Teleconference

Policy and Politics: the Impact of China's New Cybersecurity Law

Event Co-sponsors

Almost all digitally-developed countries agree on the importance of cybersecurity regulations and the need for proper measures to protect citizens and critical infrastructure. China, with over 700 million Internet users, has taken dramatic steps to establish a set of laws, regulations, and standards to begin the construction of a domestic cyber governance system, with the government being firmly in control.

How is China seeking to balance the growth and importance of the Internet with cybersecurity threats and concerns? How will cross-border data transfers be impacted by China’s draft regulations? How will this steer the conversation on international standards? In this Ground Truth Briefing, we consider the current direction of China’s cybersecurity strategy and the implications of China’s much-anticipated cybersecurity law, which came into effect on June 1.

Key Quotes:

Jing de Jong-Chen:

“I have been working with international cybersecurity policy issues with various government[s] and I have never seen a country that took such [an] aggressive approach to really begin… rapid development of its legislation and policies in a very short amount of time.”

“China will take, for example, national security as an anchor and then build around [it]. To support its objectives, you have counterespionage law, intelligence law, cybersecurity law, [and] counterterrorism law…”

“[The new cybersecurity] law actually included not only the general cybersecurity objectives; it also included the data residency requirements, personal data-protection, cross-border data-transfers, and censorship. And this is not only for government notice and take-downs, but [it is] also self-censorship required by the service providers.”

“There is a very strong component about secure and controllable measures and… supply chain risk-management… You will probably hear [it] through industry feedback, which is causing a lot of concerns, because it’s directly related to procurement.”

Philip Wennblom:

“China has a structured system for standards-development… The national and industrial standards are developed under careful government supervision. The process is really government-driven, and that contrasts with the system we’re familiar with in the United States, where standard-setting is largely industry-driven.”

“In laws, regulations, and even standards in China, many of the requirements are vague or unclear. Statements of authority tend to be clear, and the description of penalties for lack of compliance can be clear, but the specific technical requirements may be unclear.”

“Standards in China are often used as a tool to implement policies at a detailed, technical level… It’s helpful to look at the hierarchy of laws, regulations, and standards, because it can give you a better understanding of how a standard might be used or what its purpose is.”

Speakers

Moderator

  • Meg King

    Strategic and National Security Advisor to the Wilson Center's CEO & President; Director of the Digital Futures Project; and Coordinator of the Science and Technology Innovation Program

Speakers

  • Jing de Jong-Chen

    Partner and General Manager, Global Security Strategy and Diplomacy Group in the Corporate, External and Legal Affairs Division at Microsoft Corp
  • Philip Wennblom

    Director of Standards, Intel Corporation