China’s Cybersecurity Law: Game over for foreign firms?

China’s Cybersecurity Law: Game over for foreign firms?

The “de-Americanisation of China’s IT stack” has taken another major step forward with the introduction of the new Cybersecurity Law. It not only enshrines strict new rules for foreign companies in various industries trading in China, but will also further restrict the online freedoms of citizens inside one of the most surveillance-coated nations on earth. But while the reports talk of “dismay” and “rattled” foreign multi-nationals, did they really think it would be any other way?


What it says

The new law formalises several key requirements, namely:

  • That a potentially wide range of companies censor ‘banned’ information, and demand real name registration of their users – that is, for services like instant messaging – in order to restrict online anonymity.
  • “Critical information infrastructure operators” must store “personal information and other important business data” inside China. This need only be data related to Chinese operations, but the terms remain vague enough for them to apply to a wide range of data and companies. Those wanting to transfer data outside China need to pass an additional security assessment.
  • Organisations monitor and report any “network security incidents” and provide “technical support” to help in investigations. This could mean providing the authorities with access to communications and so on.
  • No individual can use the internet to endanger national security, promote terrorism, spread false information to disturb the economic order, incite separatism etc. – all of which gives the authorities a lot of rope to hang any dissenters with.


Foreigners humbled

Many stakeholders have already complained. American Chamber of Commerce in China chairman James Zimmerman told the Wall Street Journal that restricting the flow of data internationally would “provide no security benefits but will create barriers to Chinese as well as foreign companies operating in industries where data needs to be shared internationally.”

Others said foreign tech players in China believed Beijing is using cybersecurity as a cover for protectionism: that is, “abide by our rules or get out.” At the very least, there’s the assumption that the extra requirements will end up costing businesses operating in China dear – both financially and in terms of their corporate reputation. LinkedIn has already been on the sharp end of criticism after it was accused of pandering to the whims of China’s censors.

China director of Human Rights Watch, Sophie Richardson argued the Communist Party had pushed ahead with the law despite widespread criticism from foreign companies and rights groups in the country.

“The already heavily censored internet in China needs more freedom, not less,” she said. “If online speech and privacy are a bellwether of Beijing’s attitude toward peaceful criticism, everyone – including netizens in China and major international corporations – is now at risk.”


A new plan

But when it comes to foreign companies in China – tech and otherwise – can they really feel aggrieved and surprised at what’s happened? After all, many of the Cybersecurity Law’s provisions were already in force. And since new president Xi Jinping came to power there’s been a gradual tightening of rules, corruption investigations and other measures designed to discomfit foreign firms.

Qualcomm was forced to pay out almost $1bn in an antitrust case, and even Microsoft has been on the receiving end of an investigation. Last year a law was passed meaning tech destined for government and critical sectors had to be “secure and controllable”. Many believe this could lead to firms being asked to hand over source code and other trade secrets, despite Beijing’s protestations otherwise.

Anti-censorship crusader Charlie Smith, co-founder of, has little sympathy for those MNCs.

“The Chinese authorities kept pushing back on foreign companies to see how much they would take. The more they pushed, the more foreign companies wilted. The authorities actually ‘conceded’ and removed the demand that foreign companies keep all of their data in China,” he told me by email.

“These companies – Apple, LinkedIn, Microsoft and the like – should shoulder a lot of the blame here. They could have stood up together in unison against the authorities. Instead, they practically helped to write the law and, as a result, the Chinese authorities will continue their assault on the basic rights of the Chinese people.”

What this means in the long term is the marginalisation of US tech firms in China. Apple’s China revenues fell 30% in the fiscal fourth quarter as local rivals flourished, and Cisco continues to struggle in the face of competition from Huawei and ZTE.

But you can bet that they’ll all be there right until the last chopper leaves, trying to squeeze every last drop of revenue from the country. In reality, what they need is a Plan B.


Also read:
The South China Sea: A new hacking hotspot
Post-Snowden China’s cold war on tech continues
VPNs: The cat-and-mouse game in China continues
Watchdogs get tough on China’s US investments
A sticky 2016 start for Microsoft China
How far can China push its bid to control the internet?
The Hong Kong Protests and the Great Firewall of China


«What’s holding back Latin America's renewable energy aspirations?


What does the rise of DevOps mean for Agile?»
Phil Muncaster

Phil Muncaster has been writing about technology since joining IT Week as a reporter in 2005. After leaving his post as news editor of online site V3 in 2012, Phil spent over two years covering the Asian tech scene from his base in Hong Kong. Now back in London, he always has one eye on what's happening out East.

  • twt

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.


Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.



Should the government regulate Artificial Intelligence?