- security for their encryption. Although the law encourages development of commercial encryption technology, its use cannot harm national security or the public good. It provides for the State Cryptography Administration and its local agencies to have complete access to cryptography systems and the data protected by those systems.
- Foreign Investment Law: In March 2019, the PRC’s NPC adopted a new Foreign Investment law with the stated objective of improving the business environment for foreign investors and leveling the playing field between foreign businesses and Chinese private firms and stateowned enterprises (SOEs). The law passed in just three months, which reflects an unusually fast turnaround in China where the same level of legislation usually takes years. PRC officials have indicated that swift passage of the law was to facilitate U.S.-China trade talks, and the law appears to respond to a number of issues raised by the U.S. Trade Representative’s Section 301 report that highlighted unfair Chinese trade practices related to intellectual property, technology transfer, and innovation. Despite the law’s stated objective, its wording is vague and the most substantial provisions are not new.
- Anti-Foreign Sanctions Law: Adopted at the 29th meeting of the Standing Committee of the 13th National People’s Congress on June 10th, 2021, the law was enacted to “safeguard national sovereignty, security, and development interests, and to protect the legitimate rights and interests of Chinese citizens and organizations.” According to PRC media sources, the law is intended to “counter, fight, and oppose” unilateral sanctions on the PRC imposed by foreign countries. The law was likely adopted in response to sanctions on PRC officials in connection with serious human rights abuse in Xinjiang.
- Data Security Law: This law went into effect on September 1st 2021, and subjects almost all data-related activities to government oversight, as PRC officials grew concerned about the transfer of potentially sensitive data overseas. Companies in the PRC have become more reluctant to share data, as authorities are ambiguous as to what is considered sensitive information, increasing difficulties for international firms trying to do business in the PRC. In early November 2021, local providers of ship tracking data stopped sharing details of ship locations, citing the data security law.
- Personal Information Protection Law: Effective November 1st, 2021 and adopted by the Standing Committee of the National People’s Congress, the law is purposed to protect the rights and interests on personal information, regulate personal information processing activities, and promote reasonable use of personal information. PRC media sources note that activities such as “collection, application, processing, and trading of personal information will be strictly monitored” with infringements punishable according to the law. The law exemplifies a more complete system of regulation in tandem with the PRC’s existing Cybersecurity Law and Data Security Law.
- Counter-espionage law: On April 26th, 2021, the PRC adopted a counter-espionage law permitting the Ministry of State Security (MSS) authority to identify companies and organizations deemed susceptible to foreign infiltration or influence and require these institutes
24
OFFICE OF THE SECRETARY OF DEFENSE
Annual Report to Congress: Military and Security Developments Involving the People's Republic of China
