China’s draft cybersecurity law requires companies to hold data in China and could make it hard for foreign hardware vendors to do business. When China adopted a new wide-ranging security law early this month that covers everything from politics to the environment, foreign tech companies were concerned that its broad language meant bad news for them to do business in the country. However, a draft proposal of a new cybersecurity law (link is in Chinese) issued this week shines a bit more light on some of the ways China is looking to regulate data inside the country and influence foreign technology companies, especially Internet service providers (ISP) and hardware manufactures.
According to an International Business Times report this Wednesday on the proposed law, the draft says that ISPs and Internet companies will need to store data in China, with Reuters pointing out that this refers to data collected inside of China as opposed to company data collected from countries other than China. This seems similar to Russia’s tough new cybersecurity law that calla for web companies to set up data centers in the country so that any personal data obtained in Russia on its citizens stays in Russia. The problem with that law, according to European market analysts, is that Russia doesn’t distinguish between personal data—like a person’s name and sex—and routine business data like how many ad clicks does a website operating in Russia receive on a typical day. Essentially, all business data, even manufacturing and IT data, can be interpreted as personal data under the Russian law, which a European think tank studying the law said could dampen the desire of foreign companies to work in Russia. China’s proposed law seems vague as to what exactly constitutes the type of data China wants to keep on shore, but the law is still open for modifications until August, so that issue may clear up by then. What is different between this portion of the law and Russia’s is that China will allow outside tech companies to apply for special exemptions that could allow them to hold Chinese data outside of the country.
Internet operators in China are also subject to more scrutiny under the proposed law. They will have to aid the Chinese government when it conducts criminal investigations or issues that officials believe could compromise national security. These companies will also have to allow for annual audits to determine if there are potential security concerns for the Chinese government. As for hardware manufacturers, it should come as no surprise that the proposed law calls for network equipment—like switches and routers—to be approved by the Chinese government before being sold domestically. China has made public its concerns that the United State’s National Security Agency was installing so-called backdoors within Cisco’s hardware for the purpose of spying, and as a result the country has made it much more difficult for foreign hardware companies to do business inside China. Both Cisco and Hewlett Packard have seen their sales in China suffer as the country scrutinizes imported hardware. This is why Cisco said in June that it is investing $10 billion in the country to rebuild relationships and perhaps manufacture more gear inside the country.
HP in May sold off 51% of its server and networking business in China to Tsinghua University, in the hopes of boosting sales in the country as well. It’s these type of deals that Cisco CSCO 1.87% and HP HPQ 0.29% are doing with China that allow them to potentially grow their business while appeasing the Chinese government. China does not seem like it’s going to reach compromises that totally satisfy every foreign tech company that wants to grow in the country, however. China’s official Xinhua News Agency published an editorial this week scolding foreign companies, for their intransigence. In it, Xinhua claimed that the new laws are not designed to thwart foreign companies, and that China will consider “financial input from overseas and expertise in the process.” The editorial stated that foreign companies “should first abandon their victim complex and learn to adapt to the new norms in order to continue to thrive.”
Read More : Fortune.com/2015/07/08/chinas-proposed-cybersecurity-law-impact-tech-companies/