Most 'Made in Germany' Security Tech Is Rebadged Hikvision

"Made in Germany" on a security device, in the great majority of cases, refers to the final screw and the packaging label, not to the silicon, the firmware, or the optical assembly inside the housing.

That sentence will read as provocative to the catalogue houses that have built three decades of margin on it. It is meant to. The work that follows is not a polemic. It is a description of how the security hardware supply chain actually functions, which steps of value creation still happen on European soil, and which steps were quietly relocated to Hangzhou, Shenzhen and Zhuhai between roughly 2008 and 2018. The German label survived that move. The German manufacturing did not, except in a handful of cases that can be named and counted. Operators who specify cameras, recorders, intercoms and access controllers for critical sites deserve to know which is which. Insurers, CISA advisories, the BSI and the German GDV have all pushed the question of supply chain provenance higher up the procurement agenda. The market has not yet caught up.

What a country-of-origin label actually means in security hardware

The country-of-origin marking on a network camera is a customs declaration, not a manufacturing testimony. Under EU non-preferential rules of origin, a product originates in the country where it underwent its last substantial, economically justified processing. For security electronics, the prevailing interpretation has been generous toward final assembly, firmware loading and quality inspection. A camera whose sensor, lens, image signal processor, main board and housing all arrive from China, and which is then assembled, flashed, tested and boxed in a German facility, can legally carry "Made in Germany" or, with slightly different evidentiary work, "Designed in Germany, Assembled in EU." Both phrases are correct in trade law. Neither phrase says anything useful about who controls the firmware, who owns the cryptographic keys, or who can push a remote update.

The German marking specifically, "Made in Germany," is not a registered protected designation under EU law. It is a quality claim governed by unfair competition jurisprudence, primarily through the rulings of the Bundesgerichtshof. The case law has evolved. The current position requires that the essential manufacturing steps determining the product's characteristic quality take place in Germany. The phrase "essential manufacturing steps" is where the entire industry conversation happens. For a camera, a court has not yet held that the image sensor and the SoC are essential in the strict sense if assembly, calibration and software finalisation occur in Germany. That gap is what the rebadge model exploits. A vendor can buy a complete OEM camera from a Chinese manufacturer, replace the logo, load a German firmware shell on top of the Chinese kernel, test it, document it, and sell it under a German brand with full legal coverage of the label. The buyer reading a tender response sees a German company, a German address, a German VAT identifier, and a German country mark. The buyer does not see the Hikvision, Dahua or Uniview circuit board underneath.

This matters for three reasons. NIST CSF 2.0 and IEC 62443 both require, in operational terms, that an asset owner understand the provenance of components in their critical systems. CISA and the BSI have issued advisories regarding firmware originating from vendors subject to extraterritorial data access laws. And the EU's NIS2 transposition has begun to require demonstrable supply chain due diligence for essential and important entities. A "Made in Germany" sticker over a Chinese motherboard is not due diligence. It is the appearance of due diligence, which is a different category of risk entirely.

The economics that forced the rebadge

The reason the rebadge model exists is not malice. It is arithmetic. A European manufacturer building a network camera from European silicon and European optics, at European labour costs, with European compliance documentation, lands at a wholesale cost roughly three to five times higher than an OEM unit shipped from Hangzhou. The two large Chinese manufacturers, Hikvision and Dahua, together with their second tier of Uniview, Tiandy and TVT, achieved a structural cost position in the early 2010s that European volume manufacturers could not match, because the Chinese firms benefited from domestic scale, state-backed industrial financing, vertically integrated component supply, and a procurement base in Chinese public infrastructure that absorbed enormous volumes before a single unit was exported.

European brand owners faced a choice. Continue to manufacture in Europe and watch their unit prices be undercut on every public tender. Or relocate the manufacturing to Asia, maintain the brand, maintain the channel relationships, and absorb the margin gap on the now lower cost base. Most chose the second path. They did so quietly. The marketing language did not change. The trade fair stands continued to display the same German design language, the same engineer-in-a-lab-coat photograph, the same TÜV and VdS certificates. The factory address on the corporate website became "Munich" or "Hamburg" or "Düsseldorf," referring to the company headquarters, while the manufacturing site references slowly disappeared from the product literature. By 2015, internal industry estimates, which can be cross-checked against component import statistics from the GDV and from German customs, suggested that something between sixty and eighty percent of cameras sold in Europe under European brands were rebranded Chinese OEM hardware. The figure has not improved since.

A second cost driver accelerated the move. The shift from analogue CCTV to IP video between 2010 and 2016 required every camera to contain a system-on-chip capable of H.264 or H.265 encoding. Three Chinese SoC vendors, HiSilicon (a Huawei subsidiary), Novatek and Fullhan, achieved near-total dominance of that chip layer. Any European camera assembler, including the few that still soldered boards in Europe, was buying the central computational component from the same Chinese silicon supply as the OEM houses they competed with. The notion of an independent European camera SoC ecosystem essentially ended around 2014. Ambarella, an American vendor, holds a small share in higher-end models. STMicroelectronics holds adjacent positions in image signal processing. The bulk of the market runs on Chinese silicon. That alone makes the phrase "European camera" a description of corporate registration, not of technical sovereignty.

