Next Article in Journal
Project Delivery Systems: The Partnering Concept in Integrated and Non-Integrated Construction Projects
Next Article in Special Issue
A Generic Internet of Things (IoT) Middleware for Smart City Applications
Previous Article in Journal
Sustainable Star? The Carbon Footprint of Christmas Stars and Its Variability along the Value Chain
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:

Cybersecurity and Country of Origin: Towards a New Framework for Assessing Digital Product Domesticity

Management Information Systems Department, Bogazici University, Istanbul 34342, Turkey
School of Computing and Engineering, University of Gloucestershire, Cheltenham GL50 2RH, UK
Author to whom correspondence should be addressed.
Sustainability 2023, 15(1), 87;
Submission received: 8 November 2022 / Revised: 7 December 2022 / Accepted: 17 December 2022 / Published: 21 December 2022


Recent events concerning the Kaspersky anti-virus software in the UK and the Android operating system in the US have highlighted the significance of the domesticity of digital products for national cybersecurity, and the importance of establishing the origin of digital products has been further brought into focus by the war in Ukraine and China’s military activities around Taiwan. Digital products can contain hardware components, software elements, embedded systems, and data, and determining the country of origin (COO) in these circumstances is problematic. The aim of this research, and its main contribution, is to provide an operational framework for the application of the COO concept to address this problem. Using an inductive research methodology based on semi-structured interviews and an online survey, a 19-parameter framework for assessing the COO of digital products is developed and then applied to the case example of a mobile phone import in Turkey. This article concludes that new processes and policies are urgently required to enhance the cyber and information security for digital products, aid domestic digital technology production, and support the transition to recyclable technologies. Such developments are of significance not only for western nations concerned with data and security issues, but also for developing world countries trying to develop their own domestic digital product manufacturing capabilities. This is also of relevance to the computer end-user, who would benefit from greater clarity on the origin of digital products ahead of a purchase decision.

1. Introduction

Recent events worldwide, notably Russia’s invasion of Ukraine and the recent display of military might by China in the Taiwan Strait, have highlighted the cybersecurity implications of digital product origins and sourcing. For instance, with reference to the perceived threat from a well-known anti-virus company (Kaspersky) to national security, the director of the UK National Cyber Security Centre, Ciaran Martin, concluded “Russian-made anti-virus software should not be used in systems containing information that would harm national security if it was accessed by the Russian government” [1] (para. 2). The decision by the US company Google to withdraw the utilisation permit for the Android mobile operating system and other technologies in Huawei products, because of the potential threat of information leakage to the Chinese government, is another example of the need to develop a means for assessing the domesticity of technology products [2]. In Europe, this has given rise to a number of projects aimed at designing and implementing new data infrastructure and communication platforms such as Gaia-X [3]. More specifically, in India, legislation has been introduced that requires all ecommerce entities to provide country of origin (COO) information for all products, motivated by the government’s desire to lessen their reliance on imports from China for security reasons [4]. Such concerns have only been exacerbated by recent research on the “dark side” of certain technologies, notably artificial intelligence [5], which was motivated by the “harmful and unintended consequences that have emerged during early AI implementation and use in organizations” [6] (p. 423). These factors illustrate the multiple aspects of cybersecurity, which can be defined as “the application of technologies, processes, and controls to protect systems, networks, programs, devices and data from cyber-attacks” [7] (para. 1).
Allied to this rationale—based mainly upon security and trading concerns—is the need to establish the true origin of digital products to guide consumer choice, which is often problematic when these products comprise a variety of components that may emanate from different locations and different countries. For the purposes of this paper, “digital products” are taken to be those often referred to as the SMAC (social media, mobile, analytics, and cloud) and BRAID (blockchain, robotics, artificial intelligence, internet of things, and digital fabrication) technologies, and to include all layers in the systems stack, as defined by Noergaard [8]. This encompasses the emerging technologies in the computing domain, and not only the application and system software layers, but also the hardware layer upon which they operate and run. In addition to cybersecurity concerns, Goodrich [9] noted two other reasons why COO is important. Firstly, “duty rates, preferential trade agreements, trade sanctions and import quotas are regulated according to country of origin” (para. 4), and secondly, “country of origin is also important for marking purposes. The import regulations put an emphasis on informing the end user of the country of origin of imported articles” (para. 5). Indeed, the 2020 Consumer Protection Act in India notes the need to “provide all relevant details about the goods and services offered for sale by the seller, including country of origin, which are necessary for enabling the consumer to make an informed decision at the pre-purchase stage” [10] (para. 6). In a similar vein, Shairwal and Tripathy [11] (para. 1) conclude that a major rationale for determining the country of origin is “to help consumers in making informed choices”.
However, there is a further dimension to this debate. Previous research [12,13] suggests that consumers from developing world countries have hitherto preferred non-domestic products and that there is a general bias against products from developing nations. Products from developed, industrialised countries tend to have a higher quality image [14,15], as epitomised, for example, by the reputation of the “Made in Germany” label around the world [16]. A recent study by Oumlil [17] concluded that this applied particularly to more technical products, and that “the more specialized the product, the less favorable the perception of the quality of the product(s) if it is made in a less developed nation or nations in the process of industrialization” (p. 62). So, revealing the true origin of products that may, at first glance, appear western, may help boost competing domestically produced products in developing world countries. The COO concept can thus offer a framework for assessing the domesticity of digital products, and this article suggests a new set of parameters that can be used to help consumers determine the COO of digital products. This is of particular relevance in the context of digital transformation projects in developing world environments. As Khan et al. [18] (p. 2) observe, “public sector projects in developing countries have to deal with issues that are unique to that environment, including large number of stakeholders, weak procurement systems, complex processes, shortage of skills and resources, and bureaucratic red tape”. In such environments, cost-effective ways of implementing digital products can be critical to project success or failure.
Previous research by Ozdemir [19] indicated an absence of literature relating to a re-casting of the COO concept to provide an overall assessment of the cybersecurity risk of digital products. This was the main motivation for this work, which has the overarching aim of developing an operational framework for the application of the COO concept to address this issue. The article addresses two main research questions (RQs): Firstly (RQ1), what parameters would be most appropriate and effective for assessing digital product COO? Secondly (RQ2): how could the application of these new COO parameters aid home-grown digital product development? The main contribution of this research is a new framework for assessing a digital products domesticity, thereby adding to the literature regarding the origin and security of imported technology products. This represents an innovative application of the COO concept, reflecting the significance of cybersecurity in the digital era.
This article comprises five main sections. Following this introduction, Section 2 reports on the different interpretations of the concept of domestic COO and discusses the related regulations and other relevant terminology. Section 3 are then outlined, based on a combination of semi-structured interviews with practitioners and professionals operating in the municipalities of Marmara in Turkey, and a follow-up online survey. Section 4 presents the research results and directly addresses the two RQs, suggesting a 19-parameter framework for assessing the domesticity of digital products. Section 5 then follows, in which some further potential applications of the framework are considered. Finally, Section 6 summarises the outcomes of this research and assesses the limitations and possible future research initiatives in this field of study.

