China to launch cybersecurity law despite concerns


Beijing: China will implement a controversial cybersecurity law on Thursday despite concerns from foreign firms worried about its impact on their ability to do business in the world’s second largest economy.

Passed last November, the law is largely aimed at protecting China’s networks and private user information at a time when the recent WannaCry ransomware attack showed any country can be vulnerable to cyber threats.

But companies have pleaded with the government to delay the legislation’s implementation amid concerns about unclear provisions and how the law would affect personal information and cloud computing.

The government appears to still be scrambling to finalise the rules.

Just two weeks ago, Zhao Zeliang, director of the cybersecurity bureau, gathered some 200 representatives from foreign and domestic companies and industry associations at the new headquarters of the Cybersecurity Administration of China (CAC) in Beijing.

The May 19 discussion centred on a draft of the rules for transferring personal data overseas, participants told AFP.

Attendees received an updated version of the document, as well as Zhao’s assurance that regulators would remove some of the language that had received strong objections, they said.

The new document, obtained by AFP, removed a contentious requirement for companies to store customers’ personal data in China.        

'HEADACHES FOR COMPANIES’

But concerns remain.

”The regulator is unprepared to enforce the law” and it is “very unlikely” anything will happen on June 1, said one participant, who asked for anonymity to discuss the sensitive issue. 

That impression was only strengthened a few days after the meeting, when authorities issued 21 new draft documents describing national standards on topics from cloud computing to financial data, noting they would be available for public comment until July 7. 

More new drafts, including detailed guidelines on cross-border data transfers, were published Saturday.

It is “crystal clear that the regulatory regime is evolving and does not simply switch on like a light June 1”, said Graham Webster, an expert on Sino-US relations at Yale Law School.

Beijing, he said, is “wrestling with legitimate challenges that every country faces, and... much of the caution and ambiguity comes from a desire to get things right.”

But the process is causing “headaches for companies, Chinese and foreign alike”.

PROTECTING 'NATIONAL HONOUR' 
      
China already has some of the world’s tightest controls over web content, protected by what is called “The Great Firewall”, but even some of its universities and petrol stations were hit by the global ransomware attack in May.

The draft cybersecurity rules provided at the CAC meeting address only one part of the sweeping law.

The legislation also bans internet users from publishing a wide variety of information, including anything that damages “national honour”, “disturbs economic or social order” or is aimed at “overthrowing the socialist system”.

Companies are worried that the new law could lock them out of the market.

Paul Triolo, a cybersecurity expert at the Eurasia Group, wrote in a research note that regulators will likely introduce “new hurdles for foreign company compliance and operations” in industries, such as cloud computing, where China is actively seeking a competitive advantage.

As a result, “companies with politically well-connected competitors could see their profile raised for things such as cybersecurity reviews”.

The European Union Chamber of Commerce, among other groups, has urged Beijing to “delay the implementation of either the law or its relevant articles”. 

It “will impose substantial compliance obligations on industry” and “cautious, sound, consistent and fully reasoned supporting mechanisms related to its implementation are essential,” the group said in a statement last week.

The chamber called on policymakers to follow a “transparent” process that will help eliminate “discriminatory market access barriers”.

While there is no indication the law itself will be pushed back, the draft rules distributed at the CAC meeting says companies will have until Dec 31, 2018 to implement some of its requirements.

”It’s been enormously difficult for our companies to prepare for the implementation of the cybersecurity law, because there are so many aspects of the law that are still unclear,” said Jake Parker, vice-president of the US-China Business Council. ”There’s not enough information for companies to be able to develop internal compliance practices.” - AFP
Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 1
Cxense type: free
User access status: 3
   

Did you find this article insightful?

Yes
No

Next In Business News

SK Nexilis to build RM2.3bil copper foil facility in Kota Kinabalu�
Gabungan AQRS wins RM83.57mil job
BSL Corp slides over unsuccessful corporate exercise
RGT to speed up expansion as Q2 profit soars on strong export
Duopharma to supply 6.4 million doses of Sputnix V vaccine�
Pharmaniaga signs deal to supply 12 million doses of vaccine to MOH
Indonesia says new sovereign wealth fund attracts USD10b commitment
Disappointing close for Bursa, Public Bank retains part of gains
Jet engine maker Rolls-Royce cuts 2021 forecasts on travel slump
Malaysia's debt securities still attractive even if OPR cut

Stories You'll Enjoy


-->