How to read a vendor's manufacturing claim

A procurement officer or security director can do a meaningful provenance check in under an hour, using only public information and one disassembly. The steps are these. Pull the FCC ID or, in Europe, the CE declaration of conformity from the product. The DoC must name the manufacturer and the location of technical documentation. If the named manufacturer is a Chinese entity, the case is closed regardless of the brand on the housing. If the named manufacturer is a European entity, proceed to the second step. Examine the firmware. Network cameras expose their firmware version and often their underlying SDK through the ONVIF interface or through the device's web management page. The presence of strings such as "Hisilicon," "HiLink," "DH_IPC" (Dahua), "HCNetSDK" (Hikvision) or "XMEYE" in the firmware indicates the underlying hardware platform. These strings are extremely difficult to remove cleanly, and most rebadgers do not bother. Third, open the housing on one sample. The main board carries silkscreen markings. The SoC carries a part number. These two markings, photographed and run through a parts database, identify the OEM platform within minutes.

The fourth and most reliable test is a request for the FCC ID grantee or the CE technical file holder, combined with a written question to the vendor asking which specific factory, by registered name and address, performs the SMT placement, the housing assembly, the firmware flashing and the final quality inspection. A vendor that manufactures in Europe will answer this question with a single page. A vendor that rebadges will produce evasive language, redirect the question to commercial confidentiality, or describe the German site in terms that, on close reading, refer only to logistics, configuration and customer support. The pattern is consistent enough across the industry that it functions as a reliable diagnostic. This procedure is one of the items addressed in the audit format described in BOSWAU + KNAUER. From Building to Security Technology, where supply chain transparency is treated not as an ethical preference but as an operational requirement.

What German and European manufacturing actually looks like

Real manufacturing of security electronics in Germany and the broader European Union still exists. It is smaller than the marketing would suggest, and it concentrates in specific segments where either regulatory constraint, classified procurement, or unusual technical specification have preserved a domestic supply chain. The honest map looks roughly as follows.

In access control and intrusion detection, several German manufacturers continue to produce control panels, readers and field devices on European soil. The names are well known within the trade and include companies that have served the BSI-approved and VdS-listed segment for decades. Their volumes are modest, their prices are higher, and their products are typically specified into government, critical infrastructure and high-security commercial buildings where the VdS Klasse C or higher certification, or BSI approval, is required. These certifications include source code review and supply chain audit. They cannot be obtained with rebadged Chinese hardware. The existence of this segment is the strongest argument that European manufacturing is technically possible. The smallness of the segment is the strongest argument that the market has chosen price over provenance everywhere else.

In video, the picture is sparser. Mobotix, headquartered in Langmeil, Rhineland-Palatinate, has historically manufactured a significant portion of its cameras in Germany, though Konica Minolta's acquisition has shifted some sourcing patterns. Bosch Security Systems, now Bosch Building Technologies, operates manufacturing in multiple locations including Eindhoven, with design work distributed across Europe and component sourcing that is honest about its global character. Dallmeier, in Regensburg, continues to assemble cameras and recorders in Germany and is one of the few vendors that will provide, on request, a detailed component provenance statement. Geutebrück, in Windhagen, operates similarly. Beyond these names and a handful of specialised smaller firms, the German video camera industry is, in manufacturing terms, an artefact of the past tense. Most of the brands that German integrators still recognise from the analogue era have either been acquired by Asian groups, have shifted to a pure rebadge model, or have exited the hardware business altogether and now sell software platforms that run on third-party cameras.

In perimeter sensors, radar, fence-mounted detection and laser-based volumetric protection, European manufacturing has held up better. The technologies involved are specialised, the volumes are too small to attract Chinese commodity competition, and several of the products serve defence and critical infrastructure customers whose procurement frameworks restrict foreign sourcing. ASIS International's publications on perimeter intrusion detection regularly cite European manufacturers in this segment, and the NICB's loss data on industrial sites supports the case that perimeter technology delivers measurable reduction in theft and intrusion. This is the segment where Boswau + Knauer's own development work concentrates, for reasons that should now be evident. A vertically integrated manufacturer of perimeter and mobile security systems, designing its own hardware platforms and writing its own firmware, can answer the provenance question without ambiguity. The competitive position that follows from that answer is structural, not rhetorical.

What the rebadge costs the operator

Operators tend to assume that if a Chinese OEM camera and a German-branded rebadge of the same camera are technically identical, they should perform identically and pose identical risk. They do not. The rebadge introduces three categories of degradation that the unit price does not reveal.

The first is firmware opacity. The German brand owner does not, in most cases, have access to the full source code of the firmware running on the device. They have a customisation layer, perhaps a branded web interface, perhaps modified default settings, and a relationship with the OEM that allows them to request specific changes. They do not control the kernel, the network stack, the cryptographic libraries or the update mechanism. When CISA or the BSI publishes an advisory about a vulnerability in Hikvision or Dahua firmware, the rebadged variants are affected by the same vulnerability. The German brand owner must wait for the OEM to issue a patch, then test it, then push it to their customers, often with a delay of weeks or months. The operator who believed they had bought a German product has, in security incident response terms, bought a Chinese product with a longer patch cycle. NIST 800-53 control SI-2 on flaw remediation does not bend for marketing language.

