Is China really opening up big data?

The government controls 80% of all information generated in China and will publicize more of it, except in areas concerning national security and business secrets, Li said, adding that this will create a market for fair competition while integrating it with the internet and big data to streamline administration. He also pledged to focus on enhancing intellectual property (IP) rights and trade secrets protection as well as cybersecurity.

Guizhou, one of the least developed provinces in western China, is the country's pilot zone for big data and high tech. Qualcomm Inc. signed a joint venture with the local government in January this year to develop advanced server chips for the PRC market. China was already grooming the province to become a major cloud computing hub. Alibaba Group Holding Ltd. and Uber Technologies, Inc. have already set up operations in the area.

Dell CEO Michael Dell said at the summit that “China will play an increasingly important role in the big data era” and unveiled a new company, Guizhou YottaCloud Technologies Co Ltd., a subsidiary of the U.S. computer maker's local partner Guizhou Wing Cloud High Technology.

The president of Dell Greater China, Huang Chenhong, said that the new entity will provide a key platform for selling cloud services to small- and medium-sized enterprises and local governments, and announced that Dell will “establish a cloud industry alliance to promote the development of China's infant cloud market.”

Last year, the company promised to invest $125 billion in China over the next five years to boost innovation and R&D.

In an interview with China Law & Practice, Bin Qi, a data and TMT partner at Jin Mao Partners in Beijing, said that Guizhou province has taken the lead in establishing a hub for data centers, offering businesses cheap rental and bandwidth fees and labor costs as well as financial subsides including tax incentives. The purpose of last week's summit was for the provincial government to show the world what it has to offer, as well as provide a forum for global investors and major industry players to discuss legality, security and privacy issues related to data exchange, he said.

The government is encouraging foreign investors to bring their technical expertise and cloud computing solutions to China by partnering with a local company, by either a joint venture or strategic alliance, to provide a world-class data center. The current level of sophistication of Chinese firms' technology and security is not even close to global standards, but they can provide the infrastructure and data center, local licenses, technical and customer service support and local client base, said Qi.

But despite the encouragement of such investments, “I don't see any national or significant breakthrough from this model,” Qi said. “Foreign companies are still restricted to the 50% ownership limit for IDC [internet data center] services under the Ministry of Industry and Information Technology (MIIT)'s Classified Catalogue of Telecommunications Services (Telecom Catalogue), which took effect on March 1 and requires them to work with a licensed local partner. Cloud computing and big data are also subject to national security and cybersecurity reviews, and there's no trend indicating that these will be lifted anytime soon,” he added.

It's still a very tough environment for MNCs, Andrew McGinty, Shanghai-based partner and head of Hogan Lovells' Asia corporate group, told China Law & Practice.

“On one hand, all these pieces of legislation heavily emphasize cooperation with security and data storage requirements, while on the other, a 50% foreign ownership requirement for value-added telecom services (VATS) stems from China's WTO commitments,” he said.

At the time of the WTO negotiations, international investors assumed that 'value-added telecom services including so and so' mentioned in the agreement captured everything within the definition of these services. But the MIIT interpreted 'including' as meaning 'namely', and as far as it's concerned, it has no obligation to open up any sectors not expressly listed in the schedule to foreign investors, McGinty explained.

One of the few examples the MIIT has voluntarily liberalized is e-commerce. The Shanghai Free Trade Zone piloted 100% foreign ownership in the sector, allowing WFOEs [wholly foreign-owned enterprises] to engage in “online data processing and data transaction processing services,” in January 2015. And five months later, this relaxation was expanded nationwide. Lawyers say that in practice, however, approval still remains difficult to obtain for non-domestic firms.

For now, data companies could start with the SaaS [Software as a Service] cloud-based offering as this component hasn't been treated purely as a telecom service under the Telecom Catalogue unlike the other two models—IaaS [Infrastructure as a Service] and PaaS [Platform as a Service]—which are now under the umbrella of IDC services, said Qi, adding that this means businesses won't need to go too deep into the infrastructure or platform, and may be able to provide services in China without the relevant telecom licenses. This story explains how SaaS is possibly being regulated as both a telecom and computing service under the Telecom Catalogue.

But even SaaS isn't completely risk-free as it falls somewhere between IDC and ICP [internet content provider] services, McGinty said.

