Flags of USA and China on two clenched fists showing the new draft China cybersecurity law which could block US tech firms from doing business
New China Cybersecurity Law Could Block Tech Firms From the United States by Nicole Lindsey

New China Cybersecurity Law Could Block Tech Firms From the United States

At the same time as the United States is taking unprecedented steps to block Chinese tech giant Huawei from ever doing business with it or any of its allies, China is also moving to block U.S. tech firms. The new draft China cybersecurity law from the Chinese Cyberspace Administration, which is in charge of overseeing the critical information infrastructure of China (including telecommunications and financial services), makes clear that China can restrict certain U.S. companies from doing business within the country on national security grounds. As a result, this latest legislative measure from China would represent a clear tit-for-tat in the escalating trade and cyber war between the U.S. and China.

Origins of the new China cybersecurity law

The move by China’s Cyberspace Administration to implement the China cybersecurity law, while unprecedented, is clearly based on previous moves already made by the Trump Administration within the United States. The U.S. Department of Commerce, for example, recently implemented a new executive order from President Donald Trump that targets China: it states outright that “foreign adversaries” such as China should not be able to do business with the United States unless a full security review mechanism takes place. Using the premise of “national security” means that the burden of proof now falls on companies like Huawei to prove that they do not represent a national security threat to the United States.

Moreover, the U.S. followed that with the release of a so-called “blacklist” of Chinese companies that would be effectively banned from the U.S. tech supply chain. This second move, for example, would prevent U.S. tech giants from supplying Chinese companies such as Huawei (or any of its 68 affiliates) with parts and components (including chips and operating systems) needed to run mobile devices. Google, clearly eager to remain in the best graces of U.S. regulators, was the first big tech giant to comply with the new directive, cutting off future Android licenses, as well as Google apps and services. That was quickly followed by similar moves by Microsoft, Qualcomm and Intel. On a cumulative basis, this rapid chain of events, which effectively serve to sever Huawei Technologies from the U.S. tech sector, would appear to be catastrophic for Huawei. Seemingly overnight, Huawei no longer has access to the chips or Android operating license needed to make mobile devices.

Specifications of the China cybersecurity law

One important thing to note about the new China cybersecurity law is that it is still in “draft” mode, and is open for public commentary until June 24. That gives both China and the United States time to work out a potential compromise solution. From a Chinese perspective, the best possible scenario would be a relaxation of the U.S. rules governing the ability of Chinese tech firms to do business in America. Theoretically, there is still time for both the United States and China to pull back from the precipice.

Since the new China cybersecurity law was put together so quickly, even long-time observers of the Chinese tech industry are not exactly sure what it does – or does not – allow the Chinese Cyberspace Administration to do. The only thing that is clear is that it might expose U.S. tech firms to greater scrutiny under “national security” grounds if they plan to do business in the Chinese market. However, the exact terms of the review process are unclear, as are the possible remedies if a U.S. tech firm operating in China is found to be in violation. For example, right now there is no clear appeals process. Thus, once a tech firm like Google or Apple is found to be a threat to national security after national security reviews, nobody is really clear what should happen next.

Disruptions to the global tech supply chain

A larger concern, of course, is that the rapidly intensifying trade and cyber war between the U.S. and China (and between President Donald Trump and President Xi Jinping) might lead to a broader disruption in the global supply chain for tech products. In other words, this nasty trade spat is unlikely to remain relegated only to China and the United States. Chances are, it will soon spill over to Europe and other parts of Asia before becoming a worldwide problem. Around the world, consumers might experience higher prices or limited availability of certain tech devices.

Take Europe, for example, where 75 percent of the smartphone market is Android devices and Huawei has a 20 percent market share for Android phones. Without an Android license from Google, and without the necessary parts and components to manufacture smart phones, Huawei might not be able to produce smartphones at all. The company is hurriedly attempting to rush to market a new Huawei OS by Spring 2020, but the prospects do not look good for Huawei’s long-term competitive prospects. Do consumers really want to worry about “buggy” smartphones with lots of glitches?

Implications of China’s tit-for-tat response

So what are the likely consequences of the new China cybersecurity law? The most obvious implication of the new China cybersecurity law is that tech issues are going to become intertwined with trade war issues involving the U.S. and China. For example, some have suggested that the new tough measures by the U.S. are really part of a sophisticated negotiating strategy. In return for Chinese concessions on some economic issues, the U.S. might be willing to revisit the Huawei Technologies issue. From this perspective, the new China cybersecurity law is also more of a “bluff” than substantive policy – it is merely intended to signal that the Chinese government is not prepared to let its top tech firms be used as part of a trade negotiation strategy. Implementing cybersecurity reviews is one way of making sure that does not happen.

Latest draft China #cybersecurity law might expose U.S. tech firms to greater scrutiny under 'national security' grounds. #respectdataClick to Tweet

Another implication of the new China cybersecurity law is that privacy and security issues (including how tech firms process, collect and store personal information and important data) are likely to become a much larger part of the broader cybersecurity debate, whether China likes it or not. Only Chinese tech firms that are “good citizens” when it comes to global cyber norms will be allowed to participate in the global tech sector. If products and services are unable to provide certain privacy and security safeguards, then they may no longer be commercially viable. Chinese tech firms – and not just Huawei – should take note: the new China cybersecurity law, if implemented as planned, could have some far-reaching consequences for how they do business worldwide.


Senior Correspondent at CPO Magazine