The China Internet Security Law: Necessity or Perfect Excuse?


As a business owner who is interested in tapping into China’s huge market, you need to understand you may very well be one legislative action away from having to pack up your bags and leave (among other things, can help you gain some much-needed legislative clarity before making business-altering decisions, something arguably more important in China than your average Western jurisdiction). The same way, if you are a stakeholder in an entity that is at least partially operating in China, you are inevitably exposed to this layer of risk.

To avoid hypocrisy, however, we do need to mention that Western jurisdictions are hardly immune from the habit of taking the idea of fighting a genuine concern too far. As an illustrative example, the idea of combating terrorism is perfectly legitimate but there are other threats far more dangerous than it right before everyone’s noses: obesity, alcohol/drug abuse and the list could go on and on. Therefore, while the idea of combating terror makes perfect sense, throwing too many resources at this endeavor that would have been put to better use when it comes to greater threats is anything from a mistake to a political decision which uses fighting terrorism as a perfect excuse.

The same principle applies to cybersecurity.

Is it a threat? Most definitely. It is arguably a much more dangerous one than traditional terrorism in light of how dependent on technology pretty much all systems related to western civilization are and how much damage could be inflicted by even minor disturbances. In fact, cyberterrorism may very well be the most dangerous dimension of terrorism but let’s not argue semantics and end up in a rabbit hole we cannot climb out of.

The bottom line is this: while Internet security is most definitely of the utmost importance, it is also the perfect excuse or political umbrella, which allows you to get away with invasive and freedom-limiting legislation in the name of combating cyber threats. The China Internet Security Law (or Cyber Security Law of the People’s Republic of China, to use its longer name) represents a textbook example to that effect, enacted on the 7th of November 2016 and “live” as of the 1st of June 2017.

On the surface, it has the noblest of goals related to cyber security, with the authorities claiming it was enacted in the interest of the general public, to protect the “digital” rights of the average Chinese citizen. However, it not only allows but makes it mandatory for network operators to store vital data on servers located in China as well as grant the authorities the power to do… well, pretty much anything, including spot-checks on day to day operations.

The implications of this should be more than obvious:

  1. From source codes to encryption, foreign businesses are required to surrender their most sensitive information based on legislation that is disturbingly broad, thereby providing little in the way of assurance that the information in question will not end up being used by Chinese competitors or even by the authorities
  2. Foreign businesses found themselves forced to deal with significant new costs and a logistical nightmare, in light of the fact that they had to smoothly transfer vital data from their existing servers (located abroad) to compliant ones located in China
  3. On that note, one cannot help but observe that this provided a tremendous boost for Chinese businesses which have the Chinese infrastructure necessary to provide this all of a sudden mandatory service to foreign entities. Alibaba, Huawei and Tencent are just three examples of Chinese companies which have spent fortunes (billions of US dollars) on networking infrastructure and are currently reaping rewards thanks to the China Internet Security Law
  4. The law indirectly limits the access of Chinese consumers to popular online services. In theory, it doesn’t limit anything, since all operators can continue conducting business in China as long as they comply with the new regulations. For example, Apple did just that. Other companies such as WhatsApp and Skype however refused, with consequences ranging from an outright ban to expansion barriers
  5. Just like with the Great Firewall of China, freedom of speech is limited due to the fact that operators are required to reveal the identity of their users to the Chinese authorities, which have a very broad legal framework at their disposal to ensure they can easily justify their requests
  6. Last but not least (when it comes to the most important implications, of course… needless to say, there are more), this adds yet another layer of uncertainty to an already-uncertain environment, with many existing as well as potential investors asking themselves what is likely to come next

As mentioned frequently here on and as the China Internet Security Law case study illustrates, there are amazing opportunities associated with directly or indirectly grabbing a slice of the Chinese pie… but there are costs and headaches involved which make the entire process let’s just say not suited for everyone. By working with a hands-on consulting service provider such as, which has gathered quite a bit of information as well as experience by operating in this jurisdiction since 2002, you are dramatically increasing the likelihood that you or your organization will gain access to this jurisdiction the smart manner.

Add a Comment

Your email address will not be published. Required fields are marked *