EU Wants Clarity From China’s Cybersecurity Rules: Here’s Why

In a comprehensive survey conducted by the European Union Chamber of Commerce in China, results indicate that an overwhelming 81% of European companies seek clearer definitions in China’s cybersecurity regulations concerning cross-border data transfers. The survey sheds light on concerns within the business community, aiming to navigate an increasingly complex data security landscape in the country.

The poll, administered from October 16 to 27, involved 762 out of the chamber’s more than 1,700 member companies and touched upon crucial aspects of China’s evolving data security framework. As Beijing intensifies efforts to establish a robust legislative framework for data security, the survey provides insights into the challenges faced by businesses and their perspectives on regulatory clarity.

One of the key findings reveals that 81% of the participating companies express the need for further clarification on what constitutes “important data.” Similarly, 59% seek clarity on the definition of “personal information,” and 39% find uncertainty surrounding the term “critical information infrastructure.” These terms are integral to the understanding and adherence to relevant regulations, making their clarification essential for businesses.

China’s One Foot Forward

In September, China took a step towards addressing these concerns by issuing draft regulations aimed at standardizing and promoting cross-border data flows. The regulations included a list of exemptions for security checks in transferring “important data” and personal information overseas, a move intended to alleviate worries over compliance.

Despite these efforts, the survey highlights a persistent desire among companies for the exemption to be extended to personal information processing. The rationale behind this request is that such transfers pose a relatively low level of data security risk when companies can apply uniform data protection mechanisms on both the sender and recipient sides.

During a briefing on the survey results, Chamber Vice-President Stefan Bernhart emphasized the impact of the latest data regulations on the operational costs of companies in China. The survey reveals that 59% of the polled companies have experienced a rise in compliance costs, with 31% reporting improvements in data security management to meet regulatory requirements.

Bernhart noted that the consequence of these regulations is an increase in the costs of China operations for many companies. This has led to a trend of data localization, where companies establish new data centers in the country or store data without exporting it.

Furthermore, the survey highlights that large multinational companies dealing with substantial volumes of customer or employee data, or those whose core product is data, are most likely to be affected by China’s security checks. Sectors such as consumer goods, accounting, military, government functions, finance, and energy face higher risk exposure due to the nature of their operations.

The call for clarity in China’s data regulations underscores the challenges faced by European companies operating in the country’s dynamic business environment. As legislative frameworks evolve, businesses seek a balance between compliance and operational efficiency, emphasizing the importance of clear definitions and exemptions to facilitate smooth operations in the digital era.