2. The Country-of-Origin Concept and Its Regulation

The COO construct has been widely researched since its introduction in 1965 by Robert Schooler [20]. The COO of a product is typically associated with the “made in…” labelling and was described by Peterson and Jolibert [21] (p. 884) as “an extrinsic product cue—an intangible product attribute—that is distinct from a physical product characteristic or intrinsic attribute. As such, a country-of-origin cue is similar to price, brand name, or warranty in that none of these directly bear on product performance”. However, the COO concept has been given various interpretations by different authors and in different sets of regulations. Phau and Cheong [22] see the term as denoting the country in which a business or brand is headquartered. In a similar vein, Johansson et al. [23] described it as the country where the product or name is housed at its corporate headquarters. It can be connoted that, because of international elements and sources, even though a product may not be considered to be produced in that region, it is presumed that the product or brand is associated with that country. Lee and Lee [24], on the other hand, state that the COO can be evaluated by considering the location in which the product is built, produced, and assembled. Aiello et al. [25] explain the term from a different viewpoint, arguing that the origin must be the country commonly associated with a commodity by the consumers, regardless of where it was made. Ahmed et al. [26] see the COO concept as denoting the product or service quality.
As regards the national regulations for defining COO, the picture is equally complex. In the US, the Federal Trade Commission (FTC) defines the domesticity of a product as the country where the product was last “substantially transformed” [27] (p. 5). However, as Goodrich [9] (para. 9) observes, “the concept of substantial transformation is somewhat vague”, and it is not straight forward to establish what “substantial transformation” entails. The International Trade Association [28] (para. 3) notes “country-of-origin determinations are governed by many rules; in certain circumstances, discerning a product’s origin is difficult. For example, if you import raw plastic pellets but then process them to manufacture a telephone handset in a United States facility, is the handset considered to be of United States origin? Or, if you import telephone handset parts but then assemble and paint the finished product in the United States, what is that product’s country of origin?”. Rather similarly, the European Union (EU), in classifying products according to tariff duties, make the distinction between goods wholly obtained or produced in a single country, and goods whose production involved materials from more than one country [29].
In UK regulations, there is the concept of cumulation, which is somewhat akin to that of substantial transformation, noted above, in the US. “Cumulation is the term used to describe a system that allows originating products of country A to be further processed or added to products originating in country B, just as if they had originated in country B. The resulting product would have the origin of country B. With cumulation the working or processing carried out in each partner country on originating products does not have to be ‘sufficient working or processing’ as set out in the list rules, although it should be beyond minimal processing” [30] (paras. 4–5).
In practice, establishing such metrics is not an easy task, notably for digital products. For example, on the ProductFrom website [31] (a participant in the Amazon Services LLC Associates Program), the technology company Western Digital Products list their products by category and by country origin. By country they note: 3 China, 40 Malaysia, 2 Singapore, 176 Thailand. However, the website adds a number of qualifications including, “companies often have more than one factory for the same type of products, so the country listed on this page may not be the only place of production” (para. 5). More specifically, as regards computer software, the Customs and Borders Protection agency in the US issued a final determination in 2016, deciding that a software product with a Malaysian source code, which was subsequently compiled into an object code in the United States, qualified as a US-made end product, and that the software construction (i.e., development) was the vital component that gives the software a new identity, thus making the place of software construction a significant criterion for the determination of the COO. Further, as regards cloud computing, the US Government Accountability Office issued guidelines in 2011 stating that the COO for cloud-based services is determined by where the client or end-user was located, regardless of the location of the data centre [27]. This is of particular significance for organisations using US-based cloud service providers, such as Amazon Web Services and Microsoft Azure.
There are other related terms in the literature that are worthy of mention. The country of manufacture (COM) is the term sometimes used to indicate the country where a product was manufactured or assembled. The term has been described as a COO synonym, and it is generally used to indicate where a product was finished in its final assembly. However, when the item has been produced and built in a specific country, the country of design (COD) term is also sometimes used. In addition, multinational businesses sometimes use country of brand (COB) for specific provenance of brand names [25]. The COO “effect” and its indicators are another dimension to the debate found in the extant literature. This concept, sometimes abbreviated to COE (i.e., country-of-origin effect), concerns the influence that a product’s country of origin labelling may have on consumers’ perceptions, attitudes, and purchasing decisions; however, as Eder [32] notes, because of the complexities of the concept, no consensus has been reached for developing an analytical framework. Roth and Romero [33] concluded that it is necessary to concentrate on the local production and country image in order to thoroughly investigate COO effects. Ballington [34] found that information indicators function differently for different countries for particular product categories, and Chao [35] noted that customers may rely on other information indicators, such as where the product was manufactured, in assessing COO information.
In summary, the extant literature indicates that there are multiple definitions for the COO concept, and there is no international standard for a generic definition. There are a number of parameters identified in the literature that are used in different contexts and environments to determine a product’s COO and domesticity, i.e., to what extent it was produced in the country in which it is used. These include the production place [25,27], assembly place [24,35], raw material origin [36,37], headquarters location [38,39], and domestic capital usage [40,41]. With digital products, determining the product’s domesticity is all the more challenging because a digital product may comprise a number of different elements that may have come from different parts of the globe and different production environments. Digital products often include embedded systems, software, hardware components, and even accumulated data. There is thus a need for a new set of criteria for making such decisions that assesses the different components of digital products and allows due consideration of data security and import dependency issues, as well as providing guidelines for tariff calculations. Available research studies neither recognise nor address this challenge; to the authors’ knowledge, there is no literature that focuses on the COO determination for digital products. Much of the extant literature is more than 10 years old, but more recent publications include considerations of the COO in a number of diverse business or academic contexts, including the origin of research publications [42], the varying influence of a brand in COO classification [43], the influence of COO on buying decisions in the United Arab Emirates [44], and comparative studies of COO regulations [45]. These studies illustrate the broad range of applications of the COO concept, but very few are of direct relevance to the current study, although Potluri and Johnson [44] employ a similar research methodology of survey data collection and hypotheses testing. Of greater relevance is the literature concerning agri-food and manufactured products for tariff assessment and duty payment purposes discussed above (see, for example, HM Revenue & Customs [46]), but these are mainly in the form of rules and regulations rather than research outputs, and do not address the complexity of digital products. This research aims to contribute towards closing this gap in the literature by putting forward parameters that may facilitate a more realistic and effective measurement of the COO for digital products.

