Legislation roundup: Free trade zones and cybersecurity

June 27, 2017 | BY

Katherine Jo &clp articles &

The FTZ Negative List has been revised, critical network equipment has been defined for the cybersecurity Catalogue, and the localization of personal and important data has been clarified

FTZ

General Office of the State Council, Special Administrative Measures for Foreign Investment Access in Pilot Free Trade Zones (Negative List) (2017)

In the service sector, restrictions such as branches of foreign banks not allowed to engage in the issuance on an agency basis, cashing on an agency basis and underwriting of government bonds that are permitted by the PRC Law on Commercial Banks; foreign investors that invest in financial asset management companies being required to satisfy a requirement for total assets of a certain amount; and foreign-funded insurance companies not being permitted to engage in reinsurance ceding and acceptance business with affiliates without the approval of China's insurance regulator are lifted.

See the digest for more details.

Further reading

Cybersecurity

Cyberspace Administration of China, Ministry of Industry and Information Technology, Ministry of Public Security and Certification and Accreditation Administration, Announcement on the Issuance of the <Catalogue of Critical Network Equipment and Dedicated Cybersecurity Products (First Batch)>

A total of 15 items of critical network equipment and dedicated cybersecurity products have been included in the Catalogue, of which four are critical network equipment, including routers, switches and servers (rack type), and 11 are dedicated cybersecurity products, including firewall, intrusion detection and security audit products.

Questions and Answers on the Cybersecurity Law

The Cybersecurity Law specifies that “the personal information and important data collected and generated by an operator of critical information infrastructure in the course of its operations in the People's Republic of China shall be stored in China”. According to the Q&A issued by the Cyberspace Administration of China, the provision sets forth requirements for operators of critical information infrastructure, not for all network operators. It is not all data, being limited only to personal information and important data, and the important data here is in respect of the state, not enterprises or individuals. With respect to data that genuinely needs to be transferred abroad, the law makes systemic arrangements, and if, following a security evaluation, they are deemed not to jeopardize national security or the public interest, they may be transferred abroad.

See the digest for more details.

See the digest for more details.

Further reading

This premium content is reserved for
China Law & Practice Subscribers.

  • A database of over 3,000 essential documents including key PRC legislation translated into English
  • A choice of newsletters to alert you to changes affecting your business including sector specific updates
  • Premium access to the mobile optimized site for timely analysis that guides you through China's ever-changing business environment
For enterprise-wide or corporate enquiries, please contact our experienced Sales Professionals at +44 (0)203 868 7546 or [email protected]