China’s Cybersecurity Law comes into effect on June 1. It requires network operators to store select data within China and allows Chinese authorities to conduct spot-checks on a company’s network operations. Beijing asserts that the law is intended to bring China in line with global best practices for cybersecurity.
The law has raised concerns among some foreign companies over greater data controls as well as increased risks of intellectual property theft. Vague terminology and absent official guidance on complying with the law have created uncertainty, prompting many to call for the law to be delayed. It is likely an 18-month phase-in period will be announced and the vague provisions of the law ensure that most companies are adopting a wait-and-see approach in compliance preparations.