Based on the Cybersecurity Law adopted on 2016, Chinese government has come up with a comprehensive Internet security/surveillance program. The surveillance program might create a whole host of challenges. Beijing can utilize the cybersecurity standards to pressure companies to undergo invasive product reviews where sensitive intellectual property (IP) and source code though not explicitly written but may be required as part of verification and testing.
According to Financial Times, when China’s Cyber Security Law took effect in June 2017, it addressed all aspects of cyber security from network systems and facilities to data localization and the protection of critical information infrastructure. Analysts and foreign companies have criticized it as extremely vague and exceptionally wide in scope.
The Cyber Security Law of the People’s Republic of China took effect on June 1st, 2017. Article 37 of the Cybersecurity Law requires personal information and important data collected by operators of critical information infrastructure (CII) to be stored within China’s border, while Article 41 states that network operators are required to gather and store personal information in accordance with the law, administrative regulations and their agreements with users.
Overseas firms have demanded for more clarity and more time to implement the controls that the government wants put in place, but so far China’s internet regulator, The Cyberspace Administration of China, has only relented on pushing back the date for laws relating to the cross-border flow of information. A company that is not registered in China but that conducts business in or provides products or services to China must also be deemed as conducting “operations within the territory of China” and is covered by these regulations.
The new foreign investment law encourages overseas companies to enter China, but rigid cyber surveillance regulations force them to not just partner with local companies but to sometimes share technology, a practice that critics say amounts to a forced transfer of crucial know-how to eventual competitors. For multinational corporations, the proposed rules mean they would now be liable for an additional level of government assessment for information on the likes of local employees and suppliers before sending it to a global database. Also, the rules would create much greater uncertainty for overseas operators which collect data for companies with cross-border business.
China, in other words, appears to be floating the first competitive alternative to the open internet—a model that it is steadily proliferating around the world. China views the internet as a threat to its domestic security that must be controlled within its borders whether because of its potential for domestic coalition-building or its ability to give populations access to censored information. Heavy content censorship, pervasive surveillance, and traffic throttling are all the part of this approach.
Foreign companies in China are being subjected to cyber-security probes as the government tightens controls over areas such as cloud computing, the Financial Times reported. Developments to the Multi-Level Protection Scheme (MLPS), which upholds the cyber law in China, are expected to intensify the monitoring of tech industries, including mobile internet, IoT manufacturing, cloud usage, data and security.