Recently introduced cybersecurity laws in China are set to cause ripples through the legal, compliance and IT recruitment markets as firms strive to understand the implications. Those affected are beginning to bolster the departments responsible for setting firms on a path to compliance.
The rapid and often unchecked development of online business practices in China has brought about many challenges including issues around copyright infringement, ecommerce disputes and data protection. As a result corporations are facing more challenges to comply with the law and the more detailed regulations that covers network operation security, content security, network monitoring and incident response reporting to authorities.
The People’s Republic of China Network Security Law came into effect on June 1st, 2017 forcing companies, especially those operating an online-to-offline (O2O) business model, such as Alibaba, JD.com, Amazon and so on, to step up their cybersecurity programs. The law requires certain measures are put in place to safeguard network security, cooperate with inspections and undertake social responsibilities. In addition, a security assessment is required prior to the transfer of crossborder personal data. Failure to comply or to inadequately protect systems allows the PRC government or related authorities the right to limit or shut down the network communications in the event of security emergencies.
The law affords Chinese crime and security investigators greater access to companies’ data. This will present challenges for network operators across the region as they will need to be able to grant access when needed, but also they need to comply with mandatory testing and certification of computer equipment. International firms have traditionally been perceived as being more compliance savvy, but the enormity of restructuring localised operations to meet the stipulations of the law pertaining to cloud based data storage will hit them hard. Domestic data will need to be stored on China-based servers, inevitably interrupting the flow of current global systems and operations and resulting in increased costs.
Enterprises found violating the law will be subject to fines up to RMB1,000,000, with the responsible management or individual subject to imprisonment. The involved parties can also be banned from taking network security and operation management positions in the future. In late September 2017 just three months after the law came into effect, three of the region’s largest social media platforms were under investigation by the Cyberspace Administration of China. They have been subsequently issued fines under the new law for violations relating to censorship. This is testament to the fact that the law is being used by regulators and that officials are indeed clamping down on all areas of domestic data protection and cybersecurity.
Our clients in China are having no choice but to lower their requirements and increase salaries on offer when it comes to recruiting cybersecurity talent as demand for individuals with extensive and relevant experience far exceeds supply. International and local law firms are in the beginning stages of setting up dedicated cybersecurity teams to be able to adequately service their clients increasingly complex needs. We are seeing the same in companies as they seek to recruit lawyers with cybersecurity exposure to join in-house teams to plug the knowledge gap of their current departments.
Candidates are identifying cybersecurity as lucrative and opportunistic field to enter. However, many have concerns about the vague nature of the current law especially set against a backdrop of incredibly fast paced online business and associated technology developments. As a result, younger candidates seem more willing to enter the space.
For more information please contact
Shanghai, North Asia
+86 21 8025 1528