Chinese IoT company Tuya has attacked claims by three US senators that it is a national security risk.

Republican senators Marco Rubio, Rick Scott and Tom Cotton sent a letter to US Department of the Treasury secretary Janet Yellen to express concern regarding the national security threat posed by Tuya.

Tuya is a dominant firm in the IoT industry, and its technology powers smart devices such as doorbells, refrigerator and security cameras in millions of Americans’ homes. The senators urged the department to add Tuya to its list of non-SDN Chinese military-industrial complex companies operating directly or indirectly in the USA in accordance with president Joe Biden’s Executive Order 14032.

“Cyber and national security experts have already raised significant concerns about Tuya’s lack of protections over users’ data,” said the letter. “However, there is also a more basic reality that, as a PRC company, Tuya is obligated to comply with CCP orders, including requests to share American and other users’ data with the Chinese government. Specifically, the company is subject to China’s Data Security Law, which mandates that Chinese firms must cooperate with Chinese law enforcement on data if it concerns national or economic security, as well as bans any company in the PRC from providing Chinese-stored data to foreign law enforcement.”

A statement from Tuya said the claims of the experts cited in the letter were without merit.

“Tuya is a leading global IoT development platform which works with global consumer electronic brands, retailers and manufacturers to enable the development of their own smart devices,” said the statement. “Privacy and data security are a top priority for Tuya, and we have designed our IoT platform to protect user data. This includes regionally isolating all user data, including in the USA, so that it is not shared with data centres outside of that region.”

Tuya said it had never received a request from one country’s government to share user data from another country.

“We take compliance with all security and privacy laws seriously and strive to abide by the laws in all markets where we operate – including the United States and China,” said the statement. “Tuya is prepared to aggressively defend itself against any claims to the contrary.”

The senators’ letter pointed out that more than 5000 brands, such as Dutch multinational corporation Philips, had worked to build Tuya into their products, which were frequently sold at Walmart, Amazon, Target and elsewhere.

In March 2021, Tuya listed on the New York Stock Exchange for a total offering size of $915.4m.