China to launch cybersecurity law despite concerns

May 30, 2017 by Ben Dooley
Companies are pleading with the Chinese government to delay the implementation of new cybersecurity legislation amid concerns about unclear provisions and how the law would affect personal information and cloud computing

China will implement a controversial cybersecurity law Thursday despite concerns from foreign firms worried about its impact on their ability to do business in the world's second largest economy.

Passed last November, the law is largely aimed at protecting China's networks and private user information at a time when the recent WannaCry ransomware attack showed any country can be vulnerable to cyber threats.

But companies have pleaded with the government to delay the legislation's implementation amid concerns about unclear provisions and how the law would affect personal information and cloud computing.

The government appears to still be scrambling to finalise the rules.

Just two weeks ago, Zhao Zeliang, director of the cybersecurity bureau, gathered some 200 representatives from foreign and domestic companies and industry associations at the new headquarters of the Cybersecurity Administration of China (CAC) in Beijing.

The May 19 discussion centred on a draft of the rules for transferring overseas, participants told AFP.

Attendees received an updated version of the document, as well as Zhao's assurance that regulators would remove some of the language that had received strong objections, they said.

The new document, obtained by AFP, removed a contentious requirement for companies to store customers' personal data in China.

'Headaches for companies'

But concerns remain.

"The regulator is unprepared to enforce the law" and it is "very unlikely" anything will happen on June 1, said one participant, who asked for anonymity to discuss the sensitive issue.

That impression was only strengthened a few days after the meeting, when authorities issued 21 new draft documents describing national standards on topics from cloud computing to financial data, noting they would be available for public comment until July 7.

More new drafts, including detailed guidelines on cross-border data transfers, were published Saturday.

It is "crystal clear that the regulatory regime is evolving and does not simply switch on like a light June 1", said Graham Webster, an expert on Sino-US relations at Yale Law School.

Beijing, he said, is "wrestling with legitimate challenges that every country faces, and ... much of the caution and ambiguity comes from a desire to get things right."

But the process is causing "headaches for companies, Chinese and foreign alike".

Protecting 'national honour'

China already has some of the world's tightest controls over web content, protected by what is called "The Great Firewall", but even some of its universities and petrol stations were hit by the global ransomware attack in May.

The draft cybersecurity rules provided at the CAC meeting address only one part of the sweeping law.

The legislation also bans internet users from publishing a wide variety of information, including anything that damages "national honour", "disturbs economic or social order" or is aimed at "overthrowing the socialist system".

Companies are worried that the new law could lock them out of the market.

Paul Triolo, a cybersecurity expert at the Eurasia Group, wrote in a research note that regulators will likely introduce "new hurdles for foreign compliance and operations" in industries, such as , where China is actively seeking a competitive advantage.

As a result, "companies with politically well-connected competitors could see their profile raised for things such as cybersecurity reviews".

The European Union Chamber of Commerce, among other groups, has urged Beijing to "delay the implementation of either the law or its relevant articles".

It "will impose substantial compliance obligations on industry" and "cautious, sound, consistent and fully reasoned supporting mechanisms related to its implementation are essential," the group said in a statement last week.

The chamber called on policymakers to follow a "transparent" process that will help eliminate "discriminatory market access barriers".

While there is no indication the law itself will be pushed back, the draft rules distributed at the CAC meeting says companies will have until December 31, 2018 to implement some of its requirements.

"It's been enormously difficult for our companies to prepare for the implementation of the cybersecurity law, because there are so many aspects of the law that are still unclear," said Jake Parker, vice president of the US-China Business Council.

"There's not enough information for companies to be able to develop internal compliance practices."

Explore further: China's fondness for pirated software raises risks in attack

Related Stories

China passes controversial cybersecurity law

November 7, 2016

China on Monday passed a controversial cybersecurity bill further tightening restrictions on online freedom of speech, raising concerns that it could intensify already wide-ranging Internet censorship.

Business group: China tech plan threat to foreign firms

March 7, 2017

China is violating its free-trade pledges by pressing foreign makers of electric cars and other goods to share technology under an industry development plan that is likely to shrink access to its markets, a business group ...

Baidu CEO defends state support of Chinese firms

March 9, 2017

State support for private firms is crucial in China's market, the head of the mainland's online search giant Baidu said Thursday, following complaints from European businesses that Beijing-backed firms are pushing out foreign ...

Recommended for you

The wet road to fast and stable batteries

December 14, 2017

An international team of scientists—including several researchers from the U.S. Department of Energy's (DOE) Argonne National Laboratory—has discovered an anode battery material with superfast charging and stable operation ...

US faces moment of truth on 'net neutrality'

December 14, 2017

The acrimonious battle over "net neutrality" in America comes to a head Thursday with a US agency set to vote to roll back rules enacted two years earlier aimed at preventing a "two-speed" internet.

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.