After much anticipation, the Chinese legislature finally passed the Cybersecurity Law (“CSL“) on 7 November 2016, and the CSL will come into legal effect on 1 June 2017. The CSL is the last of the trio of laws focusing on cybersecurity, after the National Security Law (which came into effect on 1 July 2015) and the Anti-Terrorism Law (which came into effect on 1 January 2016).
The CSL is significant because of its broad scope and potentially far reaching effect. While much still hinges on implementing regulations and standards to be issued by the State Council, the Cybersecurity Administration of China (“CAC“) and the Ministry of Industry and Information Technology, it has the potential to create significant disruption to business operators in China, in particular foreign business operators with significant online/digital presence and/or operations reliant on telecommunications network and/or the constant cross-border movement and sharing of business, employee and consumer data. In a worst-case scenario, many foreign business operators may be required to carve-out China from their global or regional technology, infrastructure/backbone, and/or become mired in time-consuming regulatory approvals for the export or sharing of data with entities outside China.
Businesses are advised to follow legal and regulatory developments in this area closely, and start internal/external discussions and analysis on their technology and data configurations to prepare for the possibility of stringent local data residency requirements.
We are pleased to attach our client alert. Please feel free to share with your colleagues who might also be interested in the topics raised in this newsletter.
If you have any questions in relation to the issues raised, please do not hesitate to get in touch with your usual contact at Baker & McKenzie or any of the lawyers listed below.
Sincerely, Information Technology and Communications Group Baker & McKenzie