Friday, November 25, 2016

China’s New Cybersecurity Law

China has formulated its new cybersecurity law that will come into force on June 1, 2017. Dubbed “Golden Shield”, it regulates internet access and data traffic which will be within the domain "order and security of the cyberspace" legislation. In short, information will be censored as it was before. That being said, the exact scope, impact and extend of the new law is not entirely clear. All in all, the new cybersecurity law encompasses 79 articles which you can read here.

The new law consist of seven chapters containing rules and regulations for two types of data, namely regulations for the protection of personal data, and regulations for the protection of critical information infrastructures. To clarify, critical information infrastructure relates to data connected with energy, transport, water supply, finance, public service and e-government infrastructures.

The new law determines that the hardware or software of foreign companies relating to critical infrastructures must be examined beforehand by Chinese officials conducting security audits. It is unclear if such audits would also include the disclosure of source codes. This is a major concern, since China has shown in the past that it has a keen interest in looking at source codes of foreign companies such as Apple.

Furthermore, the new law mandates that personal data and other important critical information infrastructure data must be stored within the Chinese territory. Internet users are also required to register with their real name. This means that Internet providers or providers of messenger services may not allow users who use an alias or screen name to register.

According to the new law, denying or revoking a license may result in penalties. In addition, the Ministry of Public Security may, in the event of suspected threats to the critical information infrastructure, freeze the accounts and other assets of foreign companies or persons.

Amnesty International mentioned in its annual report of 2016 that China for the first time conducted an internet security assessment of internet law. The law originally focused on maintaining national security and the social order. It provides for the possibility of prohibiting the use of Internet by individuals and groups, when such use would impact national security. As a result, freedom of expression and privacy could be restricted.


To read the full law in English, click here. The English translation is courtesy of China Law Translate.