October 13, 2017, Covington Alert

In a draft regulation released earlier this year, China proposed regulating the import, export, manufacture, sale, and use of “commercial encryption products,” building on a patchwork of regulations.1 These regulations have focused on restricting the import and use of encryption products produced by certain manufacturers, and many entities have expressed concern ...

August 31, 2017, Covington Alert

On August 31, 2017, China’s National Information Security Standardization Technical Committee (“NISSTC”), a standard-setting committee jointly supervised by the Standardization Administration of China (“SAC”) and the Cyberspace Administration of China (“CAC”), released an updated draft of the Information Security Technology - Guidelines for Data Cross-Border ...

July 21, 2017, Covington Alert

On June 16, 2017, China’s Ministry of Commerce (MOFCOM) released for public comment a draft of the Export Control Law (“the Draft Law”). While China has a number of regulations relating to export controls and has signed numerous nonproliferation agreements, the Draft Law would be China’s first law specifically addressing export controls and would implement an export controls system that protects China’s national security and consolidates its nonproliferation efforts. This new law, if enacted as drafted, would bring China’s system somewhat closer to other export control regimes, although certain provisions are still inconsistent with the approach of other jurisdictions. The Draft Law also introduces new restrictions on the provision of “export control-related” information” outside of China, highlighting the government’s desire to tighten the control of cross-border transfers of technical data related to controlled items. The Draft Law is expected to be introduced to the National People’s Congress for a first reading in 2018.

July 12, 2017, Covington Alert

On July 11, 2017, the Cyberspace Administration of China (CAC) released the draft Regulation for the Protection of the Critical Information Infrastructure (“Draft Regulation”) for public comment (official Chinese version available here). The comment period ends on August 10, 2017.

June 1, 2017, The Hill

Yan Luo is quoted by The Hill in an article regarding some of the uncertainties surrounding China's new Cybersecurity Law. Under the new law, cross-border data transfers for operators of "critical information infrastructure" are subject to security reviews and restrictions. According to Luo, "We don’t really have a definition of critical information ...

May 19, 2017, Covington Alert

On May 19, 2017, the Cyberspace Administration of China (“CAC”) invited international stakeholders to attend a seminar to discuss an updated version of the Measures on Security Assessment of Cross-border Data Transfer of Personal Information and Important Data (“the Measures”). Given that the Measures have an intended effective date of June 1, 2017, it is likely that they are in final form and the framework established by the Measures will govern China’s cross border data transfers going forward. This alert summarizes the key changes from the previous version.

May 9, 2017, Covington Alert

On April 13, 2017, China’s State Cryptography Administration (“SCA”) published a draft Encryption Law (“the draft Law”) for public comment.

After several years of drafting, the draft Law, if enacted as drafted, would be the first Chinese statute to systematically address encryption, covering “the research, production, management, import and export, testing, authentication, use, and regulation of encryption.” China has long regulated the import, export, sale, use, and scientific research of “commercial” encryption. The draft Law, however, provides rules for three categories of encryption—“ordinary” encryption, “core” encryption, and “commercial” encryption—with a view to establishing a uniform regulatory framework that would govern all types of encryption and providing SCA with greater enforcement authority.

May 3, 2017, Covington Alert

On May 2, 2017, the Cyberspace Administration of China (“CAC”) released the final version of the Measures on the Security Review of Network Products and Services (Trial) (“the Measures”), with an effective date of June 1, 2017 (official Chinese version available here). The issuance of the Measures marks a critical first step toward implementing China’s Cybersecurity Law (“the Law”), which was promulgated on November 7, 2016 and will take effect on June 1, 2017 (the same date as the Measures).

April 12, 2017, Covington Alert

On April 11, 2017, the Cyberspace Administration of China (“CAC”) released a draft of the Measures on Security Assessment of Cross-border Data Transfer of Personal Information and Important Data (“the Draft Measures”) for public comment (official Chinese version available here; Covington’s translation of the Draft Measures is appended at the end of this alert).

February 7, 2017, Covington Alert

On February 4, 2017, the Cyberspace Administration of China (“CAC”) released the draft Measures on the Security Review of Network Products and Services (“the draft Measures”) for public comment (official Chinese version available here; Covington’s translation of the draft Measures is here). The comment period ends on March 4, 2017.

January/February 2017, EuroBiz

January 23, 2017, Covington Alert

On January 9, 2017, eight Chinese ministries announced a significant new policy that aims to reduce marked-up prices and corruption in multi-tier distribution chains. The policy effectively requires that under most circumstances, at most two invoices may be issued throughout the distribution chain, with one from the manufacturer to a distributor and another from the distributor to the end hospital. The policy applies only to drugs, but some provinces reportedly have been implementing similar policies for medical devices.

December 15, 2016, Law360

November 8, 2016, Covington Alert

On November 7, the Standing Committee of China’s National People’s Congress (“NPC”) passed China’s first Cybersecurity Law (the “Law”), which will take effect starting June 1, 2017.

Described as China’s “fundamental law” in the area of cybersecurity, the new Law articulates the government’s priorities with respect to “cyberspace sovereignty,” consolidates existing network security-related requirements (covering both cyber and physical aspects of networks), and grants government agencies greater power to regulate cyber activities. It is the first Chinese law that systematically lays out the regulatory requirements on cybersecurity, subjecting many previously under-regulated or unregulated activities in cyberspace to government scrutiny. At the same time, it seeks to balance the dual goals of enhancing cybersecurity and developing China’s digital economy, which relies heavily on the free flow of data.

With its broad application, the new Law will have significant and long-lasting implications for companies operating in China or seeking to access the Chinese market. This alert highlights key features of the Law and explains these implications.

2016年10月16日, 中国互联网法治大会

July 12, 2016, Covington Alert

On July 5, 2016, China’s National People’s Congress (“NPC”) released a new draft of the Cybersecurity Law for public comment (official Chinese version available here; unofficial translation from AmCham China available here). The revised draft contains a number of significant changes from the first draft, which was released in July 2015, but retains many of the provisions from the first draft that raised concerns among multinational companies, especially those in the tech sector, about the potential to serve as a tool for discriminating against foreign technologies in favor of domestic industry.

June 7, 2016, EURObiz

May 6, 2016, Insight

May 2, 2016, Law360

2015年7月13日, 《中国法律和实践》

2015年7月10日, 科文顿电子期刊

2015年7月2日, 科文顿电子期刊

June 9, 2015, Covington Alert

2014年2月20日, 科文顿电子期刊

2014年冬, 《国际竞争政策》

2013年7月19日, 科文顿电子期刊

2013年1月4日, 科文顿电子期刊

2015年5月15日, 科文顿电子期刊

Spring 2012, Monopoly Matters

2012年春, 《垄断事务》

2010年3月, Kluwer Law International