China’s New Cybersecurity Law Could Cost Foreign Companies Their Ideas

China hacking
Edgar Su/Reuters

For years China has known that it has a cyber-security problem. On June 13, 2013, the U.S. whistleblower Edward Snowden gave an explosive interview to the South China Morning Post while he was in hiding in Hong Kong. The National Security Agency, Snowden said, had carried out 61,000 global hacking operations, including in Hong Kong and mainland China.

For U.S. tech companies operating in China, Snowden’s revelations were bad news. As suspicions mounted, Cisco, an IT and networking multinational company, saw its Chinese revenues fall by 18 percent compared to the last fiscal quarter. Beijing began pushing for firms to use domestic telecommunications equipment and began making plans to shore up China’s cybersecurity. Now this plan is a day from being realized.

On June 1, China’s first cyber-security law will come into effect. Wide-ranging and loosely worded, it is likely to make life much harder for foreign companies who do business in China. Under the new law, companies authorities deem “critical”—meaning they hold data sensitive enough to harm people if it was hacked—will have to store all their Chinese data in the country. These companies will not just include obvious targets like banks. Officials in Shanghai, the Financial Times reported, suggested that food delivery companies could even be included. Beijing will also review the data systems of these critical businesses to make sure they are secure.

Companies not considered critical will still have to develop data protection measures; store data relating to China or Chinese people on domestic servers; and get permission from the relevant authorities before moving large amounts of data abroad.

For multinationals, the new law means new costs. Companies who don’t yet store data in China will have to change their business structure and pay for cloud-sharing services in the country. But this, says Steve Tsang, director of the China Institute at London’s SOAS University is not the biggest concern surrounding the new law. “If you’re talking about large multinational corporations, the cost is minor,” Tsang says. “Businesses are more concerned that the Chinese will soon have a strong legal basis to access foreign companies’ data.”

Among companies, Tsang says, there is concern that Chinese officials might soon be able to access a great deal of information about their businesses, including scrutinizing their intellectual property. This is of particular concern to some given China’s history of copying other country’s technology and ideas.

In 2015, Bill Evanina, deputy to the then Director of National Intelligence James Clapper, estimated that Chinese hackers had stolen $360 billion a year from the U.S. in intellectual property hacking alone. A year later, in April 2016, U.S. Steel reported that Chinese hackers had stolen decades of research and passed the information on to Chinese companies. This, and similar allegations, might explain why this year the U.S. again included China on its 11-nation strong “Priority Watch List” for intellectual property theft.

In response to the June 1 law, various international business organizations, among them the American Chamber of Commerce in China have authored a letter calling on Beijing to delay the bill’s implementation. Though the note acknowledges that all countries have their own security concerns, it says “China is the principal country addressing these concerns by requiring foreign companies to transfer their technology and to surrender their brand and operating control in order to do business.”

Tsang is more equivocal when discussing the law which he says does meet a genuine security need for Beijing. While China does have a right to tighten its cybersecurity, Tsang recognizes that in the country, “you also have a system where there is not much in terms of democratic checks and balances,” and so there is no guarantee of how China will use the information it will soon have access to.

Despite concerns multinationals have, it is likely that many will acquiesce to the law. China is the world’s second-largest economy and for many companies, it is a market that they cannot afford to cut off. Doing business with Beijing comes at a cost.