters Your Company

On September 30, 2025, the Dutch government intervened at Nexperia, the Chinese-owned chip manufacturer in Nijmegen.¹ Using the rarely applied Product Availability Act, The Hague effectively took control of the company. The reason: "serious management deficiencies" that endangered the continuity of a crucial production line for Europe.² Within weeks, Chinese countermeasures followed: export bans on components, diplomatic tensions, and a 10 percent stock decline at parent company Wingtech.³

In December, the situation escalated after China publicly disclosed the names of multiple AIVD and MIVD employees, which can be seen as a direct intimidation tactic in the escalating confrontation between the Netherlands and China over chip company Nexperia.⁴ This action, unfolding against the backdrop of Dutch concerns about national security in the semiconductor sector, not only increases risks to the personal safety of intelligence officers but can also undermine operations and sources and further disrupt diplomatic relations. For The Hague, the question arises how to better protect personnel and ongoing investigations and what political and legal responses are appropriate.

The incident makes visible what many consider abstract: geopolitical tensions between China and the West don't just play out at the diplomatic level, but penetrate into companies through employees, suppliers, and international partners.

China's economic course has changed dramatically. The 15th Five-Year Plan (2025–2030) centers on technological self-sufficiency and military-civil integration.⁵ This ambition is legally supported by the revised Counter-Espionage Law of 2023, which significantly expands the concept of 'espionage': not only state secrets fall under it, but also "documents, data, materials, or objects related to national security and interests."⁶

The most far-reaching provision is in Article 8:"All citizens and organizations must support counter-espionage efforts in accordance with the law."⁷

This means that Chinese nationals, even when working abroad, can be legally obligated to cooperate with national security objectives. Refusal can lead to fines up to ¥50,000, administrative detention up to 15 days, or even criminal prosecution.⁸

For Dutch employers, this introduces a new type of risk: employees can come under pressure from foreign authorities, without any intent or disloyalty underlying it.

The Netherlands is indispensable worldwide in the semiconductor industry. ASML is the only producer of extreme ultraviolet lithography machines, essential for the most advanced chips. The Netherlands also has multiple emerging start-ups and scale-ups with a crucial role in developing high-end technology.

The Military Intelligence and Security Service (MIVD) reported in April 2024 that Chinese espionage activities specifically target the semiconductor, aerospace, and maritime sectors.⁹ Minister Brekelmans (Defense) warned a month later that these activities are "intensifying" and called China the greatest cyber threat to the Netherlands.¹⁰

That warning is not theoretical. In 2023, a former ASML employee in China gained access to company data, the second incident in a short time.¹¹ In 2019, an earlier case led to damages of $223 million after proven theft of trade secrets by Chinese employees.¹²

The methods vary: digital attacks, strategic acquisitions, circumventing export restrictions, and, increasingly, recruiting or influencing insiders within organizations. Not only ASML can become a target; start-ups can also become targets of foreign intelligence services.

As the Nexperia example shows, employees with access to sensitive information can come under pressure in various ways:

• Financial incentives, for example through seemingly legitimate consultancy assignments;
• Blackmail or social pressure, for example through family members in China who depend on government permits;
• Legal pressure, when Chinese authorities enforce compliance with the Counter-Espionage Law.

Often it starts innocently; collegial knowledge sharing, research collaboration, or conferences, but it ends up with parties with state interests. The MIVD notes that some Chinese scientists who collaborate with Western companies are also affiliated with state institutions or defense organizations.

For organizations in vital sectors, the consequences can be significant: loss of intellectual property, reputational damage, violation of export rules, or structural dependence on foreign suppliers.

Protection requires more than standard background checks. Proximities helps organizations build a layered resilience approach, focused on four pillars:

1. Identifying Vulnerabilities EarlyNot only checking CVs and diplomas, but also examining whether family situations create vulnerability to blackmail, financial pressure is present, or network connections pose risks. In sensitive sectors, periodic screening is crucial, as circumstances can change quickly.

2. Operational MeasuresLimit access to critical information, segment authority, and monitor deviant behavior, such as unusual downloads or interest outside one's work area. Critical decisions must never rest with one person.

3. Awareness and TrainingTo make personnel more aware and resilient, they can participate in training sessions where employees learn to distinguish between normal work conversations and subtle attempts at information gathering. Training makes these situations discussable without breeding distrust and promotes a culture of vigilance.

4. Rapid Response to IncidentsWhen something goes wrong, quick action is essential: isolate systems, establish facts, communicate transparently, and conduct forensic investigation where necessary. Proximities offers the right expertise to limit damage and ensure continuity.

The insider threat from China is not a theoretical scenario, but a real challenge. The Nexperia case shows what happens when geopolitical risks are recognized too late: a sovereign state intervenes, supply chains are disrupted, diplomatic tensions escalate.

Dutch companies find themselves in a difficult balance: economically intertwined with China, but also bound by Western security rules. Excluding Chinese employees is not a solution; that would be discriminatory and legally untenable.

The real challenge lies in creating organizations that understand and manage risks without disrupting international cooperation. In a world where geopolitics and business operations are becoming increasingly intertwined, resilience is becoming the new competitive advantage.

Sources

¹ Al Jazeera, 'Why has Dutch government taken control of China-owned chipmaker Nexperia?', October 14, 2025.

² CNBC, 'Dutch government takes control of Chinese-owned chipmaker Nexperia', October 13, 2025.

³ NL Times, 'China imposes export ban after Dutch intervention at chipmaker Nexperia', October 14, 2025.

⁴ De Volkskrant, 'Nieuwe escalatie in Nexperia-vete: China publiceert namen Nederlandse spionnen', December 9, 2025.

⁵ The Cipher Brief, 'Chinese Industrial Espionage in the Netherlands', June 12, 2025.

⁶ Pillsbury Law, 'China Amends the Counter-Espionage Law', April 26, 2023.

⁷ China Law Translate, Counter-espionage Law of the P.R.C. (2023 ed.), Article 8, April 26, 2023.

⁸ Bird & Bird, 'What You Need to Know about China's Counter-Espionage Law', 2023.

⁹ U.S. News, 'Chinese Spies Target Dutch Industries to Strengthen Military', April 18, 2024;MIVD, Public Annual Report 2024, published April 22, 2025.

¹⁰ Digitimes, 'China pushes back on Dutch chip espionage claims', June 4, 2025.

¹¹ CNBC, 'ASML says ex-China employee misappropriated data', February 15, 2023.

¹² South China Morning Post, 'Chinese 'spies' stole Dutch chip machinery giant's secrets', April 11, 2019.