“IF YOU want to stay in China, you have to go all in.” So says James Fitzsimmons of Control Risks, a consultancy, of the impact China’s new cyber-security law will have on multinational companies (MNCs). These firms have moaned for months about the law’s intrusive and vague provisions and asked for a delay in its implementation, but to no avail. It came into force on June 1st, and foreign firms are now scrambling to figure out its implications. Mr Fitzsimmons, for one, is convinced that they must take the costly step of separating their local IT systems from their global networks.
At first blush, the law seems a reasonable effort at tackling two areas of policy in need of reform. The first is cyber-security. Companies in industries deemed to be critical must now ensure that their technology systems are “secure and controllable.” They must store important data locally, and will be subject to audits by official inspectors. Susan Ning of King & Wood Mallesons, a Chinese law…Continue reading