China's Cybersecurity Law: Game over for foreign firms?

Sweeping new legislation in China will restrict firms’ room for manoeuvre

The “de-Americanisation of China’s IT stack” has taken another major step forward with the introduction of the new Cybersecurity Law. It not only enshrines strict new rules for foreign companies in various industries trading in China, but will also further restrict the online freedoms of citizens inside one of the most surveillance-coated nations on earth. But while the reports talk of “dismay” and “rattled” foreign multi-nationals, did they really think it would be any other way?


What it says

The new law formalises several key requirements, namely:

  • That a potentially wide range of companies censor ‘banned’ information, and demand real name registration of their users – that is, for services like instant messaging – in order to restrict online anonymity.
  • “Critical information infrastructure operators” must store “personal information and other important business data” inside China. This need only be data related to Chinese operations, but the terms remain vague enough for them to apply to a wide range of data and companies. Those wanting to transfer data outside China need to pass an additional security assessment.
  • Organisations monitor and report any “network security incidents” and provide “technical support” to help in investigations. This could mean providing the authorities with access to communications and so on.
  • No individual can use the internet to endanger national security, promote terrorism, spread false information to disturb the economic order, incite separatism etc. – all of which gives the authorities a lot of rope to hang any dissenters with.


Foreigners humbled

To continue reading this article register now