Government Engagement, Support of Chinese Partner Key to Navigating China's Cybersecurity Review

Amidst growing tensions with the United States and its allies, China has enacted a cybersecurity review regime that puts foreign companies in the authorities' crosshairs. For foreign suppliers of network products and services such as Qualcomm and Microsoft, the vaguely defined review process threatens to derail their business with Chinese customers and jeopardize future transactions, but lawyers say they can minimize disruption through engagement with the authorities and the support of their Chinese counterparties.

On April 13, 12 government departments including the Cyberspace Administration of China (CAC) and the National Development and Reform Commission published the Cybersecurity Review Measures (网络安全审查办法) effective from June 1. The Measures provided details of how the procurement of network products or services, for example cloud computing software and servers, by critical information infrastructure (CII) operators will be vetted for national security risks, pursuant to Article 35 of the PRC Cybersecurity Law (中华人民共和国网络安全法).