On 1 July 2015 the National People’s Congress of China passed the National Security Law.
The National Security Law is broad in scope, and brings a range of matters into the purview of what can be deemed areas of national security – including financial, cultural and environmental matters. The National Security Law also contains a mandate for the state to establish “national sovereignty security and development interests in cyberspace”.
In addition, under the National Security Law the Chinese government will prioritise the creation of “indigenous innovation” and “secure and controllable technologies”. These terms are of particular concern to foreign technology businesses, as they have previously been associated with inward-looking policies. For example, several months ago in the banking sector, the China Banking Regulatory Commission (the CBRC) had mandated that banks purchase “secure and controllable” IT products (see client alert here). In order to be deemed “secure and controllable”, the source code for software applications used by banks would need to be submitted to the CBRC, and banks would need to source IT products and encryption algorithms primarily from Chinese vendors. Although the CBRC has since suspended its specific requirements in this regard, the National Security Law now opens the possibility for similar IT-procurement restrictions to appear in each sector of the economy.
The National Security Law took effect immediately upon its enactment. For an English translation, please refer http://bit.ly/1O5FKEk.