The UK’s Sophos Group has told industry partners that they must immediately halt sales of Sophos software and hardware to Huawei and its 68 affiliates, or run the risk of falling foul of US export restrictions. They must also stop providing software updates/patches; even to existing Huawei-affiliated customers.

Cybersecurity firm Sophos, based in Oxford, has a global subscription base worth [pdf] $1.2 billion in 2018. It has over 100 million end-users in 150 countries, with customers including Pixar, Northrop Grumman, Xerox, Ford, and Toshiba.

It is unclear how many Huawei-associated customers it has. The company did not respond to a request for comment by Computer Business Review. The move was described as “Balkanisation” by one security professional. (Sophos may feel it has little choice: it has an array of patents registered in the US…)

The decision comes amid reports that British officials were not warned in advance about Trump’s Huawei export ban, which is affecting a growing number of UK companies, with officials in ongoing talks about the supposed Huawei security risk.

sophos huawei
Sophos’s Abingdon Headquarters

Sophos Huawei Ban Applies to “Hardware, Software and Technology (Including Renewals)”

An email sent this morning by Sophos’ Kendra Krause, Channel Sales VP, and seen by Computer Business Review, said: “Effective 16 May 2019, the United States Department of Commerce has instituted restrictions on the sale of hardware, software, and technology to Huawei Technologies Co., Ltd. and 68 of its non-US affiliates.”

“This new restriction applies to hardware, software, and technology that is subject to US export control jurisdiction. Many Sophos products are subject to US export control jurisdiction and may no longer be sold to Huawei Technologies Co., Ltd.”

She told channel partners: “There can be no new sales of Sophos hardware, software, and technology (including renewals) to Huawei or its affiliates.”

She added: “Sophos may continue to provide support services under existing subscription or existing service agreements entered into and delivered to Huawei or its 68 affiliates before 16 May 2019, but only to the extent that the support services do not involve the provision of any hardware, software, including, but not limited to, updates or patches, or other technology.”

Read this: 10 Key Takeaways from the UK’s Damning Report on Huawei’s Risk to UK Infrastructure

The company concluded: “Sophos products may [also] not be sold to Huawei or its non-US affiliates through a third party. Our partners are under the same restrictions and subject to the same legal penalties if violations occur.”

The move comes after fellow UK-based company, the chipmaker Arm, also told employees to halt “all active contracts, support entitlements, and any pending engagements” with Huawei and its subsidiaries, meaning it can longer furnish Huawei’s smartphone and server businesses with chips. (Arm provides a number of major phone makers, including Samsung, with GPUs and other components).

Arm co-founder Hermann Hauser told the Mail on Sunday this week: “Most of ARM’s intellectual property was created in Europe, but some of it, without thinking, we created in the US. Many ARM products have American intellectual property in them (which meant that) ARM had to follow the instructions of the American president.”

He added: “[The ban] is really is quite damaging for Huawei in the short term, and longterm it’s going to be incredibly damaging for Arm and Google and the American industry.”

Computer Business Review has contacted Sophos for further comment.

See also: Google Suspends Huawei Support: Will My Phone Still Work? (And Other Questions)