China just put into effect a new set of cyber security laws it approved last year that, while aimed to improve security measures against cybercrime, could have a negative effect on foreign business. According to Beijing’s state news agency, Xinhua, the laws are intended to counteract threats from cyber terrorism and hacking; they are being put into place as a defense mechanism to protect personal information and will give the central government more control over digital companies operating within the country.
These new laws would seem, on the outset, to have a positive effect on business, protecting companies from cyber crime and fraud. However, there may be an unintended side effect when it comes to international business relations with China. For companies that have business relations with China or are looking to form them (which, in a globalized world, is a lot), these stricter regulations could prove dangerous. According to TechCrunch, foreign companies that do business with China have argued for more clarity surrounding the new laws regarding cross-border flow of data and information and more time to implement them. In May, industry organizations including the U.S. Chamber of Commerce lobbied the Chinese government to delay the new law, but so far China’s internet regulator, The Cyberspace Administration of China, has only responded by agreeing to push back the date by which the rules will be implemented to 2018. China has offered very little information on what these regulations will actually look like.
What we do know is that one of the provisions of the law allows China to conduct security reviews of technology products and services that could impact national security. The Chinese government has been very vague about what kinds of products will be subject to review, but critics argue that these regulations are invasive and are concerned that they will inhibit trade relations.
So, is there legitimate reason for concern yet, or are these speculations mere media hype? As someone who does a lot of international business, I can understand and sympathize with these international companies. While business usually involves some level of risk, uncertainty of this level is unprecedented and concerning. Companies are unsure how to proceed; while they have been granted a grace period of up until 2018 to comply, failure to abide by the laws could result in a $7,350 to $73,00 fine. When international companies aren’t even sure exactly what the new laws will entail, how can they be expected to follow them?