The first draft of the Cybersecurity Law was released in July 2015. On July 5, 2016, China’s National People’s Congress (“NPC”) published a revision of the Cybersecurity Law for public comment. The revised draft contains several significant changes, but many of the provisions from the first draft that raised concerns among multinational companies, especially those in the tech sector, remain. The new Cybersecurity Law means strict new rules for foreign companies doing business in China and has the potential to discriminate against foreign technologies in favor of domestic industry.
What and who it effects:
- Network product and service providers, operators*: These companies are now required to censor any information deemed ‘critical’ or ‘banned’ and demand real name registration for any user of services like instant messaging.
- All personal information for citizens in China and any business data deemed ‘important’ must be stored on storage devices inside mainland China. The terms are vague enough to apply to a wide variety industries and a wide range of data. Any data transmitted outside of China by any entity must first be reviewed and approved.
- All network transmissions must be monitored and “network security incidents” are required to be reported. The company, service provider, or operator is then required to give “technical support” to help in an investigation. This support may result in authorities accessing internal or external communications, etc.
- The new law also states that no individual will be allowed to use the Internet to endanger national security, promote terrorism, spread false information to disturb the economic order, etc. This regulation is very open-ended and may be interpreted to fit a multitude of situations.
Click here for a summary of China’s new Cybersecurity Law and Critical Information Infrastructure
Click here for a complete translation of China’s new Cybersecurity Law by the American Chamber of Commerce – China
The primary challenge issued by the new Cybersecurity Law is the requirement that data be stored in mainland ChinaIT infrastructure outside of mainland China. Building a redundant IT infrastructure in China feasible to “move everything to China.”
If this is your dilemma, CDS has the solution. We can provide an easy to deploy, low impact, and fully legitimate solution. Contact us for details.