A foreign investor can apply through the CEPA [Closer Economic Partnership Arrangement] route in compliance with the 50% VATS ownership cap to get an IDC license, or take up to 50% equity of an ICP engaging in online database search and retrieval under the WTO commitments.

The ambiguity of where SaaS fits in terms of VATS licenses within the Telecom Catalogue makes it difficult to assess whether one permit or the other would indeed be sufficient, however.

“SaaS providers that are mainly software companies would have trouble understanding why they should suddenly have to become infrastructure players as IDCs to continue operating the business, as the logical step would be for them to outsource the hosting part to a licensed IDC,” said McGinty.

It's really a different ballgame in China, where the key focus increasingly lies in the nature and content of the data being stored, he added.

“The way big data is used will define how it will be managed and regulated,” Qi said. This includes determining whether the data is free to flow out of the PRC or free to transact without extracting sensitive personal information. The government needs to strike a balance between fostering big data-oriented businesses and personal data security and privacy, he added.

Data protection is an extremely prominent issue in the country—as shown by the 2015 PRC Criminal Law amendment, the new PRC Anti-terrorism Law, PRC National Security Law and draft PRC Network Security Law (Cybersecurity Law) to all the various ministerial measures that govern information security—where it is regulated at the highest levels, as well as vertically by the relevant authority. For instance, the CIRC [China Insurance Regulatory Commission] sets standards for managing mass information in the insurance industry, as does the CBRC [China Banking Regulatory Commission] in the banking and finance sector, and the CFDA [China Food and Drug Administration] in the medical space.

In the short and medium term, MNCs will continue to cooperate with Chinese companies and license their technologies into China, said McGinty.

But the ultimate goal must be to have the right to brand and operate these services themselves, which in turn would benefit the local consumers who would be able to receive the latest products. And in the long run—absent any major change in the regulatory environment for telecom and internet services, which seems highly unlikely—MNCs wanting equity-type control may have no better option than to pursue a VIE [variable interest entity] structure, notwithstanding the significant legal risks involved with that as well, he said.

Ideally, all MNCs would want to put their best technology and crown jewels in China, and in return China would get world-class products, but they need to get comfortable knowing that their IP is safe and is not somehow going to be misappropriated, stolen or leaked, and that the degree of government regulation and control over their data is not excessive. Joint venture requirements are a significant risk factor for MNCs with valuable technology and IP, and choosing the right partner remains as important as ever.

Things may improve once the national security-related legislation has bedded down, but at the moment there are too many moving parts and the level of confidence in China isn't quite there yet, McGinty said.

By Katherine Jo

李克强总理在5 月25 日的发言中表示，中国将打造更透明、更平等的市场，以吸引针对大数据和电子商务的海外投资，这引起了律师们的质疑，某些从业者认为不太可能会对现有限制减少到一个程度足以吸引重大的外国所有权投资。

他们剑指业内非中国股权控制的 50% 上限，以及具有主控作用的国家和网络安全要求。

总理是在贵州省贵阳市举办的中国大数据产业峰会暨中国电子商务创新发展峰会的开幕仪式上作出这番主旨演讲的。这一盛会在2016 年贵阳国际大数据产业博览会期间举行，共有20,000 家顶尖中国和跨国公司出席，相关人士包括Qualcomm总裁Derek Aberle、Dell CEO Michael Dell、Microsoft 执行副总裁陆奇、腾讯董事会主席马化腾、百度总裁李彦宏和京东CEO刘强东。

此行业市场巨大，根据《China Daily》，中国2015 年的大数据市场价值1,105 亿元人民币（168 亿美元），而且预计将在2020 年达到8,790 亿元人民币，届时将占全球所有数据的20% 。

李克强总理表示，目前政府控制了80% 的国内生成信息，但将公开更多信息（除了涉及国家安全和商业秘密的领域），帮助打造公平竞争的市场，并将这些数据与互联网和大数据整合，以简化管理。他还承诺注重强化知识产权、商业秘密保护，以及网络安全。

贵州虽然是中国西部发展程度最低的省份之一，但现已成为国家大数据和高科技试验区。 Qualcomm在今年 1 月与当地政府签署了合资协议，共同研发适用于中国市场的先进服务器芯片。中国已计划将贵州省发展为主要云计算中心。阿里巴巴集团控股有限公司和 Uber Technologies也已在该地区设立运营处。

