In the news: Xi meets Trump, the CAC drafts data security review rules, and the U.S. and EU clear ChemChina-Syngenta

The CAC issues draft cybersecurity assessment rules for outbound data

The Cyberspace Administration of China (CAC) has released a draft regulation that would require companies exporting data to undergo an annual security assessment. Any business transferring data of over 1000GB or affecting more than 500,000 users will be evaluated on its security measures and the potential of the exported data to harm national interests, according to the draft. It also bans the transmission of any economic, technological or scientific data where a threat to security or public interest would be posed, and requires user consent. Sensitive geographic data, such as information on marine environments, will also be subject to scrutiny, and destination countries and possibility of tampering abroad would be factored into assessments. The draft is open for public comment until May 11. This is an extension of the data security assessment requirement under the PRC Cybersecurity Law passed in November, which formalized restrictions for cross-border data flows in industries the government deems “critical”. Business groups have criticized the law for its breadth and vagueness regarding which sectors are specifically captured by the definition of “critical information infrastructure”, what types of “important data” other than personal information must be locally stored, and what the exact standards and procedures for the security reviews are. Specifics are limited given the Cybersecurity Law comes into effect in just two months, and the relatively low assessment threshold of 1TB of data set by this draft may be a point of concern for businesses when providing feedback.

Chemchina-Syngenta approved by U.S., EU

ChemChina's $43 billion purchase of Syngenta has overcome the two biggest remaining regulatory hurdles, paving the way for China's largest-ever foreign acquisition, announced in February 2016, to close by June. The most challenging antitrust clearances were granted by the U.S. Federal Trade Commission on April 4 and then by the European Commission the following day—with the latter being a conditional approval that requires the divestiture of some of ChemChina's European pesticides and plant growth regulator business assets. The Mexican Competition Authority also approved the deal on April 9. The acquisition is the second in a trio of megamergers reshaping the global agrichemical and seeds industry (the first is Dow Chemical's $140 billion merger with DuPont, and the third is Bayer's $66 billion purchase of Monsanto). China and India are the remaining jurisdictions to greenlight the Syngenta takeover. It's unlikely that the PRC government would hinder the deal—ChemChina is state-owned after all, and the nation is keen to get its hands on premium seed technology to feed its population. More broadly, however, this investment may be the largest from China the market will see for the next couple of years, as government continues to clamp down on capital outflows and tighten outbound M&A rules.

CBRC emphasizes 10 financial risk types

The China Banking Regulatory Commission (CBRC) released a statement saying it will pay attention to 10 types of financial system risks and provide specific action plans to address them. It accompanied risk control guidelines for lenders, which included requirements such as implementing classification standards and operating processes of credit assets and clients' risk assessment, adopting innovative risk control and monitoring mechanisms for liquidity planning, and strictly managing an internal control system for bond trading and investment leveraging. This follows remarks made by Premier Li Keqiang on Sunday that call for reining in risks in the financial sector, such as bad assets, bond defaults, shadow banking and online lending. The CBRC's declaration to draw up specifics shows that strict rules will be implemented this year to combat both fundamental and new emerging risks in the industry.

Trump and Xi's Mar-a-Lago meeting takeaways

After predicting a “very difficult” encounter with Chinese President Xi Jinping, Donald Trump emerged from their first meeting hailing an “outstanding relationship” and “goodwill and friendship” formed between the two leaders. Xi made similar remarks regarding the 18-hour summit in Florida, saying they “got deeply acquainted, established a kind of trust and built an initial working relationship and friendship.” There were several key points of tension leading up to the meeting: North Korea, Taiwan and trade, to name a few. And although nothing concrete has come out of the summit, the two presidents now have a constructive basis to move forward. U.S. Commerce Secretary Wilbur Ross said both sides have agreed on a 100-day plan to address trade imbalances (reportedly including Chinese concessions on agricultural imports and FDI in its financial sector) and reduce the $347 billion trade deficit between the two nations. The two presidents will also directly oversee a negotiation framework for discussing security, economy, law enforcement and cybersecurity matters with U.S. and Chinese cabinet members. Finding common ground quickly will be challenging on many of these issues—though handling North Korea's nuclear threat appears to be the most urgent.

The CAC issues draft cybersecurity assessment rules for outbound data

The Cyberspace Administration of China (CAC) has released a draft regulation that would require companies exporting data to undergo an annual security assessment. Any business transferring data of over 1000GB or affecting more than 500,000 users will be evaluated on its security measures and the potential of the exported data to harm national interests, according to the draft. It also bans the transmission of any economic, technological or scientific data where a threat to security or public interest would be posed, and requires user consent. Sensitive geographic data, such as information on marine environments, will also be subject to scrutiny, and destination countries and possibility of tampering abroad would be factored into assessments. The draft is open for public comment until May 11. This is an extension of the data security assessment requirement under the PRC Cybersecurity Law passed in November, which formalized restrictions for cross-border data flows in industries the government deems “critical”. Business groups have criticized the law for its breadth and vagueness regarding which sectors are specifically captured by the definition of “critical information infrastructure”, what types of “important data” other than personal information must be locally stored, and what the exact standards and procedures for the security reviews are. Specifics are limited given the Cybersecurity Law comes into effect in just two months, and the relatively low assessment threshold of 1TB of data set by this draft may be a point of concern for businesses when providing feedback.

Chemchina-Syngenta approved by U.S., EU

ChemChina's $43 billion purchase of Syngenta has overcome the two biggest remaining regulatory hurdles, paving the way for China's largest-ever foreign acquisition, announced in February 2016, to close by June. The most challenging antitrust clearances were granted by the U.S. Federal Trade Commission on April 4 and then by the European Commission the following day—with the latter being a conditional approval that requires the divestiture of some of ChemChina's European pesticides and plant growth regulator business assets. The Mexican Competition Authority also approved the deal on April 9. The acquisition is the second in a trio of megamergers reshaping the global agrichemical and seeds industry (the first is Dow Chemical's $140 billion merger with DuPont, and the third is Bayer's $66 billion purchase of Monsanto). China and India are the remaining jurisdictions to greenlight the Syngenta takeover. It's unlikely that the PRC government would hinder the deal—ChemChina is state-owned after all, and the nation is keen to get its hands on premium seed technology to feed its population. More broadly, however, this investment may be the largest from China the market will see for the next couple of years, as government continues to clamp down on capital outflows and tighten outbound M&A rules.

CBRC emphasizes 10 financial risk types

The China Banking Regulatory Commission (CBRC) released a statement saying it will pay attention to 10 types of financial system risks and provide specific action plans to address them. It accompanied risk control guidelines for lenders, which included requirements such as implementing classification standards and operating processes of credit assets and clients' risk assessment, adopting innovative risk control and monitoring mechanisms for liquidity planning, and strictly managing an internal control system for bond trading and investment leveraging. This follows remarks made by Premier Li Keqiang on Sunday that call for reining in risks in the financial sector, such as bad assets, bond defaults, shadow banking and online lending. The CBRC's declaration to draw up specifics shows that strict rules will be implemented this year to combat both fundamental and new emerging risks in the industry.

In the news: Xi meets Trump, the CAC drafts data security review rules, and the U.S. and EU clear ChemChina-Syngenta

This premium content is reserved for China Law & Practice Subscribers.

This premium content is reserved for
China Law & Practice Subscribers.