Why China’s New Cybersecurity Law Is Bad News for Business

China Cyber Law
FILE - In this Aug. 16, 2016 file photo, a worker is silhouetted against a computer display showing a live visualization of the online phishing and fraudulent phone calls across China during the 4th China Internet Security Conference (ISC) in Beijing. China's legislature has approved a cybersecurity law on Monday, Nov. 7, 2016 that human rights activists warn will tighten political controls and foreign companies say might isolate Chinese industries. (AP Photo/Ng Han Guan, File)
Ng Han Guan—AP

China’s new cybersecurity law, expected to take effect next June, could hurt any foreign firm looking to do business in the world’s second-largest economy. Though the law is intended to fight non-Chinese and Chinese hackers, it also requires that foreign companies provide China’s government with potentially sensitive information about network equipment and software. Given the weaknesses of China’s enforcement of laws around intellectual property, it’s easy to see how trade secrets can fall into the hands of Chinese competitors at the expense of the best interests of foreign firms.

Businesses most at risk will be those with special hardware and systems for network management, which could well include ATMs. Because new-generation ATMs have a much higher level of connectivity, they’re more vulnerable to hacking, which is why they require sophisticated encryption devices and software to secure transactions. This cybersecurity law thus provides the government with the legal tool to obtain all such anti-hacking proprietary security hardware and software, which could then be passed on to relevant Chinese firms. And having access to the hardware and software means firms would have access to individuals’ personal banking information, as well.

The new law is also counterproductive because the scope of information that foreign companies will be required to provide to Chinese officials is worryingly broad. Complying with this requirement will force U.S. firms to make expensive investments to build duplicate facilities within China. This is in total contradiction with the free flow of data, expected to swell in 2020 after the introduction of 5G.

U.S. companies will have to weigh this risk against the opportunity to do business in China, which has developed a reputation for ‘copying’ without getting insider access. For international companies, there is no easy way forward, as the choice is black or white. Either foreign companies will comply, knowing China has a way to peek into what was previously private, or they will choose to stand by principles of privacy at the risk of being excluded from the Chinese market. Despite the challenging dilemma, companies are likely to comply and give in to China’s demands. The market is too huge and far too ripe for future growth to be ignored, especially when compared to more stagnant outlooks in Europe and the U.S.

In addition to creating barriers for international business in China, this kind of legislative move could stall innovation. It could well be considered to be part of what is called “indigenous innovation” in China, which consists of favoring Chinese firms by establishing non-tariff barriers—such as specific standards or regulations on products—in order to prevent non-Chinese firms the access to China’s large and dynamic market. And the impact would be wide-ranging, from consumer electronics to products, such as equipment to produce renewable energy, including windmills and solar panels.


Innovation involves a complex process, but it requires a society to be as open as possible and to allow vibrant exchanges between people. While cybersecurity is important, this law will wrap around the free market as it grips security. Within China, entrepreneurs are, by and large, not bothered by their government’s management of the Internet, called the “great firewall.” However, this new law is a new step to tighten the government’s grip on Internet. Furthermore, far from favoring China’s champions in this very dynamic area, such as Huawei, Lenovo, or Tencent, this law will handicap them in the long term. Maybe the hope is that these companies themselves will fight to alter the law and mitigate the negative implications for China’s Internet landscape.

U.S. companies have already begun to strongly lobby against the law, as well as China’s position that the Internet must be managed by authorities. But despite the efforts of any company, American, Chinese, or other, the cybersecurity law is just a piece of a larger ongoing political puzzle that companies will have to deal with. In the end, agility will be key for companies to succeed in the tense political environment.

Georges Haour is a professor of technology and innovation management at IMD business school and co-author of the new book, Created in China: How China is Becoming a Global Innovator (Bloomsbury, London, 2016).

Subscribe to Well Adjusted, our newsletter full of simple strategies to work smarter and live better, from the Fortune Well team. Sign up today.

Read More

Great ResignationClimate ChangeLeadershipInflationUkraine Invasion