Hangzhou Hirisun Technology runs a data center in Hangzhou that Chinese banks, government agencies, and hospitals are legally required to use — not because it is the cheapest or fastest option, but because China's Cybersecurity Law and Data Security Law prohibit those sectors from storing data anywhere outside domestically approved infrastructure. What makes Hirisun's infrastructure specifically necessary is that it holds live API connections into China's Social Credit System, which regulated clients must query in real time to satisfy their own compliance obligations, and those API connections were granted by the government rather than purchased, so no rival can obtain them simply by building a competing data center. Because client applications are written around Hirisun's Social Credit System calls, switching to another provider would require rewriting that code and then waiting years for a new vendor to clear its own government qualification process — by which point the client would already be in violation of its sector regulations. The whole arrangement rests on the government continuing to grant that database access: if Beijing revokes Hirisun's Social Credit System API rights, the compliance function disappears entirely, and no substitute exists to restore it.
How does this company make money?
Clients pay a monthly subscription fee based on how much computing power and storage they use, measured in compute hours and gigabytes. On top of that, the company charges per-transaction fees each time a client makes an API call to the government compliance databases. Premium customers can also pay for regulatory consultation support under separate contracts.
What makes this company hard to replace?
Client applications are built around proprietary API calls to the Social Credit System compliance layer, and rewriting that code to work with a different provider would take significant time and money. Even if a client wanted to switch, any new cloud provider would have to pass through a multi-year government vendor qualification process before it could legally serve them. On top of that, the data residency approvals are tied specifically to the Hangzhou facilities and cannot be transferred to another provider's infrastructure.
What limits this company?
The Hangzhou data centers can only use as much electricity as the municipal grid allows. Adding more servers to handle extra demand first requires grid upgrade approvals from Zhejiang Province authorities. That process cannot be sped up by spending more money, so when demand spikes, the company cannot simply buy its way out of the bottleneck.
What does this company depend on?
The company cannot run without electrical supply from State Grid Corporation of China to its Hangzhou data centers, active compliance certifications from Chinese government authorities under the Cybersecurity Law, domestic server hardware from vendors approved under China's technology procurement regulations, and fiber optic connectivity through China Telecom infrastructure. Its cooling systems also depend on equipment rated specifically for Hangzhou's subtropical climate.
Who depends on this company?
Chinese banks rely on the company for the transaction processing systems that keep them in regulatory compliance — if the service went down, that compliance capability disappears. Local government agencies in Zhejiang Province would lose access to citizen data management systems. Chinese hospitals would lose access to patient records and medical imaging processing, both of which are required to meet their own regulatory obligations.
How does this company scale?
Software-defined infrastructure and virtualization mean additional compute and storage capacity can be stood up relatively cheaply once physical space and power are in place. What does not scale easily is the physical side: expanding in Hangzhou requires land acquisition approvals from municipal authorities and electrical grid connection permits, neither of which can be accelerated by spending more capital.
What external forces can significantly affect this company?
US technology export controls limit the company's access to advanced semiconductors and server components, which constrains what hardware it can buy to grow or upgrade. Chinese government data localization policies push it to find domestic replacements for foreign technology, adding procurement complexity. During summer months, peak electricity demand across the Yangtze River Delta strains the regional power grid, which can directly affect data center operations.
Where is this company structurally vulnerable?
If the government revoked the company's access to the Social Credit System API — through a policy change, a vendor disqualification, or a reclassification of how those databases can be shared — the compliance verification function would simply stop working. Client applications embed direct calls to that state database, and no substitute exists. Regulated clients would lose the one verification layer they cannot legally go without.