In context

China adopts new national security law and prepares legislation on cyber security

September 9, 2015
In context

China’s top legislative body adopted a new National Security Law on 1 July 2015. Under this law, foreign investments will be subject to a national security review. No guidance has been given so far on how the review will be implemented and what the practical impact of the new law will be. There is a risk that the law or any implementing regulations will restrict access to activities deemed sensitive by the Chinese government. This could have a significant impact on foreign businesses dealing with or operating in China.

In addition, the government published a draft law on cyber security on 6 July 2015. Once adopted, this will be the first Chinese law focusing exclusively on cyber security. The draft indicates that the Chinese government is preparing to tighten its grip on domestic networks and data security.


We recommend closely keeping track of further developments, as both laws could significantly impact foreign businesses in China.


The National Security Law (NSL) is one of three pieces of legislation adopted or announced during recent months in relation to China’s national security agenda. It is expected that two more national security laws, relating to foreign non-governmental organisations and counterterrorism, will be issued in the near future.


The NSL effectively grants the Chinese National Security Commission, led by Chinese president Xi Jinping, oversight of China’s national security across various domains covering politics, military, economy, religion, cyberspace and even ideology. The law defines security as the state in which “a country’s government, sovereignty, unification, territorial integrity, well-being of its people, sustainable development of its economy and society, and other major interests are relatively safe and not subject to internal and external threats”.


The concept of national security reviews may not be new to the foreign business community, but the NSL potentially covers a very broad range of business activities and investments which may be subject to additional scrutiny by the Chinese government. The NSL provides a legal basis for the existing national security review mechanism to be implemented beyond the area of mergers and acquisitions. In addition, the reach of the NSL is extended to various types of activities, such as the acquisition of properties and financial transactions. Any kind of foreign investment might therefore trigger a national security review and face transactional uncertainties. Furthermore, the NSL does not provide legal remedies for foreign companies to which a national security review applies.


As implementing regulations have not yet been issued, the practical implications of the NSL are not yet clear. It is also unclear which governmental bodies will perform the national security reviews. The NSL attributes this task to national governments, provinces, autonomous regions and municipal bodies, but it as yet unknown which of these bodies will have the formal authority to perform the national security review process.


Given the potentially significant practical implications of the NSL, we recommend closely following all developments in relation the NSL and specifically monitoring the adoption of any implementing regulations.


In addition to the NSL, a draft Cyber Security law (CSL) was published on 6 July 2015. This draft legislation sets forth a framework for China’s cyber security regime and includes broad regulatory scope on cyber security, including specific provisions on network products, network operations security, data security and network information security. The CSL provides, in relevant part, that operators of “key information infrastructure” must store citizens’ personal data and other key data within the territory of China. Given the broad definition in the draft CSL of “key information”, cross-border transfers between Chinese subsidiaries and overseas parent or affiliated operations – which for instance includes the sharing of customer data – could potentially be restricted by this local storage requirement or be subject to a security assessment and approval by the Chinese government.


The Chinese government seems determined to tighten its control over China’s networks in order to increase national security. The draft CSL aims to accomplish this goal by strict regulation of network operation and network information security. Once adopted, the CSL will almost certainly have a significant influence on all business sectors in China. We recommend closely monitoring the developments in relation to the CSL.

We keep track of you on our site with cookies, in order to offer the basic functionality of the website and generate user statistics on an anonymous basis to make our website more user-friendly. We do not use or share your data with third parties for advertising purposes.