The Chinese government has approved a broad new cyber security law that it says will help it combat hacking and terrorism, but that has left foreign companies and human rights groups concerned.

Set to come into effect in June 2017, the law includes requirements for “critical information infrastructure operators” to store personal information and important business data within China, provide “technical support” to security agencies, and go through national security reviews.

china

China’s cyber space

More than 40 global business groups petitioned Chinese Premier Li Keqiang in August, asking for amendments on sections they found controversial, including a lack of clarity on whether overseas companies would be unable to do business in areas deemed “critical,” whether they would be expected to put backdoors into systems, and whether they would have to hand over intellectual property.

Article 10 of the new cybersecurity law states that:

“Companies that build, maintain the Internet or provide service through the Internet shall follow laws and administrative regulations as well as mandatory requirements set by the state’s standards. They shall take technical and other necessary measures to ensure the Internet is functioning safely and stably, handle cybersecurity incidents effectively, prevent cyber criminal activities, and maintain the integrity, secrecy and usability of Internet data.”

Chinese officials said legislation would not interfere with foreign business interests, with the director of the Cyberspace Administration of China’s cyber security coordination bureau Zhao Zeliang telling reporters: “They believe that [phrases such as] secure and independent control, secure and reliable, that these are signs of trade protectionism. That they are synonymous. This is a kind of misunderstanding, a kind of prejudice.”

Yang Heqing, spokesman for the National People’s Congress Legislative Affairs Commission added that the law’s purpose “is to protect the security and credibility of the Internet.”

“China is an Internet power, and as one of the countries that faces the greatest Internet security risks, urgently needs to establish and perfect network security legal systems.”

However, James Zimmerman, chairman of the American Chamber of Commerce in China, called the provisions in the law “vague, ambiguous, and subject to broad interpretation by regulatory authorities.”

Human Rights Watch said that the law would restrict online freedom in China even further, pointing to a section that criminalizes the use of the Internet to “damage national unity.”

Sophie Richardson, China Director at Human Rights Watch, told Reuters: “Despite widespread international concern from corporations and rights advocates for more than a year, Chinese authorities pressed ahead with this restrictive law without making meaningful changes.”

Late in the bill’s transition from concept to law, an article (no. 13) was added on child safety protection, causing some to question if it is in preparation for an upcoming Cyberspace Administration of China (CAC) bill. Legal expert Matt Carpenter wrote (translated): “the timing is weird…[T]he new law certainly lays grounds for CAC to pass its child-safety rules.”

CAC’s proposal includes requirements for smart device makers and importers to pre-install child-protection software on their products or provide simple instructions on how to install the software.