China Passes New Cybersecurity Law

On November 7, the Standing Committee of China’s National People’s Congress (“NPC”) passed China’s first Cybersecurity Law (the “Law”), which will take effect starting June 1, 2017.

Described as China’s “fundamental law” in the area of cybersecurity, the new Law articulates the government’s priorities with respect to “cyberspace sovereignty,” consolidates existing network security-related requirements (covering both cyber and physical aspects of networks), and grants government agencies greater power to regulate cyber activities. It is the first Chinese law that systematically lays out the regulatory requirements on cybersecurity, subjecting many previously under-regulated or unregulated activities in cyberspace to government scrutiny. At the same time, it seeks to balance the dual goals of enhancing cybersecurity and developing China’s digital economy, which relies heavily on the free flow of data.

With its broad application, the new Law will have significant and long-lasting implications for companies operating in China or seeking to access the Chinese market. This alert highlights key features of the Law and explains these implications.