The rapid expansion of Chinese data centers and artificial intelligence (AI) platforms — including ByteDance, Huawei, and Tencent — in Brazil is raising significant concerns. Experts fear potential cyber espionage, unauthorized access, systemic surveillance, and the political or commercial misuse of sensitive data, posing risks to national and digital sovereignty.
In Ceará, ByteDance, owner of TikTok, is considering a 900 MW mega data center in the Pecém area. This project raises alarm due to its immense water and energy demands in a water-scarce region. In April, the National Electric Energy Agency (Aneel) rejected its grid connection request, citing insufficient capacity. Beyond ecological and infrastructural concerns, the core issue is control over Brazilian data and the applicable ethical and legal standards.
“China’s security laws allow the government to access data stored by its national companies, which poses a direct threat to Brazilian citizens’ privacy,” Oerton Fernandes, a Brazilian cybersecurity expert and professor, told Diálogo. He adds that these data centers’ infrastructure could also become targets for advanced cyberattacks, such as ransomware and advanced persistent threats (APTs).
“Hackers could exploit vulnerabilities to compromise systems, block access to strategic information, and even modify stored data, harming companies and public agencies that depend on these services,” Fernandes said.
Pecém’s strategic position, with access to alternative energy and proximity to Fortaleza — a crucial global telecommunications hub — amplifies these concerns. No fewer than 16 submarine cables connecting Brazil with America, Africa, and Europe pass through this area. Any sabotage of this infrastructure could have global repercussions.
Reports indicate Beijing possesses both the technical ability and a clear strategic intention to exploit these global connections during hybrid warfare or geopolitical pressure. As Lane Burdette wrote in Princeton University’s Journal of Public and International Affairs, “China views submarine cables not as a neutral component of a global, mutually beneficial network, but as strategic assets that could be intercepted or cut in a potential future conflict.”
AI and digital governance
Also in Fortaleza, the Virtual Center for Research and Development in Artificial Intelligence will be established. This initiative, resulting from an agreement allowing Huawei (banned in many countries due to security concerns) to use data centers of Dataprev — Brazil’s public company managing the Social Security Database — aims to build a Brazilian AI Data Infrastructure and “cooperate on AI infrastructure and build high-quality data sets together.”
In March, Huawei launched the Portuguese version of its generative model Pangu in Brazil for industrial and business applications. Simultaneously, the DeepSeek platform integrated into local cloud services, offering AI tools in Portuguese.
Through these projects, China exports not only technology but also its own model of digital governance. According to Asia Times, “China’s AI strategy is deeply intertwined with its economic and political ambitions and aims to serve state objectives rather than free technological innovation.”
Cybersecurity threat
“Brazilian companies and governments using Chinese cloud services may be vulnerable to external blockages or manipulation in the event of political or trade tensions between Brazil and China,” says Fernandes. According to him, the data center and cloud infrastructures can also facilitate cyberattacks if they are “poorly configured” or “lacking advanced security measures.”
Major risks include ransomware, where cybercriminals encrypt essential data for exorbitant payments.
“Another serious threat is the modification of stored data, where cybercriminals can alter critical information without the victim’s knowledge. This can affect sectors such as finance, healthcare, and public administration, leading to wrong decisions based on altered data,” says Fernandes.
According to the expert, “there is also the risk of advanced persistent threats (APTs), in which groups specializing in cyber espionage infiltrate digital infrastructure, remain hidden for long periods of time, and launch attacks when conditions are favorable.” Such activities pose a direct risk to national sovereignty, as strategic information can be accessed and exploited by foreign entities.
The imperative for stronger controls
This integration of Chinese technology occurs within Brazil’s regulatory fragility, lacking a comprehensive legal framework for AI. In addition, its National Data Protection Authority (ANPD) has limited powers to address the systemic implications of foreign AI.
“While representing important advances for Brazilians’ digital rights, continuous monitoring, investment in IT security infrastructure, and national technological alternatives are essential,” Fernandes concludes. Without these controls, Brazil risks digital vulnerabilities impacting both citizen privacy and national sovereignty.
