China Paves Way for International Businesses: Plans to Ease Major Barrier

BEIJING — Chinese authorities are indicating a more lenient approach to data regulations, particularly for foreign businesses, as part of recent efforts to ease regulatory burdens.

In recent years, China has implemented stricter controls on data collection and export through new legislation. However, foreign businesses have struggled to comply and operate due to the ambiguous language used in the regulations, especially regarding the definition of “important data.”

In a proposed update, the Cyberspace Administration of China (CAC) has stated that data exports do not require government oversight unless regulators have explicitly classified it as “important data.”

This information comes from draft rules released by the CAC on September 28, just before the country’s eight-day holiday. The public comment period will close on October 15.

The European Union Chamber of Commerce in China stated to CNBC that the release of these draft rules indicates that the Chinese government is listening to the concerns of businesses and is willing to address them. The Chamber added that the draft regulations provide more clarity on how companies can verify whether their data qualifies as “important data,” thus relieving companies of certain difficulties related to cross-border data transfer and personal information protection.

The European Union Chamber of Commerce and other business organizations have been advocating for improved operating conditions in China. The draft rules from the cybersecurity regulator also state that data generated from international trade, academic cooperation, manufacturing, and marketing can be sent overseas without government oversight, as long as it does not include personal information or “important data.”

Reva Goujon, director of China Corporate Advisory at Rhodium Group, mentioned that this step is small but significant in terms of showing Beijing’s commitment to facilitating cross-border data flows and improving the investment climate. Goujon also highlighted the economic costs associated with China’s data sovereignty ideals and the need for clarity to avoid operational uncertainties.

China’s economic recovery has slowed since April due to various factors, including uncertainties caused by the implementation of an updated anti-espionage law that involved raids on foreign consultancies. Rhodium Group’s Goujon explained that when the economy was strong, Beijing was confident in enforcing strict data security regulations similar to those in the EU, while the US lagged behind in this area. However, the Chinese State Council has taken steps to support foreign business operations in the country, such as reducing random inspections for companies with low credit risk and promoting data flows for certain foreign businesses through “green channels.”

Teneo, a consultancy firm, found that foreign business sources were not particularly excited about the State Council’s 24-point plan, as it consists mostly of vague commitments or repackaging of existing policies. However, some of the measures mentioned in the plan could be useful.

The U.S.-China Business Council’s latest annual survey revealed that members faced challenges related to data regulations, personal information protection, and cybersecurity. Improving these areas, along with addressing the existing challenges posed by international and domestic politics, would benefit U.S. businesses in China.

According to a PIIE blog post by Martin Chorzempa, senior fellow at the Peterson Institute for International Economics, and Samm Sacks, senior fellow at Yale Law School Paul Tsai China Center and New America, the proposed data export controls do reduce regulatory risk but do not eliminate it since the definition of “important data” remains vague and subject to Beijing’s determination. However, they noted that the Chinese leadership has committed to a more transparent and predictable approach to technology regulation, and the proposed regulations align with the State Council’s 24 measures aimed at promoting free data flows.

In recent months, there has been a relaxation of regulations in various areas. For example, in late August, Baidu and other Chinese companies were able to launch generative AI chatbots to the public following the implementation of interim regulations for the management of such services. The latest version of the AI rules exempts companies developing the technology, as long as the product is not available to the mass public. The rules also do not include a blanket license requirement.

Overall, these proposed changes reflect China’s recognition of the economic costs associated with data sovereignty and the need to provide more clarity to facilitate cross-border data flows and attract multinational corporations in data-intensive industries.