New Chinese National Security Law Brings Further Focus to Global Cybersecurity

On July 1, 2015, China’s top legislature adopted a new National Security Law (中华人民共和国国家安全法), highlighting cyber security and paving the way for a coordinated crisis management system.  The law aims to provide a general legislative framework to cover a wide range of areas, ranging from finance, politics, the military and cyber security to culture, ideology and religion.

The highlights of the legislation include:

• The State is to develop enhanced network and information security capabilities so as to prevent cyber and information security risks, and to ensure that core technology, critical infrastructure and key areas of information systems and security data are controllable (Article 25).
• The State is to establish a system and mechanisms for national security review and regulation on matters which affect or may affect foreign investment, key technologies, internet and network information technology products and services, as well as other significant matters which may affect national security (Article 59).
• The State is to strengthen the capacity of innovation and the development of indigenous key technologies, as well as strengthen the use of intellectual property rights (Article 24).

Critics have voiced concerns that the broad language of the legislation would create uncertainty for business interests as the legislation may allow the Chinese government to restrict foreign market access based on vague and overarching national security considerations.  This adds to concerns that the government may act to prevent government departments, the military and State-owned enterprises from using foreign-produced technology.

As adopted, the National Security Law lacks specific requirements to ensure that IT systems are secure and controllable, as well as details on the practical implementation of the proposed national security review system.  Accordingly, specific implementation rules are expected to be issued in the near future.