China has just passed a new series cybersecurity regulations on November 7 (China Standard Time) that would severely restrict new technology companies in the country.
The new law comes with stringent regarding data localization, surveillance, and real-name requirements. In regards to data localization, “critical information infrastructure operators” would be required to store data within Chinese borders, and in regards to real names, Internet companies would be required to register their real names and personal information while censoring prohibited content. Such prohibited content includes material that encourages “overthrowing the socialist system,” “incit[ing] separatism,” or “spreading false information to disturb economic order.”
In addition, Internet companies would be required to lend the government “technical support” during investigations, which may include encryption backdoors or other surveillance assistance.
It is worth noting that a lot of the terms in the new law, including “technical support,” “infrastructure operators,” and “disturb economic order” are broadly defined, and could be open to wide interpretation by Chinese officials. These new regulations could greatly hurt efforts by big Internet companies to gain a foothold in the country, especially if they have not dealt with similar regulations before.