3. Research Method

This research adopted a mixed methods approach, combining a literature review, semi-structured interviews, and a survey which was sent to public officers and employees in the Marmara region, which comprises four metropolitan municipalities, and is the most populous [47] and most industrialised [48] region in Turkey. The literature review constituted what Porter et al. [49] (p. 351) have termed “research profiling”, a “broad scan of contextual literature” through which “topical relationships, research trends, and complementary capabilities can be discovered, thereby facilitating research projects”. It provided an initial overview of the subject matter “to draw the big picture” [50] (p. 1). The literature extraction process was not done by following the systematic literature review procedures (with search, inclusion, and exclusion criteria), nor were specified databases targeted. Rather, Google Scholar was used with search items including “Country of origin” “COO”, “COO determination”, “domestic product”, “national product”, and “product cyber security”. From the articles and other sources located via this process, the relevant materials referenced in these sources were checked and assessed. This process was repeated until it unearthed very little new relevant material. In all, over 100 sources were reviewed.
The face-to-face interviews were with experts involved in digital technology projects or management in some capacity in these municipalities, some being public employees and others being private sector professionals involved in municipal projects. The authors took the view that this represented a reasonable mix of personnel involved in both public and private enterprises to provide a rounded view of the issues pertaining to digital product evaluation and deployment. Furthermore, Turkey lies between Europe and Asia and in some respects exhibits characteristics of both the developed and developing worlds, providing a unique perspective on digital product acquisition and deployment.
The interviews were semi-structured, having the characteristics of both structured and unstructured interviews [51,52]. Semi-structured interviews were adjudged to be the most appropriate means of obtaining qualitative data with the highest possible level of knowledge being acquired in a flexible manner. As the interview progresses, the interviewee gets the opportunity to elaborate or provide more relevant information as appropriate [53]. This may include the not-so-obvious intangible factors which Stockhinger and Teubner [54] concluded were most effectively identified through semi-structured interviews, allowing the respondents to reflect on their own experience, thereby giving them a “voice” in the study [55].
The research was undertaken in a series of steps. Following the literature review, semi-structured interviews were conducted with 19 experts to identify key parameters for the COO assessment. The interviews were based around eight introductory questions that focused on a number of themes. These were contained in a questionnaire sent out to interviewees prior to the interviews. The questions concerned the interviewee’s experience of digital projects, the procurement of digital products from foreign countries, the potential for domestic digital technology production, the meaning that customers attribute to “made in” labelling for digital products, and the most appropriate metrics to evaluate the COO of a digital product. The authors took the view that 19 interviews, split between public sector staff (10) and private company employees (9) were enough to allow the development of new parameters to address the research questions. This is supported by Guest et al. [56] (p. 59), who “found that saturation occurred within the first twelve interviews” but that “basic elements for metathemes were present as early as six interviews”. In total, 8 of the 19 interviewees had IT-related management roles, including several with software development experience.
Each interview took approximately one hour and involved a degree of brainstorming around the points raised in the questionnaire responses. The quotations in Section 4 below are taken from the questionnaire and appended notes added in the interviews. The initial parameters generated from the expert interviews were assessed, sector specific content was eliminated, some editing and merging of suggestions was done with parameters that were similar in meaning, and an interim list of 37 parameters, detailed in Section 4 below, was fed back to the interviewees for review and consolidation. A pilot survey was then designed and piloted with 10 participants, as a trial and pre-cursor to a fuller survey that was subsequently undertaken to refine the proposed new parameters for digital product COO. The content validity [57] was assessed by performing a pre-test to ensure questions were understandable and clear. The views of these 10 participants were then reviewed and minor changes to the survey text were made. The full survey was then conducted online, there being 102 respondents from different municipal departments, between January and June 2019. The respondents were chosen through random sampling from a total population of approximately 500 municipality personnel involved in digital transformation or digital technology projects in the Marmara Region. All 500 personnel had an equal probability of selection.
As noted above, the semi-structured interviews also provided knowledge from the interviewees regarding their experience in digital technology projects; for example, the mainstream SAP package, water management applications, and in-house developed systems for transportation management and waste-water management. The participants were typically in management roles in municipal administration, or the private sector in production-related roles. Males were 95 percent of the participants and 68 percent had more than 15 years of work experience. Table 1 provides profiles of the interviewees. The first ten represent municipality personnel whilst the last nine respondents are from the private sector. The interviewees provided extensive details on the evaluation of domesticity of goods, listing multiple forms of assessment criteria, which were used to evaluate whether a product is of domestic origin. Whilst assessment criteria such as those that appear in the extant literature were often in evidence, some of the participants suggested new ideas for consideration in determining digital product COO.
The respondents in the survey were from a range of departments responsible for municipal infrastructure such as electricity, communications, waste management, and parking design (Table 2). The survey was not excerpted from another proven survey but was developed using the parameters derived from the literature and from face-to-face interviews and validated by performing a pre-test pilot. As regards the survey statements, the internal survey reliability was tested using Cronbach’s Alpha test, which passed the threshold acceptable level of 0.7. Respondents of the survey were typically at the management level and were to some degree involved in municipal digital technology projects or policies. A 5-point Likert scale was used to ascertain the level of agreement or disagreement with each of the 37 parameters identified in the interviews. The survey also asked the respondent to confirm their job experience and municipality department. An analysis of the survey ratings of the parameters produced a final list of 19 parameters classified into 4 main categories or “influences”.

4. Results

4.1. What Parameters Would Be Most Appropriate and Effective for Assessing Digital Product COO? (RQ1)

During the expert interviews, the most frequently suggested parameters were “Assembly Place Location” and “Production Place Location”. Not surprisingly, certain role briefs or professions shared similar views. IT staff suggested “Data Store Location” and “Community Support Availability” as parameters, whilst those working in supply chain-related jobs identified “Raw Materials and Spare Parts Origin”, “Headquarter Location”, and “Domestic Capital Ratio”. These different perspectives from various departments in public and private sector entities resonate with the lack of consensus on domestic product determination globally. Another point is that digital products not only have cost-based attributes but also strategic value perspectives. For example, “Data Storage Location” may be an important aspect in order to keep organisational or national data confidential.
Following the semi-structured interviews, 37 parameters were confirmed as being of relevance by the experts. These were loosely grouped into five main categories (Table 3) and were circulated via an internet survey that received 102 respondents, as noted above. The 5-point Likert scale rating of agreement or non-agreement with the significance of each parameter allowed for additional explanatory comment. For example, “Energy Source Origin” for a product was seen as difficult to assess, and of questionable relevance. “Government Approved Project” was seen as relevant in the local environment, but less so in a wider global context. Assessing the use of domestic resources for building a software library (“Software Library Origin”) was considered difficult to execute in practice. “Community Support Availability” and “Openness Rate” were deemed to lack clarity or relevance. This allowed a rationalisation of the initial extensive list to produce a focused parameter list, and a consolidation around four main categories or influences: hardware, software, platforms deployed, and producer of final product (Table 4).

