Critical information regulation isn’t for stifling overseas IPOs

China’s regulations to protect critical information facilities are not aimed at foreign trade or firms planning to list abroad, and all companies – regardless of where they are listed and what types of enterprises they are – shall abide by Chinese laws and ensure network security, critical infrastructure security, and personal information data security, China’s cyberspace regulator said on Tuesday.

The comment came after China’s State Council, the country’s cabinet, issued rules last week to protect critical information infrastructure, as part of a national effort to strengthen data security protection. The new rules, which will be effective from September 1, have fanned market speculation that China’s tightened scrutiny of domestic data could further discourage companies from listing abroad.

Sheng Ronghua, a senior cyberspace regulatory official, said at a press briefing on Tuesday that the goal of the new rules is to guarantee the security of key information infrastructure and maintain internet security.

“We support internet and information companies to raise money and develop in accordance with the rules,” Rong said. But he stressed that if companies abide by the rules and ensure data security on all fronts, they will not be affected.

Analysts said that data protection concerns China’s national development, and it is necessary for China to stay alert to risks that countries may steal sensitive information that potentially poses threats to national security.

“There is a necessity to strengthen the protection, exploration and application of critical information related to infrastructure through legislation,” tech analyst Liu Dingding told the Global Times on Tuesday.

Under the new rules, operators of information infrastructure are required to assume the responsibility of protecting the infrastructure’s security. For example, they must submit cyber products or services that may affect national security for security review.

Observers said that China’s internet companies are one of the operators of critical information infrastructure, and the new law will prompt them to manage and store users’ information with higher requirement and caution.

According to Liu, in the long run, enterprises will benefit from a more regulated and orderly environment.

Under China’s cyberspace security law, personal information and important data generated by operators of key information infrastructure within the borders of China shall be stored domestically.

Observers also said that the new rules, along with the Personal Information Protection Law passed last week and the new Data Security Law, which was adopted in July, could become the backbone of a framework that guarantees China’s cyberspace and data security in every aspect.

Liu Gang, director of the Nankai Institute of Economics, and chief economist at the Chinese Institute of New Generation Artificial Intelligence Development Strategies, told the Global Times on Tuesday that regulations on key infrastructure information mainly deal with public security issues, which involve the government, and financial information amid a grim international climate.

The other two laws aim to protect a wider range of individuals’ information, aimed at promoting data exchanges and related regulations, Liu said. Global Times