[And while Chinese officials say the new rules will help guard against cyberattacks and prevent terrorism, critics, many of them from businesses, have their concerns. Companies worry that parts of the new law, which takes effect on Thursday, will make their operations in China less secure or more expensive. In some cases, they argue, it could keep them out entirely.]
By Sui-Lee Wee
BEIJING
— As China moves to start
enforcing a new cybersecurity law, foreign companies face a major problem: They
know very little about it.
The law — which was rubber-stamped by the
country’s Parliament last year — is part of wide-ranging efforts by Beijing to
manage the internet within China’s borders. Those efforts have been stepped up
in the years since Edward J. Snowden, the whistle-blower and former American
intelligence contractor, revealed that foreign technology firms could help
governments spy.
And while Chinese officials say the new rules
will help guard against cyberattacks and prevent terrorism, critics, many of
them from businesses, have their concerns. Companies worry that parts of the
new law, which takes effect on Thursday, will make their operations in China
less secure or more expensive. In some cases, they argue, it could keep them
out entirely.
The law will have a big impact on how
business is done in China, said Michael Chang, an executive with the Finnish
technology company Nokia and the vice president of the European Union Chamber
of Commerce in China. But, he said, “There’s unfortunately a lot of confusion.”
Continue reading the main story
RELATED COVERAGE
As Zeal for China Dims, Global Companies
Complain More Boldly APRIL 19, 2017
China’s Cybersecurity Efforts Could Pose New
Challenge for Foreign Firms DEC. 27, 2016
China’s Internet Controls Will Get Stricter,
to Dismay of Foreign Business NOV. 7, 2016
New Rules in China Upset Western Tech
Companies JAN. 28, 2015
“Industry is not ready because the
implementation rules are not clear,” Mr. Chang said, speaking at an event
organized by the lobbying group to announce the results of its annual business
confidence survey.
“We still have a lot of unclarified territory
that needs to be addressed as soon as possible.”
The law would require that companies store
their data within China, and would impose security checks on companies in
sectors like finance and communications. Individual users, meanwhile, would
have to register with their real names to use messaging services.
But Mr. Chang said that officials had
conveyed “less than half” of the specifics of how the law would be implemented.
“A wide range of companies are doing data
transfers — it’s the lifeblood of their business,” he said.
Executives have complained that the wording
of the law is ambiguous, fearing that it gives China’s ruling Communist Party
substantial leeway to target them.
One instance cited by Mats Harborn, president
of the European Union Chamber of Commerce in China, in a round-table discussion
with journalists, was that the government said it wanted to regulate “critical
information infrastructure,” but had not defined what that meant.
“The way it’s enforced and implemented today
and the way it might be enforced and implemented in a year is a big question
mark,” added Lance Noble, the chamber’s policy and communications manager. He
warned that uncertainty surrounding the law could make foreign technology firms
reluctant to bring their best innovations to China.
In May, a coalition of business lobby groups
representing European, American and Asian companies called on China to delay
implementing the law, while the European Union Chamber of Commerce in China
asked for additional time to allow companies to adhere because of the
“substantial compliance obligations.”
The Cyberspace Administration of China, the
country’s internet regulator, has so far decided to delay implementation only
of the regulations governing cross-border data flow, which will now take effect
at the end of 2018, according to a revised draft of the rules that was seen by
The New York Times.
The regulator could not be reached despite
multiple telephone calls.
Paul Triolo of the political risk consultancy
Eurasia Group noted the decision to delay that component of the law, saying in
a report last week that “getting the cross-border data flow issue right is a
prerequisite for Beijing’s efforts to promote economic globalization.” He wrote
that China, for the time being, “is eager to avoid being seen as stifling
digital trade.”
The European Union and China plan to hold a
summit meeting on Thursday in Brussels. Friction between them has mounted after
the European Union imposed anti-dumping duties on Beijing, accusing it of
flooding the European market with cheap steel.
Many foreign companies are becoming
increasingly skeptical of China’s promises of economic reform. Mr. Harborn, the
lobbying group president, said he expected European officials to complain to
Premier Li Keqiang of China about unequal market access in the country for
European companies.
The European Union Chamber of Commerce in
China said that half the members who took part in its annual business
confidence survey reported higher sales in China last year, thanks largely to a
Chinese government stimulus package in the first half of the year. But 40
percent of respondents said they believed regulatory barriers would increase
over the next five years.
Follow Sui-Lee Wee on Twitter @suilee.
Paul Mozur contributed reporting from Hong
Kong. Carolyn Zhang contributed research from Shanghai.