On June 1, China will begin to implement its new Cybersecurity Law, and foreign companies are worried. China already restricts technology, and the new law will boost tighter control over data and enforce a broader definition of the services and products impacted. Firms are particularly concerned about one regulation that would require them to store information on mainland China, forcing them to rely on cloud providers such as Alibaba and Tencent, which have more local services, as opposed to offerings from Amazon or Microsoft.
Bloomberg reports that another provision is “a more comprehensive security-review process for key hardware and software deployed in China and a requirement to assist authorities conducting security investigations.” In a rare public response, more than 50 trade associations and chambers of commerce signed a letter asking for a delay, noting that the law “could impact billions of dollars of cross-border trade and lock out foreign cloud operators because of limits on how they operate in the country.”
“These measures will add costly burdens, restrict competition and may decrease the security of products and jeopardize the privacy of Chinese citizens,” stated the letter, from organizations “representing businesses based in the U.S., Europe, Japan, Korea, Australia, and elsewhere.” Domestically, Beijing University professor Li Yuxiao supports the law, saying that “secure information systems [are] integral to protecting the economy while also placing value on domestic operating systems over foreign products.”
Yet another provision “requires IT hardware and services to undergo inspection and verification as ‘secure and controllable’ before companies can deploy them in China,” which is “already tilting purchasing decisions at state-owned enterprises.”
While the new Cybersecurity Law impacts all companies in China, foreign firms are expected to feel the impact more, “because they typically have more businesses, headquarters and data-processing centers overseas with a greater need to move information outside the mainland,” said DLA Piper partner Scott Thiel.
“We can assume that Chinese leadership will use it as an example of why China needs its own technology and cannot continue to rely on foreign suppliers,” said Adam Segal, director of the Digital and Cyberspace Policy Program at the Council of Foreign Relations.