Misplaced Pages

#319680

36-525: The passage of the National Intelligence Law is part of a larger effort by the Chinese central government to strengthen its security legislation. In 2014, China passed a law on counterespionage, in 2015 a law on national security and another on counter-terrorism, in 2016 a law on cybersecurity and foreign NGO management, among others. The most controversial sections of the law is Article 7. Gu Bin of

72-463: Is also seen as a move by Beijing to bring data under Chinese jurisdiction and make it easier to prosecute entities seen as violating China's internet laws. The president of AmCham South China, Harley Seyedin, claimed that foreign firms are facing “mass concerns” because the law has greatly increased operating costs and has had a big impact on how business is done in China. More specifically, he stated that

108-623: Is applicable to network operators and businesses in critical sectors . By critical sectors, China roughly divides the domestic businesses into networking businesses that are involved in telecommunications, information services, energy transport, water, financial services, public services, and electronic government services. Some of the most controversial sections of the law include articles 28, 35, and 37. Article 28 compels vaguely defined "network operators", (interpreted to include: social media platforms, application creators and other technology companies), to cooperate with public security organs such as

144-768: The Financial Times that Article 7 "does not authorize pre-emptive spying" and "national intelligence work must be defensive". Murray Scot Tanner, currently an American defense policy analyst, made a counterargument in Lawfare that the National Intelligence Law changes Chinese citizen's legal obligations from intelligence 'defense' to 'offense'. Article 7: All organizations and citizens shall support, assist, and cooperate with national intelligence efforts in accordance with law, and shall protect national intelligence work secrets they are aware of. Article 10: As necessary for their work, national intelligence work institutions are to use

180-800: The Beijing Foreign Studies University wrote his opinion in the Financial Times that Article 7 "does not authorize pre-emptive spying" and "national intelligence work must be defensive". Murray Scot Tanner, currently an American defense policy analyst, made a counterargument in Lawfare that the National Intelligence Law changes Chinese citizen's legal obligations from intelligence 'defense' to 'offense'. Article 7: All organizations and citizens shall support, assist, and cooperate with national intelligence efforts in accordance with law, and shall protect national intelligence work secrets they are aware of. Article 10: As necessary for their work, national intelligence work institutions are to use

216-785: The Cyberspace Administration of China issued "Regulations on the Management of Security Vulnerabilities in Network Products" requiring that all vulnerabilities be reported to the Ministry of Industry and Information Technology (MIIT) and prohibits the public disclosure of vulnerabilities, including to overseas organizations. Along with the Great Firewall , restrictions stipulated in the law have raised concerns, especially from foreign technology companies operating in China. Regarding

252-621: The Ministry of Public Security and hand over information when requested. Article 28: Network operators shall provide technical support and assistance to public security organs and national security organs that are safeguarding national security and investigating criminal activities in accordance with the law. Article 35 is targeted at purchases of foreign software or hardware by government agencies or other "critical information infrastructure operators", requiring any hardware of software purchased to undergo review by agencies such as China's SCA or State Cryptography Administration, potentially involving

288-400: The Chinese central government to strengthen its security legislation. In 2014, China passed a law on counterespionage, in 2015 a law on national security and another on counter-terrorism, in 2016 a law on cybersecurity and foreign NGO management, among others. The most controversial sections of the law is Article 7. Gu Bin of the Beijing Foreign Studies University wrote his opinion in

324-502: The Chinese domestic legal system" but rather its "applicability to multinational companies based on a literal reading of certain provisions of NIL and interpreting those provisions based on principles of public international law". Writing for China Law Translate in 2024, Jeremy Daum stated that "it is far from clear that it [Article 7 of the NIL] was ever intended to require active participation in information gathering or sharing". He stated that

360-455: The Chinese domestic legal system" but rather its "applicability to multinational companies based on a literal reading of certain provisions of NIL and interpreting those provisions based on principles of public international law". Writing for China Law Translate in 2024, Jeremy Daum stated that "it is far from clear that it [Article 7 of the NIL] was ever intended to require active participation in information gathering or sharing". He stated that

396-460: The National People's Congress on November 7, 2016, and was implemented on June 1, 2017. It requires network operators to store select data within China and allows Chinese authorities to conduct spot-checks on a company's network operations. Cybersecurity is recognized as a basic law. This puts the law on the top of the pyramid-structured legislation on cybersecurity. The law is an evolution of

SECTION 10

#1732859478320

432-563: The People%27s Republic of China The National Intelligence Law of the People's Republic of China ( simplified Chinese : 国家情报法 ; traditional Chinese : 國家情報法 ; pinyin : Guójiā Qíngbào Fǎ ) governs China's intelligence and security apparatus. It is the first law made public in China which is related to China's national intelligence agencies. The law does not specifically name any organizations to which it applies. According to

