Lenovo denies banned YMTC SSDs in ThinkBook sold outside the US
A ThinkBook 14 G9 IPL review found a YMTC SSD; Lenovo says it was not sold into the US.

Lenovo denied it sells laptops with banned Chinese storage devices where they are not allowed after Notebookcheck found a YMTC-made solid-state disk in a ThinkBook 14 G9 IPL. Lenovo says the model in question was destined for Germany, not the US, after digging into its sourcing and sales channels.
Lenovo is pushing back on a very specific allegation: that it sells ThinkBook laptops containing SSDs from YMTC, a Chinese memory maker, in markets where the US has banned those devices on national security grounds. The dispute started when Notebookcheck reported finding a YMTC solid-state disk inside a ThinkBook 14 G9 IPL. The key complication is that observers connected the dots to a Biden administration decision that saw the US ban YMTC for national security reasons.
Lenovo’s response is straightforward, and it goes straight to the question that matters for compliance teams: where the laptop is sold. Lenovo dug into the matter and says it found the particular laptop was not sold into the US market, but was a model destined for Germany. Notebookcheck’s headquarters is in Romania, its review team is in Austria, and Lenovo frames the “not a scandal” angle in geography: an internally border-crossing EU laptop that is made-for-Germany is a different ballgame than a device imported for the US.
That does not mean the story is small. Lenovo’s use of a Chinese SSD is notable for two broader reasons that land squarely on the desks of operators, procurement leaders, and board members watching supply chain risk. First, Beijing encourages Chinese companies to buy from local peers, so YMTC’s presence is part of a wider industrial policy environment where local sourcing can be a competitive advantage. Second, the AI boom has sent prices for memory and storage devices soaring, and YMTC is described as one of the few alternatives to leading suppliers Samsung, Micron, and SK Hynix. In other words, even when you are complying with a particular ban, you can still feel the market pressure that makes “alternative suppliers” tempting.
There is also an unresolved trade pressure around YMTC itself. The source says Apple reportedly wants the Trump administration to reconsider the USA’s ban on YMTC to help it find the parts it needs to keep cranking out iThings. That tells you something about the stakes underneath the compliance dispute: the hardware supply chain is not just about meeting rules, it is also about not getting delayed or throttled. For enterprises, distributors, and OEMs, bans that affect specific categories of components can turn into production scheduling problems, inventory swings, and renegotiations that ripple outward well beyond the original regulator.
Zoom out from Lenovo and the common theme is regulation colliding with real-world compute demand. China’s National Space Agency recovered the first stage of a rocket for the first time last Friday, using a ship-borne net to catch the first stage of a Long March-10B carrier rocket that launched a satellite, then guiding itself to safety. SpaceX has been doing this for years because re-using the first stage saves money. China wants the same capability as it advances commercial and national security interests. In Japan’s parallel effort, Japan conducted a successful test on Saturday of a rocket that took off, reached an altitude of 11 meters, hovered briefly, and then settled back without incident. These moves matter in an “execution economics” way: re-use lowers cost and increases cadence, which can change how quickly capabilities scale.
Australia is also signaling a regulatory pivot for AI that touches content rights and “social license.” The prime minister, Anthony Albanese, will deliver a speech outlining a revised AI policy this week, a week after Andrew Charlton said “AI’s social licence is precarious” and added that the point of AI safety is not to slow the future down but to keep it human, aligned with values, and advancing Australia’s interests. The source notes that amendments to Australian copyright laws are expected to be addressed, potentially allowing AI companies free access to content to train models. Musician Holly Rankin told Australian radio today she has had assurances that such amendments are not part of the government’s AI plan, setting up the prospect of a showdown with Big Tech.
In the same “compute demand meets constraints” direction, a datacenter push is showing up far from Silicon Valley. A Canadian company, Sato, plans to use renewable energy from hydro-electric resources in Bhutan to power a datacenter in the Gelephu Mindfulness City district, just over the border from India. The local authority running GMC will reserve 100MW of firm power for the project, with the possibility of allocating 500MW later. Sato says it will use that power to deliver low-latency AI compute for India’s major demand centers, and it frames India’s demand as large but limited by electricity supply constraints.
Then there is the internet plumbing and security angle that executives often underestimate until it bites. APNIC, the regional internet registry, published a PDF submission to Malaysia’s consultation on forming a new national internet registry (NIR) and argues that doing so would essentially be futile. It claims cybersecurity, IPv6 acceleration, cost, and local support are not dependent on, and would not be advanced by, establishing a Malaysian NIR. It also says a Malaysian NIR would not increase IPv4 address availability in Malaysia, would not change IPv6 allocation criteria or autonomous system number allocation, and would not confer preferential access to resources for Malaysian-based parties. APNIC stresses it is not opposing a Malaysian NIR, but trying to calibrate expected outcomes.
Finally, the security signals are blunt. Threatlocker identified malware disguised as an installer for Kuailian VPN, also known as LetsVPN, which is used by Chinese netizens to subvert the Great Firewall. Threatlocker says the malware drops and executes an encrypted RAT giving attackers complete control over a victim’s machine and data. China’s National Computer Virus Emergency Center also spotted malware targeting local users via a fake Android education app, described as a new variant of a financial theft-related mobile Trojan that can intercept text messages, steal contacts and phone passwords, access cameras, record the screen, and capture ambient audio. The malware spreads through text messages and social media software.
Put it together and the strategic takeaway for leaders is clear: compliance boundaries do not prevent supply chain pressure, regulatory shifts do not pause demand, and security incidents do not respect procurement decisions. The Lenovo-YMTC question is about where a specific laptop was sold. But the bigger board-level risk is whether your organization can prove, at speed, that your sourcing, distribution, and component choices match the rules in every market you touch, while still meeting the compute reality your customers are buying right now.
This story's Key Insights and Take-aways are locked.
Create a free account to unlock Executive Actions for one credit.
Register to UnlockAlways free for Executives Club members. Join the Club
More in Technology

TSMC’s June revenue jumps 68% as chip demand reshapes the 2026 earnings runway
A 68% June surge, before second-quarter earnings, signals momentum and risk for everyone funding AI and smartphone supply chains.

Meta pulled “Muse Image” in 72 hours after SAG-AFTRA backlash
The first Superintelligence Labs image generator launched July 8, then vanished after controversy over Instagram image referencing.

Michael Steranka says Pokémon Go always aimed to bring players together
A decade later, Scopelys VP frames the games biggest longevity lesson: community, not just mechanics, keeps people walking.