4.2. How Could the Application of These New COO Parameters Aid Home-Grown Digital Product Development? (RQ2)

The concern uppermost in the minds of many participants was how a revised COO assessment could help home-grown digital technology companies compete more effectively against non-domestic products. Generally speaking, digital transformation initiatives in developing countries are currently highly dependent on imported products from developed countries, and this situation has a major financial impact on the importing countries’ balance of payments [58]. More clarity on the COO parameters can act as a catalyst for developing countries to develop their own domestic products. At the same time, such a profiling of digital products may incur new higher tariff payments, thus allowing home-grown products to compete more effectively, thereby “levelling the playing field”. As the OECD [59] point out, many developing countries lack a national digital transformation strategy, and are struggling to fully harness the benefits that digitalisation offers. The potential benefits for home-grown technology companies can be seen in Iran, where, for political reasons, imported technology products from the west are severely restricted, which has given a significant boost to home-grown information systems companies [60]. The resultant increased economic growth and support for entrepreneurs operating in the home market has also been evidenced in Malaysia [61], for example.
Some countries have instigated political campaigns aimed at encouraging consumers to favour domestic products, especially in emerging markets. In Turkey, for example, the “domestic and national” campaign urges companies and individuals to buy products that are labelled “Made in Turkey” and cites the national deficit reduction as part of the rationale [62]. There have been similar campaigns in India, underpinned by the perceived threat from China due to its expansionist policy [63]. A key point is that some products that may appear to be made in a domestic country, are in fact, not made there in large part, and this is not reflected in the current COO assessment. For example, in Turkey, there are three main parameters used for assessing product domesticity: production place, content rate, and the industrial registry certificate of the producing company (as granted by the Ministry of Industry and Technology [37] in Turkey). If a product satisfies two of these three conditions, it is classified as a Turkish product. As an illustration, Xiaomi Corporation is a Chinese designer and manufacturer of consumer electronics and related software. Their smartphones use the MIUI operating system, a version of Android. It has a factory in Turkey employing 2000 staff [64], and so the production place is therefore Turkey. The content rate is considered negative since all of the component parts are imported via Xiaomi’s international subsidiaries. In addition, Xiaomi has an industry registry certificate, which was granted to allow company legal transactions in Turkey. It is thus considered a Turkish product, as it appears to meet two of the three criteria [65].
A broader assessment of the real state of affairs via the proposed COO parameters would allow governments to support real domestic technology production via legislative action and provide incentives for domestic companies to develop such products. A new scale for the COO assessment can thus lessen import dependency and increase sales of domestic products. Governments may introduce subsidies and incentives for domestic private sector companies to develop products with a certain threshold of domesticity, in order to compete with giant conglomerates that have the advantage of supplying from the cheapest parts of the world, producing component parts in countries with the lowest wages, and transporting them at minimal cost. The assessment of the Xiaomi phone using the suggested COO parameters is shown in Table 5. A review of how the product is assessed against these parameters would almost certainly preclude a “Made in Turkey” labelling. Another dimension to this is, ironically, the apparent attraction of supposedly western products to the general public in some developing countries. If the COO parameters now reveal the true origin of many of the constituent parts of a digital product as being non-western, the attraction of these products to the buyer may diminish. This may further encourage the growth of home-grown technology industries.

5. Discussion

There are other issues that a revised COO would impact. The data security aspect of imported technology products was referred to above. If the storage of data produced from an imported product is managed in the cloud via an unvetted third-party, there is an obvious risk that the data may be leaked or hacked. If the COO assessment confirms this to be the case, then organisations and governments who wish to safely store strategic data would clearly be reluctant to use such products. Data related security considerations may affect a product’s value and potential use, given the spiralling costs of data security breaches [66]. The COO parameters put forward here allow a fuller assessment of data security issues. An example here is the potential security risk posed by the Xplora 4 smartwatch. As recently reported, “the Xplora 4 smartwatch, made by Chinese outfit Qihoo 360 Technology Co., and marketed to children under the Xplora brand in the US and Europe, can covertly take photos and record audio when activated by an encrypted SMS message” [67] (para. 1). If the proposed framework were applied to this product, it would help establish the true COO but also identify the potential cyber risks by clarifying the software development platform location and the data storage location. The smartwatch is used in Europe, but the software development platform location is China-based. The data storage location is in Germany, as Xplora decided to use local servers in Germany for GDPR compliance reasons. In addition, two other COO parameters—data security test maintenance nationality and compliance with international standards—are not satisfied. This illustrates how the proposed COO framework can provide a broader assessment to identify cyber risk.
Another relevant example of the potential value of the proposed framework is the anti-virus testing system provided by the same Chinese company Qihoo 360. Three globally recognised and trusted security testing bodies (AV-Comparatives, AV-TEST, and Virus Bulletin) censured Qihoo 360 after finding that the firm submitted products for comparative and certification testing which “behaved significantly differently from those made available to its users and customers” [68] (p. 1). The testing companies maintained that Qihoo submitted its anti-virus product for testing, equipped with a Bitdefender engine, whilst the consumer version uses Qihoo’s own QVM engine. The user interface of the Qihoo anti-virus software is the same for both versions, so the normal user would not know the difference between the two. The testing authorities concluded that “according to all test data, [Quihoo using its own engine] would provide a considerably lower level of protection and a higher likelihood of false positives”, and that “that skewed the results in Qihoo’s favor” [69] (para. 7). Qihoo 360 submitted its product for testing in order to increase its sales in the international markets. This case illustrates the importance of establishing the true origin of all product components, notably software production place, compliance with international standards, and most significantly, data security test maintenance nationality.
There are also implications for the sustainability of the digital supply chain and the wider circular economy. Clarifying the origin and make-up of different digital technology components can facilitate an assessment of their sustainability and recyclability. Reuter [70] (p. 3194) notes that “metallurgy is a key enabler of a circular economy; its digitalisation is the metallurgical Internet of Things. In short: metallurgy is at the heart of a circular economy, as metals all have strong intrinsic recycling potentials”. The implications of this are massive, involving consideration of a wide range of measures and systems to assess the resource efficiency and reusability of digital product parts globally, but an accurate and realistic COO assessment would be a step towards this end. There is also a related debate around measuring product performance in the context of the circular economy. Saidani et al. [71] detail a number of possibilities, including a material circularity indicator, described by the Ellen MacArthur Foundation [72] as a tool to assess a product’s performance in the context of the circular economy. This emphasises the need to be clear on the origin of the component parts and software elements contained in digital products if such tools and indicators are to be used effectively.