The second is the question of remote access and back-channel telemetry. Multiple independent analyses, including work by IPVM and academic researchers, have documented that certain OEM platforms maintain undocumented connections to manufacturer-controlled infrastructure, often justified as cloud services or remote support functions. A rebadger cannot fully audit or disable these channels without breaking the OEM relationship, because the firmware is not theirs to modify at that depth. ISO 27001 Annex A.5.21 on information security in supplier relationships, and IEC 62443's component requirements on communication restrictions, both treat this exposure as a control gap. The operator's compliance posture is degraded in a way that the procurement file does not show.

The third is reputational and regulatory tail risk. The 2022 and 2023 actions by the United States government adding Hikvision and Dahua to entity lists, the United Kingdom's removal of those vendors from sensitive government sites, and the ongoing European Parliament debates on similar restrictions, all create the possibility that a camera installed today under a German brand will, in three years, need to be removed because the OEM substrate has become politically untenable. The cost of that removal, multiplied across a portfolio of sites, can dwarf the original procurement savings. Operators who specified European-manufactured equipment do not face this tail. Operators who specified rebadges do, whether they know it or not.

What holds

The phrase "Made in Germany" once meant that the essential value creation in a product happened in Germany. In the security hardware category, that meaning has eroded to the point where the phrase, used without further qualification, carries almost no information. Operators who care about supply chain integrity, regulatory exposure and the long-term controllability of their installed base must read past the label. The diagnostic is not difficult. It requires one disassembly, one firmware inspection, one written question to the vendor, and the willingness to act on the answer.

The market will not correct itself. The rebadge model is profitable for the brand owners that practice it, opaque enough to survive most procurement processes, and protected by a customer base that has been trained over twenty years to treat the label as sufficient. Correction comes from the demand side, from operators who write provenance requirements into their tenders and refuse to accept evasive answers. The few European manufacturers that have held the line on real manufacturing are waiting for that demand. Boswau + Knauer is one of them.

Operators who want to understand where their own installed base sits on this map can begin with a sixty-minute confidential conversation, Path I in the framework set out in the book. The conversation does not commit to anything beyond an honest reading of the situation. For those whose portfolios are large enough that the question matters at the contract level, the three to five day audit, Path II, produces a written provenance assessment that can be used directly in renegotiation with existing vendors or in the design of a replacement procurement. The label on the housing is the easy part. What sits underneath it is the work.

Frequently asked questions

How much of European security hardware actually comes from Europe?

Estimates vary by category. In network video, internal industry assessments cross-checked against import statistics suggest that roughly sixty to eighty percent of cameras sold under European brands are manufactured in China, primarily by Hikvision, Dahua, Uniview and a smaller tier of OEM houses, then rebadged in Europe. In access control, intrusion detection and perimeter sensors, European manufacturing remains stronger, in the range of forty to sixty percent, driven by VdS and BSI certification requirements that cannot be satisfied with rebadged hardware. The figure has been roughly stable since 2018.

How can you verify a "Made in Germany" claim?

Four steps suffice. First, read the CE declaration of conformity and note the named manufacturer and the location of the technical file. Second, inspect the firmware for OEM signature strings such as HiSilicon, DH_IPC, HCNetSDK or XMEYE, visible through the web interface or the ONVIF response. Third, open one unit and photograph the silkscreen markings on the main board and the part number on the system-on-chip, then cross-reference in a parts database. Fourth, ask the vendor in writing for the registered name and address of the factory performing SMT placement, firmware flashing and final inspection. Evasive answers are diagnostic.

What is rebadged hardware and why does it matter?

Rebadged hardware is a product manufactured by an original equipment manufacturer, in this case typically Hikvision, Dahua or a similar Chinese vendor, then sold under a different brand after cosmetic modifications such as logo replacement, packaging change and minor firmware customisation. It matters because the brand owner does not control the underlying firmware, cannot independently patch vulnerabilities, may not be able to audit communication channels, and inherits the regulatory and reputational exposure of the OEM. CISA, BSI and IEC 62443 all treat supply chain provenance as a primary control category. A rebadge does not satisfy that control.

Which European manufacturers run their own factories?

In access control and intrusion detection, several German firms specified into VdS Klasse C and BSI-approved environments continue to manufacture in Germany. In video, the shorter list includes Mobotix in Langmeil, Bosch Building Technologies with manufacturing distributed across Europe including Eindhoven, Dallmeier in Regensburg and Geutebrück in Windhagen. In perimeter sensors and radar, multiple smaller specialist firms across Germany, Austria, Italy and the Nordics maintain European production. Boswau + Knauer designs and manufactures its mobile security systems and perimeter platforms with vertically integrated control over hardware and firmware, which is the structural answer to the rebadge problem.