美国计算机生产商Dell 的CEO Michael Dell 在此次峰会上表示，“中国将在大数据时代扮演愈发重要的角色”，并宣布其本地合作伙伴贵州高新翼云科技有限公司的全新子公司贵州优特云科技有限公司成立。

Dell大中华区总裁黄陈宏表示，此新实体将为中小型企业和当地政府提供重要的云服务销售平台，并宣布 Dell 将“建立云产业联盟来促进中国新生云市场的发展”。

去年，Dell 承诺在未来五年间向中国投资 1,250 亿美元，以推动创新和研发。

在与《China Law & Practice》的访谈中，金茂凯德律师事务所在北京的数据和TMT 合伙人齐斌表示，贵州省已在建立数据中心方面取得领先地位，为企业提供具有成本效益的租赁和宽带服务、劳动力以及财务补贴（包括税收减免）。他指出，上周举办的峰会旨在让贵州省政府向全世界展示其所提供的条件和优惠，并为全球投资者和主要业内企业提供论坛，来讨论有关数据交易的法律、安全和隐私问题。

贵州省政府鼓励外国投资者与本地公司合作（无论是通过合资还是战略联盟形式），来将专业技术知识和云计算解决方案引入中国，从而打造世界级数据中心。齐斌表示，中国公司的当前技术和安全成熟度距离全球标准还很远，但可提供基础设施和数据中心、本地许可、技术和客户服务支持，以及本地客户群。

但尽管政府积极鼓励此类投资，“我不认为此模式将带来任何国家级或重大突破，”齐斌说道，“根据国家工信部的《电信业务分类目录》，外国公司仍然受到50% 的互联网数据中心IDC 服务所有权限制，该目录从3 月1 日开始生效，要求外国公司只能与获得许可的本地合作伙伴共同开展业务。云计算和大数据还受到国家安全审查和网络安全审核的限制，也无迹象表明这些阻碍将在短期内消除，”他补充道。

霍金路伟国际律师事务所上海合伙人和亚洲公司组主管 Andrew McGinty 向《China Law & Practice》表示，对跨国公司而言，环境仍然非常困难。

“一方面，所有这些法规都重点强调遵循安全和数据存储要求，而另一方面是中国加入 WTO 时针对增值电信服务承诺的 50% 外国所有权要求，”他说道。

在 WTO 谈判时，国际投资者认为协议中所述“增值电信服务包括的这些那些”意为涵盖此类服务定义范围内的所有业务。 McGinty 表示，但工信部将“包括”解释为“即”，且至今仍表示无义务向外国投资者开放该计划中未明确列出的任何行业。

电子商务是工信部已主动放开的少数领域之一。上海自由贸易区从 2015 年 1 月开始试行此行业的 100% 外国所有权许可，允许外国全资企业参与“在线数据处理与交易处理服务”。五年后，这一政策放开扩展至了全国范围。不过，律师们表示在实践中，外国公司仍然很难获得批准。

齐斌表示，如今，数据公司可运营基于云的软件即服务(SaaS) 业务，因为这一《电信业务分类目录》部分与目前在IDC 服务范围内的另外两个部分基础设施即服务(IaaS)和平台即服务(PaaS) 不同，并不被《电信业务分类目录》视为纯粹电信服务，这意味着企业无需过于深入基础设施或平台业务，且可能无需相关电信执照，便可在中国提供服务。

而 McGinty 表示，即使是 SaaS，也并非毫无风险，因为其可能属于 IDC 和互联网内容提供商 ICP 服务范围之间。

外国投资者可在遵循50%增值电信服务所有权上限的情况下，通过《更紧密经贸关系的安排》渠道获取IDC 执照，或者根据WTO 承诺，在从事在线数据库搜索和检索业务的ICP 拥有最多50%的股权。

不过，有关 SaaS 究竟属于《电信业务分类目录》内哪一类增值电信服务执照的不确定性使得难以评估某项许可是否充足。

“SaaS 提供商主要为软件公司，难以理解为何突然不得不成为基础设施公司 IDC 才能继续开展业务，因为他们的逻辑步骤是将托管部分外包给具有执照的 IDC，”McGinty 说道，

“在中国真的非常不同，这里越来越关注所存储数据的性质和内容，”他补充道。

“大数据的使用方式决定了其所受的管理和监管方式，”齐斌说道。他补充道，这包括决定数据能否自由流出中国，或者自由交易，而无需提取敏感性个人信息。政府需要在促进大数据导向型业务与个人数据安全和隐私方面取一个平衡。