6. Conclusions

Today, the most commonly used parameters for COO determination are, in general terms, production place, headquarter location, and domestic capital deployment. This is replicated in many of the COO regulations, which are there to assess tariff calculations rather than to determine the domesticity of products. Although these are reasonable metrics for simple tariff transaction calculations, they are not geared to identifying the security aspects of imported digital products, nor do they provide an effective mechanism for import control. This article has used a set of interviews and an online survey in a main metropolitan area of Turkey to identify a new set of parameters that allow a more realistic assessment of the COO for digital products, which have a major impact in terms of data security, data privacy, and the development of digital technology industries in developing countries. The exemplar applications of this framework provided in the above sections attest to the validity of this approach.
There are no other approaches that attempt a similar breadth and depth of the assessment of digital products. There are access control mechanisms that monitor the access activities of IoT devices and ensure that authorised users access information resources under legitimate conditions [73]. There are also very context specific approaches to data security, such as the multi-watermarking method in multimedia signal hiding to the address information security problems of “Beyond 5G” (B5G) networks [74]. Another example here is the information hiding technique being applied to visible light communication (VLC), an emerging short-range optical communication technology that can alleviate spectrum congestion [75]. These techniques are of value to particular technology environments but are not true comparables to the COO assessment framework put forward here.
The practical and policy implications of the COO framework for import controls, domestic digital technology production, cyber and information security, and the transition to recyclable technologies are considerable. A new and more realistic COO assessment could provide the basis for implementing policies aimed at excluding, or imposing higher levies on, non-domestic digital products, whilst at the same time supporting the development of home-grown technology companies. Equally, policies regarding digital products from companies or countries considered a threat to security could be more effectively implemented through such a revised set of COO parameters. Clearly, some of the parameters identified here can be more thoroughly assessed and researched, and additional criteria and formulas should be tried, not least in the identification of recyclable or non-recyclable materials. In this context, linkages to other research, notably that regarding the assessment of circular economy product assessment, could be explored.
The findings reported here have their limitations. They are based on interviews with public and private sector workers in the municipalities of the Marmara region of Turkey, and the parameters that emerged inevitably reflect the participants’ background, motivation, and working environment. This is essentially a case study based on one region of Turkey, and as such is limited in the degree to which generalisations can be made. It is believed, nevertheless, that this study provides some valuable insights into how the COO concept can be repurposed to support cybersecurity and other objectives pertaining to digital products. As Rowley [76] (p. 24) noted, there are no “cookbook procedures” for such analysis, but the researcher must “address the most significant aspects of the case”. These findings can thus be seen as one version of the possible range of assessment criteria that are now appropriate for digital products, and other interpretations are inevitable and to be welcomed. The findings presented here can be seen as a starting point for further research and development. Such studies could include a full review of the COO concept and related terminology to unify and interrelate them, such as country of design, country of manufacture, and country of brand, for example. More precise and detailed frameworks relating to the digital product COO could be researched and developed to encompass a differentiation of parameters based on product category, for example. Unification of the concept definition and standardisation of the decision-making criteria between countries would enhance global security and could promote domestic technology industries into an era in which product origin and the circular economy will be of increasing significance.

Author Contributions

Conceptualisation, S.O., M.W. and B.M.; methodology, S.O., M.W. and B.M.; validation, S.O.; formal analysis, S.O.; investigation, S.O., M.W. and B.M.; data curation, S.O.; writing—original draft preparation, S.O., M.W. and B.M.; writing—review and editing, S.O., M.W. and B.M.; visualisation, S.O., M.W. and B.M.; supervision, B.M.; project administration, S.O. and B.M. All authors have read and agreed to the published version of the manuscript.


This research received no external funding.

Institutional Review Board Statement

Not applicable.

Informed Consent Statement

Not applicable.

Data Availability Statement

Not applicable.

Conflicts of Interest

The authors declare no conflict of interest.


