China’s strict cybersecurity laws took effect today; potentially impacting foreign businesses

The rigorous new Chinese cybersecurity laws we wrote about last November took effect today.

They’re designed to give China’s central government more direct control over the operations of internet-based companies operating in the country.

As we wrote last November:

The regulation would require instant messaging services and other internet companies to require users to register with their real names and personal information, and to censor content that is “prohibited.” Real name policies restrict anonymity and can encourage self-censorship for online communication.

The law also includes a requirement for data localization, which would force “critical information infrastructure operators” to store data within China’s borders. According to Human Rights Watch, an advocacy organization that is opposing the legislation, the law does not include a clear definition of infrastructure operators, and many businesses could be lumped into the definition.

The official word from Beijing’s state news agency, Xinhua, is that the law is an attempt to battle increasing threats from cyberterrorism and hacking.

But it will also have a chilling effect on foreign businesses looking to grab a foothold in the world’s most populous country.

Foreign companies have argued for more clarity and more time to implement the controls that the government wants put in place, but so far China’s internet regulator, The Cyberspace Administration of China, has only relented on pushing back the date for laws relating to the cross-border flow of information.

According to a report in The New York Times, those rules won’t be implemented until 2018.

China does have legitimate security concerns. Thanks to lax intellectual property laws and rampant software piracy, the country was especially vulnerable to the WannaCry attacks from earlier in the month.

The South China Morning Post reported that more than 30,000 institutions, including some major universities, had systems that were infected with the malware.

But critics of the legislation say that it does far more than secure the internet — it wraps China’s already firmly held internet even more tightly in the government’s embrace.

As we wrote back in November:

According to Human Rights Watch, an advocacy organization that is opposing the legislation, the law does not include a clear definition of infrastructure operators, and many businesses could be lumped into the definition.

“The law will effectively put China’s Internet companies, and hundreds of millions of Internet users, under greater state control,” said Sophie Richardson, Human Rights Watch’s China director. HRW maintains that, while many of the regulations are not new, most were informal or only laid out in low-level law — and implementing the measures on a broader level will lead to stricter enforcement.