468-602: The ability of the Government of China to conduct espionage efforts and that direct requests from law enforcement or security would still be difficult to resist meaningfully. China Internet Security Law The Cybersecurity Law of the People's Republic of China ( Chinese : 中华人民共和国网络安全法 ), commonly referred to as the Chinese Cybersecurity Law , was enacted by the National People’s Congress with

504-566: The aim of increasing data protection, data localization , and cybersecurity ostensibly in the interest of national security. The law is part of a wider series of laws passed by the Chinese government in an effort to strengthen national security legislation. Examples of which since 2014 have included the data security law , the national intelligence law , the national security law , laws on counter-terrorism and foreign NGO management, all passed within successive short timeframes of each other. Chinese policymakers became increasingly concerned about

540-672: The cyber security law continues to create “uncertainties within the investment community, and it’s resulting in, at the minimum, postponement of some R&D investment.” The law was widely criticized for limiting freedom of speech . For example, the law explicitly requires most online services operating in China to collect and verify the identity of their users, and, when required to, surrender such information to law enforcement without warrant. Activists have argued this policy dissuades people from freely expressing their thoughts online, further stifling dissent by making it easier to target and surveil dissidents. National Intelligence Law of

576-685: The cybersecurity law. By incorporating preexisting laws on VPN and data security into the cybersecurity law, the Chinese government reinforces its control in addition to emphasize has the need for foreign companies to comply with domestic regulations. The cybersecurity law also provides regulations and definitions on legal liability . For different types of illegal conduct, the law sets a variety of punishments, such as fines, suspension for rectification, revocation of permits and business licenses, and others. The Law accordingly grant cybersecurity and administration authorities with rights and guidelines to carry out law enforcement on illegal acts. In July 2021,

612-673: The law could force companies transmitting data through servers in China to submit to data surveillance and espionage. Some analysts from Western backgrounds consider this law to be comparable to the EU's GDPR . They have suggested that the law could improve the Chinese government’s ability to monitor the public, as well as giving Chinese companies an advantage over foreign companies. The law sparked concerns both domestically and internationally due to its phrasing and specific requirements. Foreign companies and businesses in China expressed concerns that this law might impede future investments in China, since

648-443: The law have stated that the intention of the law is not to prohibit foreign businesses from operating in China, or boost domestic Chinese competitiveness. A study by Matthias Bauer and Hosuk Lee-Makiyama in 2015, states that data localization causes minor damage to economic growth due to inefficiencies that arise from data transfer processes and the duplication of data between several jurisdictions. The requirement for data localization

684-573: The law or partner with service providers such as Huawei , Tencent , or Alibaba , which have already have server infrastructure on the ground, saving capital expenditure costs for companies. The law is widely seen to be in line with 12th Five-Year Plan (2011–2015) which aims to create domestic champions in industries such as cloud computing and big data processing. The law is seen as a boon to domestic companies and has been criticized as creating an unfair playing ground against international technology companies such as Microsoft and Google . Supporters of

720-454: The law requires them to "store their data on Chinese-law regulated local servers, and cooperate with Chinese national security agencies". Since its inception many foreign technology companies have already complied with the law. Apple for example, announced in 2017 that it would invest $ 1 billion in partnership with local cloud computing company Guizhou Cloud Big Data or GCBD to construct a new data center located in China's Guizhou province for

756-401: The law, "everyone is responsible for state security" which is in line with China's state security legal structure as a whole. The final draft of the law on 16 May 2017 was toned down as compared to previous versions. The National People's Congress passed the law on 27 June 2017. The law was updated on 27 April 2018. The passage of the National Intelligence Law is part of a larger effort by

SECTION 20

#1732859478320

792-832: The necessary means, tactics, and channels to carry out intelligence efforts, domestically and abroad. Article 18: As required for work, and in accordance with relevant national provisions, national intelligence work institutions may ask organs such as for customs and entry-exit border inspection to provide facilitation such as exemptions from inspection. Experts argue that the law forces Chinese telecommunications companies with operations overseas such as Huawei to hand over data to Chinese government regardless of which country that data came from. To counteract perceived concerns, Huawei, in May 2018, submitted legal opinion by Chinese law firm Zhong Lun , which among other things stated that "Huawei’s subsidiaries and employees outside of China are not subject to

828-785: The necessary means, tactics, and channels to carry out intelligence efforts, domestically and abroad. Article 18: As required for work, and in accordance with relevant national provisions, national intelligence work institutions may ask organs such as for customs and entry-exit border inspection to provide facilitation such as exemptions from inspection. Experts argue that the law forces Chinese telecommunications companies with operations overseas such as Huawei to hand over data to Chinese government regardless of which country that data came from. To counteract perceived concerns, Huawei, in May 2018, submitted legal opinion by Chinese law firm Zhong Lun , which among other things stated that "Huawei’s subsidiaries and employees outside of China are not subject to