数据保护在中国是极为突出的严重问题，《2015 年中华人民共和国刑法修正案》、新《中华人民共和国反恐法》、《中华人民共和国国家安全法》和《中华人民共和国网络安全法》草案（以下称为“网络安全法”）以及所有各项不同部委措施都旨在监管信息安全，既有最高级别的指令，也实施了各级相关机构的法规。例如，中国保险监督管理委员会、中国银行业监督管理委员会和中国食品药品监督管理局分别针对管理保险业、银行业务和金融领域以及医疗方面的海量数据规定了多项标准。

McGinty 表示，中短期而言，跨国公司将继续与中国公司合作，向中国引进技术。

但最终目标无疑是获得授权来以自己的品牌运营这些服务，进而提供最新产品，使本地消费者获益。他认为，长远来看，电信和互联网服务的监管环境极不可能发生任何重大变化，想要获取股权类型控制权的跨国公司可能只能寻求可变利益实体(VIE) 结构，尽管这同样涉及较高的法律风险。

理想情况下，所有跨国公司都想要向中国引入其最佳技术和顶尖业务，中国也因此获得世界级产品，但需要确保IP 安全；不会发生滥用、盗用或泄露；且政府对其数据的监管和控制程度不会过度。合资要求对具有宝贵技术和 IP 的跨国公司而言是重大的危险因素，而且选择合适的合作伙伴仍然与以往同样关键。

McGinty 表示，这些状况可能在国家安全有关法规运作畅顺后有所改善，但目前的变动元素很多，而且对中国环境的信心程度还未足够。

（作者：赵修敏）

Premier Li Keqiang's recent statement that China will create a more transparent and equal market to attract overseas investment in big data and e-commerce has sparked skepticism among lawyers, with some saying that it's unlikely existing restrictions will be lifted far enough to lure any significant foreign ownership.

They pointed to a 50% non-Chinese equity control cap in the sector as well as overarching national and cybersecurity requirements.

The Premier's comments came during a keynote speech at the May 25 opening ceremony of the China Big Data Industry Summit and the China E-commerce Innovation and Development Summit in Guiyang, Guizhou province. The events were held during the Guiyang International Big Data Expo 2016, and were attended by 20,000 leading Chinese and multinational companies (MNCs) including Qualcomm president Derek Aberle, Dell CEO Michael Dell, Microsoft executive vice president Lu Qi, Tencent chairman Ma Huateng (Pony Ma), Baidu president Li Yanhong (Robin Li) and JD.com CEO Liu Qiangdong (Richard Liu).

The stakes are large, with China's big data market at Rmb110.5 billion ($16.8 billion) in 2015 predicted to reach Rmb879 billion in 2020, when it is estimated to make up 20% of all global data, according to China Daily.

The government controls 80% of all information generated in China and will publicize more of it, except in areas concerning national security and business secrets, Li said, adding that this will create a market for fair competition while integrating it with the internet and big data to streamline administration. He also pledged to focus on enhancing intellectual property (IP) rights and trade secrets protection as well as cybersecurity.

Guizhou, one of the least developed provinces in western China, is the country's pilot zone for big data and high tech. Qualcomm Inc. signed a joint venture with the local government in January this year to develop advanced server chips for the PRC market. China was already grooming the province to become a major cloud computing hub. Alibaba Group Holding Ltd. and Uber Technologies, Inc. have already set up operations in the area.

Dell CEO Michael Dell said at the summit that “China will play an increasingly important role in the big data era” and unveiled a new company, Guizhou YottaCloud Technologies Co Ltd., a subsidiary of the U.S. computer maker's local partner Guizhou Wing Cloud High Technology.

The president of Dell Greater China, Huang Chenhong, said that the new entity will provide a key platform for selling cloud services to small- and medium-sized enterprises and local governments, and announced that Dell will “establish a cloud industry alliance to promote the development of China's infant cloud market.”

Last year, the company promised to invest $125 billion in China over the next five years to boost innovation and R&D.

In an interview with China Law & Practice, Bin Qi, a data and TMT partner at Jin Mao Partners in Beijing, said that Guizhou province has taken the lead in establishing a hub for data centers, offering businesses cheap rental and bandwidth fees and labor costs as well as financial subsides including tax incentives. The purpose of last week's summit was for the provincial government to show the world what it has to offer, as well as provide a forum for global investors and major industry players to discuss legality, security and privacy issues related to data exchange, he said.

