China’s cybersecurity laws may be used to block US tech firms on national security grounds, says expert
- The draft measures have been released online for public feedback until June 24
- They were published amid escalating trade war tensions between Beijing and Washington
China has highlighted “secure and controllable” technology in the country’s critical information infrastructure in a new draft of cybersecurity regulation, sparking speculation that the rule could be used as a retaliatory tool to block US technology companies on the grounds of national security.
In a draft Cybersecurity Review Measures document published on Friday by China’s Cyberspace Administration, operators of the country’s critical information infrastructure, including major telecommunications network operators and financial service providers, would be required to evaluate the national security risk when purchasing foreign products and services.
“China could use [the draft regulation] to block US tech purchases on the basis of national security,” said Samm Sacks, cybersecurity policy and China digital economy fellow at New America, a non-partisan think tank in the US.
“This appears to be responding to new far-reaching US government powers introduced in the executive order.”
The executive order she referred to was issued by US President Donald Trump, restricting American hi-tech purchases by “foreign adversaries” that are deemed a national security risk
The draft regulation was published amid escalating trade war tensions between Beijing and Washington.
Last week, the Trump Administration delivered a one-two punch to Huawei Technologies, one of China’s tech champions, with an executive order that bans US purchases of the Chinese company’s products on the basis of national security.
Podcast: Here’s how the tech war affects small electronics companies
It also put Huawei on a blacklist that cuts its supply of American products, ranging from Intel and Qualcomm chips to Google’s Android operating system that runs on the Chinese telecoms equipment maker’s smartphones.
National security concerns have long been used as the justification for Washington’s increased scrutiny over Huawei.
American lawmakers have questioned Huawei’s ties with the Chinese Communist Party, though the company has denied assertions that its equipment could be used for spying.
With China’s possible retaliatory move on US companies with the draft regulation, experts say the world is heading down a path of two distinct technology-based ecosystems where China pushes out US companies and the US pushes out Chinese companies.
The draft measures, which have been published online for public feedback until June 24, are part of a security review tied to implementation of China’s cybersecurity law which came into effect in June 2017.
The draft does not provide a detailed list of what could be considered as a security risk, other than to provide some examples such as “leaking, lost and cross-border transfer of key data” and “supply chain security threat”.
“The regulatory opacity means that officials have quite a lot of flexibility in how they want to implement this – meaning it could be applied to US firms in a way that embodies ‘qualitative measures’ as part of China’s trade war response,” said Nick Marro, Hong Kong-based analyst with The Economist Intelligence Unit.
Marro, whose focus includes Chinese foreign policy, said the compliance burden for foreign companies would be high because they will not know what information is required for each review and which one is more important.
