GRI Current Events Blog

New Chinese Cybersecurity laws create tensions with Industry

GRI Research Assistant

Jun. 5, 2017

The Chinese Parliament approved a law, which went into force June 1, to increase cyber security by: forcing companies to store data that include national security information on Chinese soil, instituting security reviews on computers in sectors such as finance or communications, requiring users to use real names on messaging services, and restricting international data transfers by “operators of ‘critical information infrastructure’,” which refers to infrastructure related to Chinese national security. The passage of this law has created a backlash among private companies due to the vagueness of the law and a dearth of information on implementation and enforcement. The Cyberspace Administration of China, China’s internet regulator, has delayed the implementation of only the regulations related to cross-border data flow until the end of 2018.

(Image of Servers, Wikimedia/Victorgrigas)

This law was proposed in 2015, and gained traction after the Snowden leaks revealed that private companies could help governments conduct cyber surveillance and spying. The final passage of the law closely followed the high-profile, global ransomware attack known as WannaCry, which impaired PetroChina’s gas stations’ ability to execute transactions using credit cards this past May.

Some companies, such as AirBnb, have reacted by pre-emptively complying and moving Chinese consumer data to servers on China’s mainland, in an effort to preserve their share of the $340 billion Chinese IT market. Other foreign industry groups and tech companies have come out in opposition to the law, with fears that the vagueness of what technology does and does not relate to cyber security will provide the government broad leeway to arbitrarily “review” their technology. Further, companies are anxious that domestic firms would have a perpetual competitive advantage over foreign firms and that their intellectual property may not be secure in China, which has historically been weak on enforcing IP laws.

Steven Chabinsky, former FBI cyber official commented that, although the concerns brought about by companies are legitimate, the law is “remarkable” for its efforts to protect privacy, critical infrastructure, and national security. Other perspectives argue that this law represents China catching up with global cybersecurity norms and practices, noting that Chinese data industry has been lightly regulated in comparison to legal regulations in Europe and North America.


Sources and Further Reading:

  1. New cyber law in China stirs alarm – The Hill
  2. China’s New Cybersecurity Law Leaves Foreign Firms Guessing – New York Times
  3. China’s new cyber law just kicked in and nobody’s sure how it works – CNN
  4. Overview of China’s Cybersecurity Law – KPMG
  5. China’s cyber security law rattles multinationals – Financial Times
  6. Why China’s New Cybersecurity Law Is Bad News for Business – Fortune
  7. China postpones portion of cybersecurity law – NZHerald
  8. China’s Cybersecurity Law: What You Need to Know – The Diplomat
  9. China’s New Cybersecurity Law Could Cost Foreign Companies Their Ideas – Newsweek
  10. China Adopts Cybersecurity Law Despite Foreign Opposition – Bloomberg
  11. Japan and China wake up to global ‘ransomware’ cyberattack while Microsoft slams US government – The Telegraph

Add Comment


The Global Resilience Institute (GRI) at Northeastern University is excited to announce the funding of 11 interdisciplinary resilience research projects tackling a wide array of critical resilience issues. GRI is funding these cross-college research teams for 1-2 years.
The Global Resilience Institute (GRI) at Northeastern University is excited to announce the funding of 11 interdisciplinary resilience research projects tackling a wide array of critical resilience issues. GRI is…
North Kensington tower block fire
Shortly before 1 am on June 14th in London’s Notting Hill neighborhood, a fire broke out in the Grenfell Tower public housing development. As of June 19th, the fire is confirmed…
Global Resilience Institute (GRI) Associate Director of Research and Innovation Dr. Phil Anderson was part of a panel of experts and spoke on the importance of leveraging the capabilities of civil society.
The Global Resilience Institute (GRI) was represented at a recent NATO conference in Prague, which addressed current institutional and selected national approaches to resilience. Resilience Capacity Building: Best Practices and…

Security and Resilience Studies Masters Program

Northeastern's MS SRS program prepares the next generation of security leadership to address an evolving array of 21st century challenges.

Learn More


Latest Library Entries

Our Mission

The Global Resilience Institute is committed to informing and advancing societal resilience around the world. Individuals, communities, nations, and the systems they depend upon, can thrive only if they have the means to better withstand, recover from and adapt to the inevitable shocks and disruptive events of the 21st century. Our university-wide Institute is partnering with other leading academic research institutions, nonprofits and the public and private sectors to devise and apply practical, interdisciplinary innovations and solutions to resilience challenges.