The government is encouraging foreign investors to bring their technical expertise and cloud computing solutions to China by partnering with a local company, by either a joint venture or strategic alliance, to provide a world-class data center. The current level of sophistication of Chinese firms' technology and security is not even close to global standards, but they can provide the infrastructure and data center, local licenses, technical and customer service support and local client base, said Qi.

But despite the encouragement of such investments, “I don't see any national or significant breakthrough from this model,” Qi said. “Foreign companies are still restricted to the 50% ownership limit for IDC [internet data center] services under the Ministry of Industry and Information Technology (MIIT)'s Classified Catalogue of Telecommunications Services (Telecom Catalogue), which took effect on March 1 and requires them to work with a licensed local partner. Cloud computing and big data are also subject to national security and cybersecurity reviews, and there's no trend indicating that these will be lifted anytime soon,” he added.

It's still a very tough environment for MNCs, Andrew McGinty, Shanghai-based partner and head of Hogan Lovells' Asia corporate group, told China Law & Practice.

“On one hand, all these pieces of legislation heavily emphasize cooperation with security and data storage requirements, while on the other, a 50% foreign ownership requirement for value-added telecom services (VATS) stems from China's WTO commitments,” he said.

At the time of the WTO negotiations, international investors assumed that 'value-added telecom services including so and so' mentioned in the agreement captured everything within the definition of these services. But the MIIT interpreted 'including' as meaning 'namely', and as far as it's concerned, it has no obligation to open up any sectors not expressly listed in the schedule to foreign investors, McGinty explained.

One of the few examples the MIIT has voluntarily liberalized is e-commerce. The Shanghai Free Trade Zone piloted 100% foreign ownership in the sector, allowing WFOEs [wholly foreign-owned enterprises] to engage in “online data processing and data transaction processing services,” in January 2015. And five months later, this relaxation was expanded nationwide. Lawyers say that in practice, however, approval still remains difficult to obtain for non-domestic firms.

For now, data companies could start with the SaaS [Software as a Service] cloud-based offering as this component hasn't been treated purely as a telecom service under the Telecom Catalogue unlike the other two models—IaaS [Infrastructure as a Service] and PaaS [Platform as a Service]—which are now under the umbrella of IDC services, said Qi, adding that this means businesses won't need to go too deep into the infrastructure or platform, and may be able to provide services in China without the relevant telecom licenses. This story explains how SaaS is possibly being regulated as both a telecom and computing service under the Telecom Catalogue.

But even SaaS isn't completely risk-free as it falls somewhere between IDC and ICP [internet content provider] services, McGinty said.

A foreign investor can apply through the CEPA [Closer Economic Partnership Arrangement] route in compliance with the 50% VATS ownership cap to get an IDC license, or take up to 50% equity of an ICP engaging in online database search and retrieval under the WTO commitments.

The ambiguity of where SaaS fits in terms of VATS licenses within the Telecom Catalogue makes it difficult to assess whether one permit or the other would indeed be sufficient, however.

“SaaS providers that are mainly software companies would have trouble understanding why they should suddenly have to become infrastructure players as IDCs to continue operating the business, as the logical step would be for them to outsource the hosting part to a licensed IDC,” said McGinty.

It's really a different ballgame in China, where the key focus increasingly lies in the nature and content of the data being stored, he added.

“The way big data is used will define how it will be managed and regulated,” Qi said. This includes determining whether the data is free to flow out of the PRC or free to transact without extracting sensitive personal information. The government needs to strike a balance between fostering big data-oriented businesses and personal data security and privacy, he added.

Data protection is an extremely prominent issue in the country—as shown by the 2015 PRC Criminal Law amendment, the new PRC Anti-terrorism Law, PRC National Security Law and draft PRC Network Security Law (Cybersecurity Law) to all the various ministerial measures that govern information security—where it is regulated at the highest levels, as well as vertically by the relevant authority. For instance, the CIRC [China Insurance Regulatory Commission] sets standards for managing mass information in the insurance industry, as does the CBRC [China Banking Regulatory Commission] in the banking and finance sector, and the CFDA [China Food and Drug Administration] in the medical space.

In the short and medium term, MNCs will continue to cooperate with Chinese companies and license their technologies into China, said McGinty.

