Comment: Why China’s new cybersecurity law is a threat to international businesses and innovation

China has the world’s largest market for digital shopping, mobile payments and internet-enabled financial services. Close to 400 million people in China do most of their payments using their smartphones. The country’s overall information technology market is worth well above $300bn, and it is estimated that over 700 million Chinese have access to internet. Any law impacting the online space will make ripples in the way China does business.

That’s why its new cyber security law, due to take effect in June 2017, is alarming. It is part of an ongoing programme to reinforce China’s cyber security, and arguably targets non-​Chinese hackers. But it comes amidst tensions between the US and China, not just in terms of cyber security (each country has accused the other of hacking), but with trade, the economy, and, of course, the US election, which will inevitably change how business is done between the two nations.

The law appears to be counterproductive in several ways. First, important network equipment and software will require government certification. This means that specific pieces of intellectual property or technical features will have to be divulged, which could easily be passed on to Chinese companies by the regulators. It shouldn’t be forgotten that the state has massive power and plays a critical role in economic plans.

Businesses most at risk will be those with special hardware and systems for network management. But it could even include data from and for ATMs. The latest ATMs have much greater connectivity, with mobile integration and face recognition. This makes them more vulnerable to hacking and means confidential devices and information will have to be used for protection. This law creates a big entry place for state snooping.

The law is also counterproductive because companies gathering data in so-called ‘critical areas’ will have to store that data inside China. At this stage, the definition of ‘critical’ is worryingly broad. Compliance will force international firms to build expensive duplicate facilities in China. This is in total contradiction to the free flow of data, expected to swell in 2020 after the introduction of 5G.

International companies will have to weigh the risk against the opportunity to do business in this market. China has long had a reputation for ‘copying’ without getting insider access, and this law could only increase the ease with which the nation’s business sector can review competition. For foreign companies there is no easy way forward. Either they will comply, knowing China has a way to peek into what previously was private, or they will choose to stand by principles of privacy and risk being excluded from the Chinese market. Despite the dilemma, companies are likely to comply. The market is too huge and far too ripe for growth, especially when compared to more stagnant outlooks in Europe and the US.

As well as creating barriers for international business, this kind of legislative move goes completely against innovation. It could well be considered to be part of what is called ‘indigenous innovation’ in China. This consists of favouring domestic firms by establishing non-tariff barriers against imports, such as standards or regulations. The impact would be wide ranging, from consumer electronics to renewable energy.

Innovation involves a complex process, but it requires a society to be as open as possible and to allow vibrant exchanges between people. While cyber security is important, this law will wrap around the free market as it grips security. China’s entrepreneurs are, by and large, not bothered by government control of the internet, known as the ‘great firewall’. However, this law will tighten the state’s grip. Far from favouring Chinese champions such as Huawei, Lenovo or Tencent, it will handicap them in the long term. Maybe the hope is that these companies themselves will fight to alter the law and mitigate its negative implications. 

US firms have already begun to lobby strongly against the law, as well as China’s position that the internet must be managed by authorities. But this is just one piece in a larger political puzzle. Donald Trump’s stance on trade is equally, if not more, alarming for business. In the end, agility will be key for companies to succeed in the tense political environment.

Georges Haour is professor of technology and innovation management at IMD Business School and co-author of ‘Created in China’ (Bloomsbury).