New Cybersecurity Regulations to Begin on June 1st

New cybersecurity regulations, passed November of last year, will be taking effect on 1 June 2017. According to the new regulations, “internet service providers cannot collect user information that is irrelevant to the services, and they should handle such information in line with laws and agreements, according to the new law that was adopted by China’s top legislature in November last year.”

What do the Cybersecurity Regulations say?

  • Users will now have the right to ask service providers to delete their personal information if the information was improperly used.
  • Cyber-security management staff must protect any personal information they obtain and are prohibited to sell or share the information, both private and commercial.
  • The penalty for violating the above provisions are large fines.
  • The new regulations also reiterate that it is illegal to use the internet to conduct fraud or sell illegal goods.
  • Any individual or group that wants to release news on instant messaging apps or social media must first receive government permission.
  • In addition, new regulations on drone registration and pesticide use will also come into force.

What does this mean for Multinational Companies?

These new regulations will be difficult for MNCs to follow, particularly because of their vagueness. Any MNC that operates in a critical sector (defined as traditional sectors such as power, transport, and finance, along with newer infrastructure sectors) will likely be targeted. In addition, any company with a significant amount of “personal information” or “important data” on Chinese citizens could be required to localize their networks to China, and receive approval before sending this information abroad. This could hamper a company’s ability to conduct big data analytics if the Chinese data must be stored on separate servers that can’t be easily accessed outside of China. A company may even be forced to reveal copyrighted information or risk that technology being prohibited from use in China.
Because of its scope and vagueness, it is virtually impossible for any company to be totally compliant. While these new regulations will greatly aid the government in combating cyber-crime, it will likely have other uses as well. It is possible that a company could be targeted by government regulators, ostensibly for cyber-security reasons, but for ulterior political reasons.

Advice from our ECOVIS Beijing lawyers

To best prepare for this, there are several things every MNC currently in China should do. First, be aware of your company’s status. Is it operating in a critical industry? If so, you will be under extra scrutiny. What data do you have on Chinese customers that could potentially be of interest to regulators? In addition to getting your own affairs in order, you should investigate your supply and distribution network as well.

Prepare for increased enforcement, and potentially having to localize your data.

While the provisions of this new cyber-security law are unclear, regulators across multiple industries are rolling out their own procedures that will help shape and guide the new cybersecurity laws. By paying attention to those regulations, you can get an idea of how the new cybersecurity regulations will be implemented.

If you want to learn more about EU General Data Protection Regulation, you can watch our presentation VIDEO given by Mr.Hoffmann.

ECOVIS can help you close any legal gaps between your current operations and the new laws. In addition, our extensive experience with Chinese Regulations helps us predict how they will be enforced, and how to best prepare for them. Please feel free to reach out to us before and after 1 June 2017 – though as always, the sooner the better.


 Grace 150x225   Grace Shi

Grace Shi is a partner at ECOVIS Beijing China. She has over 12 years of experience in accounting, auditing, and tax advisory services in both international accounting firms and large Chinese corporations. She has an international MBA and a US Global Finance Master’s degree. Since 2001, she is a Chinese Certified Public Accountant (CPA) and, since 2002, a Chinese Certified Taxation Agent (CTA). Mrs. Shi is one of the founders of ECOVIS R&G Consulting Ltd. (Beijing). She has perfect skills in written and spoken English and Chinese. For more information, please contact:



Ecovis Beijing is the trusted tax and legal advisor to several embassies and official institutions in China. It specializes in mid-sized international companies and is focused on tax & legal advisory, accounting and auditing. If you’re interested in finding out more about tax and legal, don’t hesitate to sign up to our Newsletter, give us a call +49 (0) 6221-9985639 or contact us directly via