But the ultimate goal must be to have the right to brand and operate these services themselves, which in turn would benefit the local consumers who would be able to receive the latest products. And in the long run—absent any major change in the regulatory environment for telecom and internet services, which seems highly unlikely—MNCs wanting equity-type control may have no better option than to pursue a VIE [variable interest entity] structure, notwithstanding the significant legal risks involved with that as well, he said.

Ideally, all MNCs would want to put their best technology and crown jewels in China, and in return China would get world-class products, but they need to get comfortable knowing that their IP is safe and is not somehow going to be misappropriated, stolen or leaked, and that the degree of government regulation and control over their data is not excessive. Joint venture requirements are a significant risk factor for MNCs with valuable technology and IP, and choosing the right partner remains as important as ever.

Things may improve once the national security-related legislation has bedded down, but at the moment there are too many moving parts and the level of confidence in China isn't quite there yet, McGinty said.

By Katherine Jo

李克强总理在5 月25 日的发言中表示，中国将打造更透明、更平等的市场，以吸引针对大数据和电子商务的海外投资，这引起了律师们的质疑，某些从业者认为不太可能会对现有限制减少到一个程度足以吸引重大的外国所有权投资。

他们剑指业内非中国股权控制的 50% 上限，以及具有主控作用的国家和网络安全要求。

总理是在贵州省贵阳市举办的中国大数据产业峰会暨中国电子商务创新发展峰会的开幕仪式上作出这番主旨演讲的。这一盛会在2016 年贵阳国际大数据产业博览会期间举行，共有20,000 家顶尖中国和跨国公司出席，相关人士包括Qualcomm总裁Derek Aberle、Dell CEO Michael Dell、Microsoft 执行副总裁陆奇、腾讯董事会主席马化腾、百度总裁李彦宏和京东CEO刘强东。

此行业市场巨大，根据《China Daily》，中国2015 年的大数据市场价值1,105 亿元人民币（168 亿美元），而且预计将在2020 年达到8,790 亿元人民币，届时将占全球所有数据的20% 。

李克强总理表示，目前政府控制了80% 的国内生成信息，但将公开更多信息（除了涉及国家安全和商业秘密的领域），帮助打造公平竞争的市场，并将这些数据与互联网和大数据整合，以简化管理。他还承诺注重强化知识产权、商业秘密保护，以及网络安全。

贵州虽然是中国西部发展程度最低的省份之一，但现已成为国家大数据和高科技试验区。 Qualcomm在今年 1 月与当地政府签署了合资协议，共同研发适用于中国市场的先进服务器芯片。中国已计划将贵州省发展为主要云计算中心。阿里巴巴集团控股有限公司和 Uber Technologies也已在该地区设立运营处。

美国计算机生产商Dell 的CEO Michael Dell 在此次峰会上表示，“中国将在大数据时代扮演愈发重要的角色”，并宣布其本地合作伙伴贵州高新翼云科技有限公司的全新子公司贵州优特云科技有限公司成立。

Dell大中华区总裁黄陈宏表示，此新实体将为中小型企业和当地政府提供重要的云服务销售平台，并宣布 Dell 将“建立云产业联盟来促进中国新生云市场的发展”。

去年，Dell 承诺在未来五年间向中国投资 1,250 亿美元，以推动创新和研发。

在与《China Law & Practice》的访谈中，金茂凯德律师事务所在北京的数据和TMT 合伙人齐斌表示，贵州省已在建立数据中心方面取得领先地位，为企业提供具有成本效益的租赁和宽带服务、劳动力以及财务补贴（包括税收减免）。他指出，上周举办的峰会旨在让贵州省政府向全世界展示其所提供的条件和优惠，并为全球投资者和主要业内企业提供论坛，来讨论有关数据交易的法律、安全和隐私问题。

贵州省政府鼓励外国投资者与本地公司合作（无论是通过合资还是战略联盟形式），来将专业技术知识和云计算解决方案引入中国，从而打造世界级数据中心。齐斌表示，中国公司的当前技术和安全成熟度距离全球标准还很远，但可提供基础设施和数据中心、本地许可、技术和客户服务支持，以及本地客户群。

但尽管政府积极鼓励此类投资，“我不认为此模式将带来任何国家级或重大突破，”齐斌说道，“根据国家工信部的《电信业务分类目录》，外国公司仍然受到50% 的互联网数据中心IDC 服务所有权限制，该目录从3 月1 日开始生效，要求外国公司只能与获得许可的本地合作伙伴共同开展业务。云计算和大数据还受到国家安全审查和网络安全审核的限制，也无迹象表明这些阻碍将在短期内消除，”他补充道。

