China's 2016 Cybersecurity Law Will Change the Way Multinational Companies Do Business in China -
China adopted its controversial Cybersecurity Law on November 7, 2016. The law, which will take effect on June 1, 2017, has broad implications for how multinational companies operate in China. The law addresses a number of issues, including requiring certain companies to pass national security reviews, store user and business data in mainland China, and to provide technical support to Chinese authorities.
Broad Applicability
The law imposes obligations on two tiers of businesses: network operators and critical information infrastructure operators. “Network operators” are defined as owners or providers of any “network,” which in turn is defined as any system of computers or other terminals that collect, store, transmit, and process information. (Article 76.) Given the broad definition of a network—it likely includes most Internet platforms or any two connected computers—most businesses will come within the scope of this term. “Critical information infrastructure operators” are not precisely defined, but Article 31 suggests it includes any businesses operating in the communications, finance, water, power, or traffic sectors, as well as any other businesses using infrastructure that could harm China’s security, economy, or citizens if it were to fail. The law imposes stricter obligations on businesses coming within the scope of this term.
Please see full publication below for more information.
