Recent events concerning the Kaspersky anti-virus software in the UK and the Android operating system in the US have highlighted the significance of the domesticity of digital products for national cybersecurity, and the importance of establishing the origin of digital products has been further brought into focus by the war in Ukraine and China's military activities around Taiwan. Digital products can contain hardware components, software elements, embedded systems, and data, and determining the country of origin (COO) in these circumstances is problematic. The aim of this research, and its main contribution, is to provide an operational framework for the application of the COO concept to address this problem. Using an inductive research methodology based on semi-structured interviews and an online survey, a 19-parameter framework for assessing the COO of digital products is developed and then applied to the case example of a mobile phone import in Turkey. This article concludes that new processes and policies are urgently required to enhance the cyber and information security for digital products, aid domestic digital technology production, and support the transition to recyclable technologies. Such developments are of significance not only for western nations concerned with data and security issues, but also for developing world countries trying to develop their own domestic digital product manufacturing capabilities. This is also of relevance to the computer end-user, who would benefit from greater clarity on the origin of digital products ahead of a purchase decision.