  1. Hossenball, M.; Singh, K. UK Cyber Agency Targets Kaspersky in Warning on Russian Software. 2017. Available online: (accessed on 7 June 2021).
  2. Apps, P. Huawei and the Unravelling of Globalization. 2019. Available online: (accessed on 8 May 2022).
  3. Gaia-X. Trust Framework—Gaia-X Trust Framework—22.04 Release. 2022. Available online: (accessed on 11 October 2022).
  4. Rakheja, H. Ecommerce Companies Want Six Month Extension to Comply with ‘Country of Origin’ Rule. 2020. Available online: (accessed on 22 August 2022).
  5. Mikalef, P.; Conboy, K.; Lundström, J.E.; Popovič, A. Thinking responsibly about responsible AI and ‘the dark side’ of AI. Eur. J. Inf. Syst. 2022, 31, 257–268. [Google Scholar] [CrossRef]
  6. Ågerfalk, P.; Conboy, K.; Crowston, K.; Lundström, J.E.; Jarvenpaa, S.; Mikalef, P.; Ram, S. Artificial intelligence in information systems: State of the art and research roadmap. Commun. Assoc. Inf. Syst. 2021, 50, 420–438. [Google Scholar] [CrossRef]
  7. IT Governance Ltd. What is Cyber Security? Definition and Best Practices. 2022. Available online: (accessed on 28 November 2022).
  8. Noergaard, T. Embedded Systems Architecture—A Comprehensive Guide for Engineers and Programmers, 2nd ed.; Elsevier: Oxford, UK, 2013; Chapter 2; pp. 21–85. [Google Scholar]
  9. Goodrich, J. Importing Basics: Country of Origin. Shipping Solutions. 14 October 2007. Available online: (accessed on 6 May 2022).
  10. Mukherjee, S. Govt Makes It a Must for e-Commerce Platforms to Display Country of Origin. Business Standard. 21 July 2020. Available online: (accessed on 7 May 2022).
  11. Shairwal, S.; Tripathy, S. Legal Conundrum Regarding Country of Origin Concerning Government Whiplash Received by Flipkart and Amazon. Sakshar Law Associates, 2020. Available online: (accessed on 7 May 2022).
  12. Bandyopadhyay, S.; Banerjee, B. A Country of Origin Analysis of Foreign Products by Indian Consumers. J. Int. Consum. Mark. 2002, 15, 85–109. [Google Scholar] [CrossRef]
  13. Cordell, V. Effects of Consumer Preferences for Foreign Sourced Products. J. Int. Bus. Stud. 1992, 23, 251–269. [Google Scholar] [CrossRef]
  14. Cateora, P.R.; Graham, J.; Gilly, M. International Marketing, 18th ed.; McGraw-Hill: Columbus, OH, USA, 2019. [Google Scholar]
  15. Kaynak, E.; Kucukemiroglu, O.; Hyder, A.S. Consumers’ Country-of-Origin (COO) Perceptions of Imported Products in a Homogenous Less-developed Country. Eur. J. Mark. 2000, 34, 1221–1241. [Google Scholar] [CrossRef]
  16. Wenkel, R. How Much Is “Made in Germany” Really Worth? Deutsche Welle, 2014. Available online: (accessed on 28 May 2022).
  17. Oumlil, A.B. Country-Of-Origin (COO) Impact and Product Categories’ Evaluations: The Case of an Emerging Market. J. Mark. Dev. Compet. 2020, 14, 57–65. [Google Scholar]
  18. Khan, K.; Turner, R.; Maqsood, T. Factors that Influence the Success of Public Sector Projects in Pakistan. IRNOP XIAt Conference, Oslo, Norway, 2013. Available online: (accessed on 3 June 2022).
  19. Ozdemir, S. Enabling Domestic Digital Transformation: A Methodology for Determining the Country of Origin of IT Products. Master’s Thesis, Bogazici University, Istanbul, Turkey, 2019. Available online: (accessed on 16 December 2022).
  20. Schooler, R.D. Product bias in the Central American common market. J. Mark. Res. 1965, 2, 394–397. [Google Scholar] [CrossRef]
  21. Peterson, R.A.; Jolibert, A.J.P. A Meta-Analysis of Country-Of-Origin Effects. J. Int. Bus. Stud. 1995, 26, 883–900. [Google Scholar] [CrossRef]
  22. Phau, I.; Cheong, E. How young adult consumers evaluate diffusion brands: Effects of brand loyalty and status consumption. J. Int. Consum. Mark. 2009, 21, 109–123. [Google Scholar] [CrossRef] [Green Version]
  23. Johansson, J.K.; Douglas, S.P.; Nonaka, I. Assessing the impact of country of origin on product evaluations: A new methodological perspective. J. Mark. Res. 1985, 22, 388–396. [Google Scholar] [CrossRef]
  24. Lee, J.K.; Lee, W.N. Country-of-origin effects on consumer product evaluation and purchase intention: The role of objective versus subjective knowledge. J. Int. Consum. Mark. 2009, 21, 137–151. [Google Scholar] [CrossRef]
  25. Aiello, G.; Donvito, R.; Godey, B.; Pederzoli, D.; Wiedmann, K.; Hennigs, N.; Siebels, A.; Chan, P.; Tsuchiya, J.; Rabino, S.; et al. An international perspective on luxury brand and country-of-origin effect. J. Brand Manag. 2009, 16, 323–337. [Google Scholar] [CrossRef]
  26. Ahmed, Z.U.; Johnson, J.P.; Yang, X.; Fatt, C.K.; Teng, H.S.; Boon, L.C. Does country of origin matter for low-involvement products? Int. Mark. Rev. 2004, 21, 102–120. [Google Scholar] [CrossRef]
  27. Koehl, G.M.; Campbell, G.J. Buying American: Country of Origin Requirements in US Government Contracts. Practical Law 2019. Resource ID 7-573-3545. Available online: (accessed on 7 June 2022).
  28. International Trade Administration. Privacy Shield Framework—Ecommerce Guide. 4.1 eCommerce Country of Origin. No date. Available online: (accessed on 6 June 2022).
  29. HM Revenue & Customs. Rules of Origin for Imported and Exported Goods. 2012. Available online: (accessed on 7 June 2022).
  30. HM Revenue & Customs. Check your Goods Meet the Rules of Origin. 2020. Available online: (accessed on 7 June 2022).
  31. Western Digital Products. 2020. Available online: (accessed on 7 June 2022).
  32. Eder, N.C. The Country of Origin Effect in Modern-Day Marketing Communication. Master’s Thesis, Norges Handels Høyskole (NHH), Bergen, Norway, 2012. [Google Scholar]
  33. Roth, M.S.; Romeo, S.B. Matching Product Category and Country Image Perceptions: A Framework for Managing Country-of-origin Effects. J. Int. Bus. Stud. 1992, 23, 477–497. [Google Scholar] [CrossRef]
  34. Ballington, L.J. An Investigation into Improving the Competitiveness of Scottish Companies in their Domestic Market, Using the Country of Origin Effect. Master’s Thesis, University of Strathclyde, Glasgow, UK, 2001. [Google Scholar]
  35. Chao, P. The Moderating Effects of Country of Assembly, Country of Parts, and Country of Design on Hybrid Product Evaluations. J. Advert. 2001, 30, 67–81. [Google Scholar] [CrossRef]
  36. Federal Acquisition Regulations. Regulation 25.402. 2009. Available online: (accessed on 8 June 2022).
  37. Turkey Republic Ministry of Industry and Technology. Yerli Malı Tebliği (Official Gazette Number 29118). 2014. Available online: (accessed on 10 June 2022).
  38. Lim, K.; O’Cass, A. Consumer brand classifications: An assessment of culture of-origin versus country-of-origin. J. Prod. Brand Manag. 2001, 10, 120–136. [Google Scholar] [CrossRef]
  39. Mort, G.S.; Duncan, M. Own by: Country of Origin’s New Cue. J. Int. Consum. Mark. 2003, 15, 49–69. [Google Scholar] [CrossRef]
  40. Samiee, S.; Shimp, T.A.; Sharma, S. Brand origin recognition accuracy: Its antecedents and consumers’ cognitive limitations. J. Int. Bus. Stud. 2005, 26, 379–397. [Google Scholar] [CrossRef]
  41. Kinra, N. The effect of country of origin on foreign brand names in the Indian Market. Mark. Intell. Plan. 2006, 24, 15–30. [Google Scholar] [CrossRef]
  42. Zenger, S.; Covington, M. Comparison of Country of Origin, Research Collaborations, and Funding for Original Scientific Publications in the Journal Radiology from 2009 and 2019. Radiology 2021, 299, E221–E222. [Google Scholar] [CrossRef]
  43. McCaskill, A. Nearly 75% of Global Respondents List Country of Origin as a Key Purchase Driver. 2016. Available online: (accessed on 12 June 2022).
  44. Potluri, R.M.; Johnson, S. An Exploratory Research on Country-of-Origin and Its Impact on the UAE Consumers Buying Decisions. J. Asian Financ. Econ. Bus. 2020, 7, 455–466. [Google Scholar] [CrossRef]
  45. World Customs Organization. Comparative Study on Preferential Rules of Origin. 2017. Available online: (accessed on 26 April 2022).