霍金路伟国际律师事务所上海合伙人和亚洲公司组主管 Andrew McGinty 向《China Law & Practice》表示，对跨国公司而言，环境仍然非常困难。

“一方面，所有这些法规都重点强调遵循安全和数据存储要求，而另一方面是中国加入 WTO 时针对增值电信服务承诺的 50% 外国所有权要求，”他说道。

在 WTO 谈判时，国际投资者认为协议中所述“增值电信服务包括的这些那些”意为涵盖此类服务定义范围内的所有业务。 McGinty 表示，但工信部将“包括”解释为“即”，且至今仍表示无义务向外国投资者开放该计划中未明确列出的任何行业。

电子商务是工信部已主动放开的少数领域之一。上海自由贸易区从 2015 年 1 月开始试行此行业的 100% 外国所有权许可，允许外国全资企业参与“在线数据处理与交易处理服务”。五年后，这一政策放开扩展至了全国范围。不过，律师们表示在实践中，外国公司仍然很难获得批准。

齐斌表示，如今，数据公司可运营基于云的软件即服务(SaaS) 业务，因为这一《电信业务分类目录》部分与目前在IDC 服务范围内的另外两个部分基础设施即服务(IaaS)和平台即服务(PaaS) 不同，并不被《电信业务分类目录》视为纯粹电信服务，这意味着企业无需过于深入基础设施或平台业务，且可能无需相关电信执照，便可在中国提供服务。

而 McGinty 表示，即使是 SaaS，也并非毫无风险，因为其可能属于 IDC 和互联网内容提供商 ICP 服务范围之间。

外国投资者可在遵循50%增值电信服务所有权上限的情况下，通过《更紧密经贸关系的安排》渠道获取IDC 执照，或者根据WTO 承诺，在从事在线数据库搜索和检索业务的ICP 拥有最多50%的股权。

不过，有关 SaaS 究竟属于《电信业务分类目录》内哪一类增值电信服务执照的不确定性使得难以评估某项许可是否充足。

“SaaS 提供商主要为软件公司，难以理解为何突然不得不成为基础设施公司 IDC 才能继续开展业务，因为他们的逻辑步骤是将托管部分外包给具有执照的 IDC，”McGinty 说道，

“在中国真的非常不同，这里越来越关注所存储数据的性质和内容，”他补充道。

“大数据的使用方式决定了其所受的管理和监管方式，”齐斌说道。他补充道，这包括决定数据能否自由流出中国，或者自由交易，而无需提取敏感性个人信息。政府需要在促进大数据导向型业务与个人数据安全和隐私方面取一个平衡。

数据保护在中国是极为突出的严重问题，《2015 年中华人民共和国刑法修正案》、新《中华人民共和国反恐法》、《中华人民共和国国家安全法》和《中华人民共和国网络安全法》草案（以下称为“网络安全法”）以及所有各项不同部委措施都旨在监管信息安全，既有最高级别的指令，也实施了各级相关机构的法规。例如，中国保险监督管理委员会、中国银行业监督管理委员会和中国食品药品监督管理局分别针对管理保险业、银行业务和金融领域以及医疗方面的海量数据规定了多项标准。

McGinty 表示，中短期而言，跨国公司将继续与中国公司合作，向中国引进技术。

但最终目标无疑是获得授权来以自己的品牌运营这些服务，进而提供最新产品，使本地消费者获益。他认为，长远来看，电信和互联网服务的监管环境极不可能发生任何重大变化，想要获取股权类型控制权的跨国公司可能只能寻求可变利益实体(VIE) 结构，尽管这同样涉及较高的法律风险。

理想情况下，所有跨国公司都想要向中国引入其最佳技术和顶尖业务，中国也因此获得世界级产品，但需要确保IP 安全；不会发生滥用、盗用或泄露；且政府对其数据的监管和控制程度不会过度。合资要求对具有宝贵技术和 IP 的跨国公司而言是重大的危险因素，而且选择合适的合作伙伴仍然与以往同样关键。

McGinty 表示，这些状况可能在国家安全有关法规运作畅顺后有所改善，但目前的变动元素很多，而且对中国环境的信心程度还未足够。

（作者：赵修敏）