864-587: The network and the relevant implementing department for that sector. The law is composed of supportive subdivisions of regulations that specify the purpose of it. For instance, the Core Infrastructure Initiative (CII) Security Protection Regulations and Measures for Security Assessment of Cross-border Transfer of Personal Information and Important Data. However, the law is yet to be set in stone since China's government authorities are occupied with defining more contingent laws to better correspond with

900-452: The previously existent cybersecurity rules and regulations from various levels and fields, assimilating them to create a structured law at the macro-level. The law also offers principal norms on certain issues that are not immediately urgent but are of long-term importance. These norms will serve as a legal reference when new issues arise. The law is a significant pillar of the Chinese data regulatory environment. It: The cybersecurity law

936-433: The provision source codes and other sensitive proprietary information to government agencies paving the way state theft of intellectual property or transmission to domestic competitors. Above all, the article creates further regulatory burdens for foreign technology companies operating in China, indirectly creating a more favourable playing field for domestic competitors which would naturally be more prepared to comply with

972-478: The provision lacked an enforcement mechanism and that penalties could only be applied when intelligence work was “obstructed” and that such work had to be conducted “in accordance with law” - which might include other legislation such as the PIPL . He further stated that “intelligence” was left undefined in the text, and that the "strongest indication of the focus of “intelligence work” is probably Article 11, which describes

1008-432: The provision lacked an enforcement mechanism and that penalties could only be applied when intelligence work was “obstructed” and that such work had to be conducted “in accordance with law” - which might include other legislation such as the PIPL . He further stated that “intelligence” was left undefined in the text, and that the "strongest indication of the focus of “intelligence work” is probably Article 11, which describes

1044-643: The purposes of compliance. Simultaneously, the company also announced that it would transfer the operation and storage of iCloud data to mainland China. Microsoft also announced an expansion of its Azure services in partnership cloud computing company 21Vianet through investment in more servers. Meanwhile, online services, such as Skype and WhatsApp which refused to store their data locally and were either delisted from domestic app stores or restricted from further expansion. The law forces foreign technology and other companies operating within China to either invest in new server infrastructure in order to comply with

1080-850: The regulations. Article 35: Critical information infrastructure operators purchasing network products and services that might impact national security shall undergo a national security review organized by the State cybersecurity and informatization departments and relevant departments of the State Council. The law establishes stringent data localization requirements. The law is applicable to all businesses in China that manage their own servers or other data networks. Network operators are expected, among other things, to clarify cybersecurity responsibilities within their organization, take technical measures to safeguard network operations, prevent data leaks and theft, and report any cybersecurity incidents to both users of

1116-420: The requirements for spot-checks and certifications, international law firms have warned that companies could be asked to provide source code, encryption, or other crucial information for review by the authorities, increasing the risk of intellectual property theft , information being lost, passed on to local competitors, or being used by the authorities themselves. The Federal Bureau of Investigation warned that

National Intelligence Law of the People's Republic of China - Misplaced Pages Continue

1152-459: The risk of cyberattacks following the 2010s global surveillance disclosures by Edward Snowden , which demonstrated extensive United States intelligence activities in China . The Cybersecurity Law was part of China's response following policymakers' heightened concerns of foreign surveillance and data collection after these disclosures. This law was enacted by the Standing Committee of

1188-415: The territorial jurisdiction of the National Intelligence Law". A 2019 report by Sweden-based law firm Mannheimer Swartling concluded that "NIL applies to all Chinese citizens", and even overseas subsidiaries of global Chinese companies "could be subject to NIL". However, the report also stated that it was "based on an objective reading of an English version of NIL" and "not construed to interpret NIL under

1224-414: The territorial jurisdiction of the National Intelligence Law". A 2019 report by Sweden-based law firm Mannheimer Swartling concluded that "NIL applies to all Chinese citizens", and even overseas subsidiaries of global Chinese companies "could be subject to NIL". However, the report also stated that it was "based on an objective reading of an English version of NIL" and "not construed to interpret NIL under

1260-414: The “intelligence information” that should be collected by the authorities. It describes the information as (1) about conduct endangering national security or interests (2) that is carried out by, at the direction of, or in collusion with foreign groups , and (3) collected for the purpose of stopping, preventing, or punishing that conduct .". Nevertheless, he stated that none of this precluded or hindered

1296-414: The “intelligence information” that should be collected by the authorities. It describes the information as (1) about conduct endangering national security or interests (2) that is carried out by, at the direction of, or in collusion with foreign groups , and (3) collected for the purpose of stopping, preventing, or punishing that conduct .". Nevertheless, he stated that none of this precluded or hindered

#319680