  46. HM Revenue & Customs. General Rules to Determine the Origin of Your Products for Trade between the UK and EU. 2021. Available online: (accessed on 26 April 2022).
  47. Turkey Republic Ministry of Interior. Türkiye’nin Nüfus Haritası [in English: Turkey’s population map]. 10 July 2021. Available online: (accessed on 16 December 2022).
  48. KobiEfor. Turkey’s Producing Power. 2019. Available online: (accessed on 8 November 2022).
  49. Porter, A.L.; Kongthon, A.; Lu, J.C. Research profiling: Improving the literature review. Scientometrics 2002, 53, 351–370. [Google Scholar] [CrossRef]
  50. de-Miguel-Molina, B.; de-Miguel-Molina, M.; Albors, J. How to Undertake a Literature Review through Bibliometrics. An Example with Review about User Innovation. In Proceedings of the 1st International Conference on Business Management, Universitat Politècnica de València, València, Spain, 2015; Available online: (accessed on 8 May 2022).
  51. Walsham, G. Doing interpretive research. Eur. J. Inf. Syst. 2006, 15, 320–330. [Google Scholar] [CrossRef]
  52. Bell, J. Doing Your Research Project: A Guide for First-Time Researchers in Education, Health and Social Science, 5th ed.; McGraw-Hill Education: Berkshire, UK, 2014. [Google Scholar]
  53. Saunders, M.; Lewis, P.; Thornhill, A. Understanding Research Philosophies and Approaches, 8th ed.; Pearson Education Limited: Harlow, UK, 2019. [Google Scholar]
  54. Stockhinger, J.; Teubner, A. How digitalization drives the IT/IS strategy agenda. ERICS Working Paper, No. 31, 2019. European Research Center for Information Systems (ERCIS), Münster, Germany. Available online: (accessed on 22 February 2020).
  55. Lee, N.; Lings, I. Doing Business Research: A Guide to Theory and Practice; SAGE Publications Ltd.: London, UK, 2008. [Google Scholar]
  56. Guest, G.; Bunce, A.; Johnson, L. How Many Interviews Are Enough? An Experiment with Data Saturation and Variability. Field Methods 2006, 18, 59–82. Available online: (accessed on 18 June 2022). [CrossRef]
  57. Bell, E.; Harley, B.; Bryman, A. Business Research Methods; Oxford University Press: Oxford, UK, 2022. [Google Scholar]
  58. Peixoto, T.; Cordova, Y. Digital Government in Developing Countries. Public Digital, 2019. Available online: (accessed on 24 June 2022).
  59. OECD. Key Issues for Digital Transformation in the G20. 2017. Available online: (accessed on 12 June 2022).
  60. Rezaeian, M.; Wynn, M. Enterprise Resource Planning Systems in Iran: A Profile of the Behko Software House. International J. Asian Bus. Inf. Manag. 2021, 12, 94. [Google Scholar] [CrossRef]
  61. Ministry of Domestic Trade and Consumer Affairs of Malaysia. Buy Malaysia Campaign. 6 September 2022. Available online: (accessed on 15 June 2022).
  62. Sahin, T.; Ergocun, G.; Girgin, Y. Turkey Announces Landmark New Economic Reform Package. Anadolu Agency, 2021. Available online: (accessed on 5 May 2022).
  63. Mishra, A.R.; Bhalla, T. E-Commerce Products Will Have Country of Origin. 2020. Available online: (accessed on 3 June 2022).
  64. Ergocun, G. Chinese Tech Giant Xiaomi Opens Factory in Turkey. 29 March 2021. Available online: (accessed on 12 June 2022).
  65. Daily Sabah with Anadolu Agency. Made in Turkey—Xiaomi Phones to Go on Sale in April. Daily Sabah, 11 March 2021. Available online: (accessed on 12 March 2021).
  66. Brook, C. What’s the Cost of a Data Breach in 2019? Digital Guardian, 22 August 2022. Available online: (accessed on 8 November 2022).
  67. Claburn, T. Backdoorer the Xplora: Kids’ Smartwatches Can Secretly Take Pics, Record Audio on Command by Encrypted Texts. The Register, 12 October 2020. Available online: (accessed on 4 December 2022).
  68. AV-Comparatives, AV-TEST and Virus Bulletin. Testing Bodies AV-Comparatives, AV-TEST and Virus Bulletin Comment on Allegations of Inappropriate Behavior. Press Release. Internet Archive, WayBackMachine. 30 May 2016. Available online: (accessed on 6 December 2022).
  69. Keizer, G. Antivirus Test Labs Call out Chinese Security Company as Cheat. Computer World. 1 May 2015. Available online: (accessed on 6 December 2022).
  70. Reuter, M. Digitalizing the Circular Economy: Circular Economy Engineering Defined by the Metallurgical Internet of Things. Metall. Mater. Trans. B 2016, 47b, 3194–3220. Available online: (accessed on 23 June 2022). [CrossRef]
  71. Saidani, M.; Yannou, B.; Leroy, Y.; Cluzel, F. How to Assess Product Performance in the Circular Economy? Proposed Requirements for the Design of a Circularity Measurement Framework. Recycling 2017, 2, 6. [Google Scholar] [CrossRef] [Green Version]
  72. Ellen MacArthur Foundation. Circularity Indicators—An Approach to Measure Circularity. Methodology & Project Overview; Ellen MacArthur Foundation: Cowes, UK, 2015. [Google Scholar]
  73. Qiu, J.; Tian, Z.; Du, C.; Zuo, Q.; Su, S.; Fang, B. A Survey on Access Control in the Age of Internet of Things. Internet Things J. 2020, 7, 4682–4696. [Google Scholar] [CrossRef]
  74. Li, M.; Lai, S.; Wang, J.; Tian, Z.; Guizani, N.; Du, X.; Shan, C. Analysis on unit maximum capacity of orthogonal multiple watermarking for multimedia signals in B5G wireless communications. Digit. Commun. Netw. 2022. [Google Scholar] [CrossRef]
  75. Li, M.; Shan, C.; Tian, Z.; Du, X.; Guizani, N. Adaptive Information Hiding Method Based on Feature Extraction for Visible Light Communication. IEEE Commun. Mag. 2022, 1–7. Available online: (accessed on 6 December 2022). [CrossRef]
  76. Rowley, J. Using case studies in research. Manag. Res. News 2002, 25, 16–27. [Google Scholar] [CrossRef]
Table 1. Interviewee profiles.
Table 1. Interviewee profiles.
R&D Director40Metropolitan MunicipalityFemale
Head of Environmental Department45Environmental ProtectionMale
Head of Agricultural Services55Agricultural ServicesMale
Head of IT Department35Metropolitan MunicipalityMale
IT Manager35Water and Wastewater TreatmentMale
Head of Environmental Protection Department45Water and Wastewater TreatmentMale
Head of Geographical Information Systems40Water and Wastewater TreatmentMale
Head of Water and Wastewater Treatment45Water and Wastewater TreatmentMale
Treatment Plants Director35Treatment PlantsMale
Transportation Director40TransportationMale
Industry Branch Manager45Chamber of IndustryMale
Chef Executive Officer60Rail SystemsMale
Software Manager45Wagon ProductionMale
SAP Manager45Aluminium ProductionMale
SAP Assistant Manager35Aluminium ProductionMale
SAP Assistant Manager35Aluminium ProductionMale
R&D Director50Tractor ProductionMale
Head of IOT Laboratory50IOT LaboratoryMale
Head of Domestic Software Laboratory55Software ProductionMale
Table 2. Survey respondents: department and experience.
Table 2. Survey respondents: department and experience.
Research and Development1211.8
Wastewater Treatment1514.7
Less than 1 year1817.6
1–5 years3029.4
6–10 years2120.6
11–15 years2120.6
More than 15 years1211.8
Table 3. Extensive parameters for digital domestic COO evaluation (following interviews).
Table 3. Extensive parameters for digital domestic COO evaluation (following interviews).
Hardware InfluenceProduction Place Location
Assembly Place Location
Raw Materials and Spare Parts Origin
Strategic Part Origin
Energy Source Origin
Software Production InfluenceInbound (Domestic Production Rate) Location
Government Approved Project
Inbound (National IT Staff Rate) Software Project Team Size
Capability of Software Development based on New Technology Innovation
Software Capability of Sales in International Market
Compliance with International Standards for Exportable Produced Software
Software Library Origin
Digitalisation Platforms InfluenceWebsite, Intranet, Cloud Technology Production Location
Data Storage Location
Open-Source Code Ratio
Openness Rate
Community Support Availability
Open-Source Database Availability
Patented Software Design
Communication Infrastructure Origin
