China’s Tightening Internet Security Law Will Hit Foreign Companies Hard


The promulgation of a highly controversial new Internet Safety Law in China at the start of June is expected to cause major problems for foreign companies and financial institutions.

The new Internet law stipulates that “core information infrastructure operators” must store any personal information concerning Chinese citizens or “important data”  on servers physically sited within the PRC.

The definition of CIIO is extremely broad, and encompasses financial institutions as well as transportation, communications and medical companies.

According to Han Lai of law firm KroILDiscovery, the new law will have a an impact on the vast majority of foreign enterprises operating in China, in particular those who have global information infrastructure and IT resources.

This is because these companies can be expected to directly store much of the business or customer data that they harvest during the course of normal regular within China in data centres or servers situated outside of the country.

According to Han Lei Chinese regulators are serious about stepping up the country’s Internet security and bringing it on par with developed countries.

“The new regulations require that CIIO’s establish regulatory breach reporting mechanisms,” said Han Lai to Caixin. “This means that the government is extremely concerned with the implementation of the new law, and that companies must ensure that they establish the appropriate mechanisms for the gathering and usage of data, in order to prove that any data gathered has an appropriate purpose, and that a detailed explanation can be provided of its usage.

“Enterprises operating within China will have to comprehensively accelerate their relevant operations in order to satisfy the requirements of the new law – especially those that manage information as Internet operators.”

The law will likely make is very difficult for overseas Fintech companies to gain access to the Chinese market unless they are able to fully established a complete and segregated set of information infrastructure within the PRC.