Navigating national and cybersecurity risks in China

China has proposed a number of regulatory changes aimed at national and cybersecurity over the past 12 months. Multinational companies (MNCs) and foreign financial institutions can be significantly restricted in terms of their operations and data management, and are encouraged to make their voices heard regarding these proposals.

The new PRC National Security Law (国家安全法) (NSL) came into force in July 2015 and forms the centrepiece of a series of other proposed “security” laws, including a draft PRC Network Security Law (网络安全法) (Cybersecurity Law) and a draft PRC Anti-terrorism Law (反恐怖主义法). Combined with the currently suspended Guiding Opinions on the Application of Secure and Controllable Information Technology to Strengthen the Network Security and Information Technology Development of the Banking Industry (关于应用安全可控信息技术加强银行业网络安全和信息化建设的指导意见) (CBRC Opinions) issued by the China Banking Regulatory Commission (CBRC), these have caused increasing concern among international investors operating in China.

National Security Law  

The NSL has a much wider ambit than its 1993 predecessor, which focused on the prevention of espionage and state secrets leakage. The NSL adopts a very broad definition of “national security” that goes beyond state security in its traditional sense and extends to the economy, finance, technology, information and cybersecurity (among others).