Unlocking the Cloud
飞上云端
February 16, 2018 | BY
Susan MokBin (Ben) Qi and Casper Sek of Jin Mao Partners analyze the cybersecurity and telecom license requirements for cloud computing and data centers, and how the IT market access restrictions shape foreign investment strategy 金茂凯德律师事务所的齐斌律师和石钛戈律师分析了对云计算和数据中心的网络安全和电信业务许可的要求,以及IT市场准入限制如何影响外商的投资策略
1. What are the latest legal updates impacting the IT industry?
- PRC Cybersecurity Law (CSL):
Article 23 of the CSL, which took effect on June 1, 2017, requires that “critical network equipment” and “dedicated cybersecurity products” may only be sold or provided in China after receiving security certification or passing a security test. The first catalogue for these equipment and products was published by the Cyberspace Administration of China (CAC) in June. Article 23 demonstrates China's resolve to mitigate these risks and may pose a significant market entrance check on foreign IT equipment manufacturers.
Article 35 of the CSL mandates the provision of advanced protection for critical information infrastructure (CII)—which covers a broad scope. CII operators are required to complete a “national security review” when purchasing network products and services that may affect national security. Article 37 further requires CII operators to locally store personal information and important data gathered or generated in mainland China.
The Regulations for Protection of the Security of Critical Information Infrastructure (Draft for Comments) (CII Regulations) published by the CAC includes networks used by service providers of cloud computing and big data in the scope of CII. The broad coverage of the CII definition raises concerns that IT companies using the internet to operate in China may be considered CII operators and must comply with these requirements.
- Measures for the Administration of the Security Review for New Internet Business (Internet Business Measures):
The draft Internet Business Measures, published by the Ministry of Industry and Information Technology (MIIT) on June 8, 2017, require service providers to undergo a security review before operating a licensed telecom business via the internet or a new online business that is not included in the Classified Catalogue of Telecommunications Services (Telecom Catalogue). The Internet Business Measures will impose restrictions on IT service providers' technology and innovation, as well as increase their operating costs.
- Measures for the Administration of Telecommunications Business Operating Permits (Telecom Permit Measures):
The revised Telecom Permit Measures, issued by the MIIT on July 3, 2017, states that an online administrative platform will be set up to support the processing of telecommunications license applications. The MIIT will establish a credit management mechanism, including a “blacklist”, to regulate the operators. Further, the Telecom Permit Measures replace the annual inspection system with an annual report system via the platform.
In addition to the changes in management schemes, the revised rules also provide more flexibility for business operations. Article 18 allows an operator with a telecom license to authorize any of its controlled subsidiaries to operate the telecom service under the parent's license.
This premium content is reserved for
China Law & Practice Subscribers.
A Premium Subscription Provides:
- A database of over 3,000 essential documents including key PRC legislation translated into English
- A choice of newsletters to alert you to changes affecting your business including sector specific updates
- Premium access to the mobile optimized site for timely analysis that guides you through China's ever-changing business environment
Already a subscriber? Log In Now