China’s cyber security law: what does it mean for UK businesses?

The UK government has recommended that businesses pursue trading opportunities with China in light of Brexit, but China’s new cyber security law will have a huge impact on businesses, their websites, and their ability to operate in the Chinese market.

Failing to comply with the new law can have major consequences on businesses – resulting in websites being blacklisted, and companies ultimately unable to do business in the region. But what is perhaps more frightening, is that many companies are completely oblivious to the fact that they are even affected by the law. And if businesses do not ensure they comply, and quickly, then they jeopardise their success in the Chinese market – potentially permanently.

>See also: How businesses should prepare for China’s new Cyber Security Law

So how do businesses know if they are impacted by the new law? And what steps can they take to ensure they remain successful in the world’s largest online market?

Understanding the cyber security law

First and foremost, businesses need to understand what the new law is. But with legal texts outlining the law unavailable in English, this is almost impossible for UK and European businesses.

However, according to current interpretations, the law states that any data that is defined as sensitive, or that contains personal information about Chinese citizens, must be hosted in China – and cannot leave the country unless permission from the government has been granted.

Any company that operates a web service in China, whether that is a website or application, is therefore affected. The law has a huge impact on network operators and critical information infrastructure operators (CIIOs), as they tend to operate a web service on behalf of other companies.

When it comes to doing business in China, many companies turn to network operators or CIIOs because of the difficulties faced in ensuring good web performance in the region (with latencies caused by a combination of distance, in-country infrastructure, the Golden Shield and the Great Firewall of China).

Using a cloud service provider or a content delivery network (CDN) provider, however, helps businesses tackle these delays, and ensures web content is available by a node or server in the region.

>See also: Is China’s new cyber security law a threat to international businesses?

The law can ultimately impact any business, regardless of industry. Whether it is manufacturing, business services, tourism, media, online advertising, or gaming, if you operate a web service within China, or if you work with a cloud or infrastructure partner that hosts web content in the region for you, you must adhere to the new regulations – or risk being blacklisted.

The risks of not complying

If UK and European businesses do not comply with the new Cybersecurity Law, they risk having their website blocked, and ultimately being unable to do business in the region. With more than 700 million internet users in China – 95% of which are mobile internet users – businesses cannot afford to put their success in this market in jeopardy.

If businesses do not comply with the new legislation, they risk having their Bei’An license revoked, and their website blocked. Every website in China requires a Bei’An license to operate, and re-acquiring the license can be very difficult. What’s more, a business’ website won’t be back up and running until the license has been re-acquired.

Thousands of government officials, as well as intelligent algorithms, are currently investigating whether companies meet the requirements of the new legislation – regardless of whether they are Chinese or non-Chinese.

Checks are being carried out to determine whether hosting providers and CDN providers have the necessary licenses, and these companies are being asked by government officials to make the necessary changes as quickly as possible. If these companies do not comply with the new law quickly, the Bei’an license required may be withdrawn.

>See also: How will China’s new cyber security law affect foreign enterprises?

But many businesses are simply unaware that they are even affected by this new law. Many companies that work with cloud or infrastructure partners are not aware that the law has an impact on them, and have no idea what they should be doing to ensure they are compliant.

Steps to success

Companies may think they can get around the law by hosting their web content outside China, or in Hong Kong, but the long load times caused by the Great Firewall of China means hosting outside of China just isn’t a suitable alternative to overcoming the new law.

While it may seem like doom and gloom, all is not lost for UK and European businesses. In fact, success for companies is still very much on the horizon – they just need to make sure they take the necessary steps to ensure they are compliant.

Businesses must firstly, and perhaps most crucially, check where their data is kept and processed. As mentioned previously, all companies must ensure their web content is available by a node or server in China. By doing this, not only are companies ensuring they comply with the new law, they are also eradicating some of the issues that may have previously been causing delays – such as the distance from the UK to China, as well as the Great Firewall.

If a company’s own infrastructure is used, it must be checked for conformity. Alternatively, a hosting, cloud or CDN provider must be compliant with the new regulation, and be able to assist in implementing all the necessary steps required to ensure they are abiding by the new law.

>See also: APT10’s cyber attack shows anti-virus defences can’t be relied on

If companies are working with a hosting, cloud or CDN provider for the Chinese market, they should check whether their provider is compliant and whether necessary changes can be made together. It’s also important to remember that placing the source server of any web services in China is the safest way to ensure compliance – so businesses should take this into consideration when performing their necessary checks.

Businesses using a provider should also check to see if they can help overcome the two final hurdles that hinder web performance – in-country latencies, and the Golden Shield. By doing this, they ensure they can deliver the best possible web performance, all while staying compliant.

The path for businesses in China

With uncertainties around Brexit and the US market, UK and European businesses will be looking to focus their energies on new markets, and there is no doubt that China will the number one target.

While the new cyber security law will impact a multitude of companies, this doesn’t mean that the Chinese market is off limits. If businesses ensure they are compliant, and take the necessary steps to adhere to the new rules and regulations, then there is no doubt they will reap the benefits of a thriving and lucrative market.


Sourced by Chris Townsley, EMEA Director, CDNetworks


The UK’s largest conference for tech leadershipTech Leaders Summit, returns on 14 September with 40+ top execs signed up to speak about the challenges and opportunities surrounding the most disruptive innovations facing the enterprise today. Secure your place at this prestigious summit by registering here

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...

Related Topics

Cyber Security