Document Format Origin
Open Platform Ratio
Operating System Origin
Web Server Origin
Protocol Origin
Hardware Related Operating System Origin
IT Outsource InfluenceSupplier Production Place
Supplier Headquarter Place
Configurated Software/Operating System Number
Source Code Analysis Origin
Data Security Test Maintenance Nationality
Producer InfluenceHeadquarter Location (The Location that is Registered Officially)
Domestic Capital Ratio (Capital Amount from Domestic Resources)
Amount of Total Corporate Tax Paid to the State
Investment Revenue Costs
Employment Contribution
R&D Spending (As % of Capital Investment).
Table 4. Focused parameter list for digital product COO evaluation (following survey analysis).
Table 4. Focused parameter list for digital product COO evaluation (following survey analysis).
Category/InfluenceParameters Explanation Importance
HardwareHardware Production Place Measures the percentage of hardware elements within a product produced in any one country. For example, 60% in USA; 40% in Turkey. Indicates the amount of direct investment in a country and thus the domesticity of the product.
Hardware Assembly Place Measures where the hardware elements of a product were assembled. For example, 15% in USA; 85% in Turkey. Indicates the investment in assembly factories and workshops in any one country and thus the domesticity.
Content Rate of Component Parts (Raw Materials and Spare Parts Origin) Provides the content rate for component parts and spare parts origin deployed in hardware manufacture and maintenance. For example, 70% from USA; 15% from China; 15% from Turkey. The provision of component parts and spare parts from within the user country reduces the import dependency and on-going cost.
SoftwareSoftware Production Place Measures the percentage of software elements within a product developed or produced in any one country. Must consider if it is outsourced. Provides an indication of the domesticity of the product.
Capability of On-going Software Development and Maintenance Measures a country’s capability for software development and maintenance using country-based personnel. Capability to manage software updates and on-going maintenance increases the domesticity rating.
Compliance with International Standards Assesses the compliance with international standards and thus the eligibility for subsequent foreign export. Meeting necessary international compliance standards establishes the software competence and indicates potential security, privacy, and quality issues.
Open-Source Code Ratio Measures the ratio of software that is developed in an open-source environment. Using open-source codes make it easier to solve problems rather than rely on proprietary products.
Software Producer Headquarter Location Measures software producer’s domesticity ratio, including for outsourced products. Inbound headquarter location for suppliers has a positive impact on domesticity.
Platforms DeployedSoftware Development Platform Location Denotes the location of platform upon which software deployed.May be in the cloud via SaaS. Supplying software development platforms with domestic resources reduces foreign dependency and increases domesticity.
Data Storage Location Measures the domesticity rate based on location for data storage. Maybe in the cloud via IaaS, PaaS, or SaaS. Storing data inside the country reduces the risk of a data breach and increases the country’s information security, improving data confidentiality, integrity, and availability.
Data Security Test Maintenance Nationality This entails support and collaboration for domestic independent security testing. There may be security faults in products that cause the disclosure of user information, and there may be cyber security vulnerabilities that the manufacturers themselves are not aware of. In addition to complying with international standards, it is important that foreign manufacturers cooperate with local authorities for the independent testing of products. For example, for cyber security penetration tests, and providing detailed explanations for application programme interface connections of software components.
Open-Source Database Availability Measures the level of database usage with open-source resources. Open-source databases prevent data breach possibilities and increases domesticity.
Communication Infrastructure Origin Measures the domesticity level of the communication infrastructure (e.g., Base station). Supplying communication infrastructure and necessary data transfer technology inside the country increases the data privacy and national data security.
Open Platform Ratio Measures the ratio of software developed in an open platform environment. An open platform will use open standards and documented APIs and is likely to reduce dependencies between development teams and certain application components.
Producer of Final ProductHeadquarter Location of Manufacturer of Final Product Measures domesticity in terms of headquarter location. Inbound headquarter location for the producer has a positive impact on domesticity.
Domestic Capital Rate Measures domesticity of capital used to finance the producer company. Financing the producer capital with domestic investors should increase domesticity.
Tax Payment to Domestic Country Measures domesticity in terms of tax payment to the domestic country. Paying taxes to the country it operates should increase the domesticity.
Investment Revenue Costs in Domestic Country Measures all investment costs in the domestic country, including R&D. Spending more in the country should increase the domesticity.
Employment Contribution Measures the employment contribution level in the country. Contributing to the labour force that it operates means selecting domestic labour and should increase the domesticity.
Table 5. Domesticity COO Evaluation: Xiaomi mobile phone example.
Table 5. Domesticity COO Evaluation: Xiaomi mobile phone example.
Category/InfluenceParametersDomesticity Assessment
HardwareHardware Production PlaceNo.
Hardware Assembly PlaceYes.
Content rate of Component Parts (raw materials) and Spare Parts originNo < 50%.
SoftwareSoftware Production PlaceNo.
Capability of on-going Software Development and MaintenanceNo.
Compliance with International StandardsYes. It is allowed to export the product to other countries.
Open-Source Code RatioNo < 50%, The operating system is Android which is open source, but the other software products are produced by Xiaomi itself.
Software Producer Headquarter LocationNot in Turkey.
Platforms DeployedSoftware Development Platform LocationNot in Turkey.
Data Storage Location Not in Turkey.
Data Security Test Maintenance NationalityNot in Turkey.
Open-Source Database AvailabilityNo.
Communication Infrastructure OriginNot in Turkey.
Open Platform RatioLow.
Producer of Final ProductHeadquarter Location of Manufacturer of Final ProductNot in Turkey.
Domestic Capital Rate0%. Total Chinese investment.
Tax Payment to Domestic CountryYes. Corporate tax, value-added-tax, income tax. However, the amount is not explicitly given.
Investment Rate in Domestic CountryYes. Building and factory. $30 million.
Employment ContributionYes, 2000 personnel.
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Ozdemir, S.; Wynn, M.; Metin, B. Cybersecurity and Country of Origin: Towards a New Framework for Assessing Digital Product Domesticity. Sustainability 2023, 15, 87.

AMA Style

Ozdemir S, Wynn M, Metin B. Cybersecurity and Country of Origin: Towards a New Framework for Assessing Digital Product Domesticity. Sustainability. 2023; 15(1):87.

Chicago/Turabian Style

Ozdemir, Serkan, Martin Wynn, and Bilgin Metin. 2023. "Cybersecurity and Country of Origin: Towards a New Framework for Assessing Digital Product Domesticity" Sustainability 15, no. 1: 87.

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop