PRC Legal Update: Key takeaways from China’s Two sessions 2021

Bryan Cave Leighton Paisner

[co-author: Mary Lam]

Every year around March, China’s two major political bodies, the National People’s Congress (“NPC”) and the Chinese People's Political Consultative Conference (“CPPCC”) meet for the “Two Sessions” to roll out plans for the country’s policies and priorities in the coming year. This year, the CPPCC commenced on 4 March 2021 and the NPC commenced on 5 March 2021 respectively. In this article, we look at the two key legislations and the latest fiscal and foreign investment policies that were proposed in this year’s Two Sessions. Last but not least, this article provides an update on the measures imposed by China in response to COVID-19.

1. “Digital China” initiative

Top leaders have revealed intentions to pursue the “Digital China” initiative, seeking to develop a digital government, society and economy. As part of the initiative, the National Development and Reform Commission is devising two key pieces of legislation: the Personal Information Protection Law and the Data Security Law, both of which build on the framework set up by the existing Cybersecurity Law.

A) Personal Information Protection Law (“PIPL”)

A first draft of the PIPL was published on 21 October 2020. Once promulgated, it will become China’s first comprehensive law on personal privacy and data protection. The NPC has repeatedly stressed that protecting its citizens’ personal information was one of the country’s top priorities. The PIPL aims at combatting hacks and personal data misuses/ leaks which have become increasingly prevalent given the large number of internet users and rapid growth in big data industries and information integration in China. It provides for the general principles of fairness, transparency, data accuracy, limitations of purpose for data processing and accountability.


“Personal information” is defined in the PIPL as any recorded information of identified or identifiable natural persons, which includes race, ethnicity, biometric information, religion, health and financial information. Unlike the Cyber Security Law which has a limited extraterritorial application, the PIPL applies to the processing of personal information of natural persons in China regardless of their nationality. In fact, its language seems to suggest that it is sufficiently broad to cover the activities of an overseas data processor in China even if such processor does not actually have presence in China.

Processing of personal information

Processing covers the gathering, storage, use, transmission, provision and publication of personal information.

Under the draft PIPL, there are six legal bases for processing personal information in China:

  1. Where the data subject has consented to the processing;
  2. Where the processing is required under a contract between the processor and the data subject;
  3. Where the processing is required for a legal/ contractual obligation to be performed;
  4. Where the processing is required under a public health incident or imminent and urgent situations;
  5. Where the processing is in the public interest; or
  6. Where the processing is required by applicable laws or regulations.

Violations of the PIPL i.e. processing personal information without relying on one of the above-mentioned legal bases, will result in a range of penalties, including an administrative order for rectification, confiscation of the unlawful income, and a fine. A business could also face suspension of its operations in China and/or cancellation of its business permit. Such violations will be recorded in the government’s credit files which are accessible to the public.

B) Data Security Law (“DSL”)

The draft DSL, compared to the PIPL, focuses more on the protection of China’s national security and data sovereignty. It applies to all data activities that are carried out within the country. The whole idea of the DSL is to establish a comprehensive data security system directed by the state.

The system will comprise the following:

  1. A tiered data classification system that will matrix the data’s (i) degree of importance on the social and economic development of the country; and (ii) degree of harm imposed on the national security, public interest and citizens’ legitimate interest if the data is destroyed, leaked or illegally utilized.
  2. Requirement for processors of “important data” to appoint a data security officer and a management body to carry out the data security responsibilities which include security risk assessment, reporting, information monitoring and putting in place an early warning mechanism. “Important data” is only vaguely defined in the Cyber Security Law, and the DSL does not provide any further clarification on its definition. This potentially gives the DSL a wider scope of application. These data processors are also required to submit their assessment reports to the relevant supervision department regularly.
  3. Requirement for the relevant entity, in the event of a data security incident, to inform the affected users and the relevant supervision department as soon as practicable.

As with the PIPL, the draft DSL imposes severe penalties on entities and the relevant personnel who fail to comply with the legislation. Violations will result in, amongst the others, a correction order, warnings, confiscation of the illegal income and a fine.

2. Fiscal and monetary policies

The Chinese government has made it clear that this year’s fiscal policies will be focusing on supporting the micro-sized and small businesses, a group that has been heavily affected by Covid-19.

As part of the Chinese government’s latest five-year plan, Premier Li Keqiang has announced plans to increase the number of loans offered by large commercial banks to small and micro-sized enterprises by more than 30% and to allow these smaller enterprises to defer principal and interest repayments on loans. China is in fact also guiding its financial system to lower the cost of borrowings for businesses and individuals in general in order to support the country’s economic recovery from the impact brought by Covid-19.

In the annual Government Work Report which was also delivered by Premier Li during the Two Sessions, plans to halve the corporate income tax (“CIT”) liability of small and low-profit businesses for the portion of taxable income not exceeding RMB 1 million were unveiled. “Small and low-profit” enterprises refer to those that are not on the government’s “prohibited” or “restricted” negative list, and with an annual taxable income not exceeding RMB 3 million, number of employees not exceeding 300 persons, and value of assets not exceeding RMB 50 million.

3. Foreign investment and trade policies

China has also set its eyes on the potential growth in international investments and trades, having vowed to shorten the foreign investment negative list, to simplify the regulatory procedures for foreign invested enterprises, and to amend legislations so that the treatment of domestic and foreign invested enterprises will become more equal. In fact, a bill was submitted during the Two Sessions which called for the removal of the distinction between foreign-invested banks, Sino-foreign joint-venture banks and foreign banks. These demonstrate the government’s strong ambition to stimulate foreign investment growth and to stabilize existing foreign investment. Over the last three years, China’s foreign investment negative list has greatly reduced by more than a double, from 93 items to 40. Further reductions, with a focus on the manufacturing, agricultural and services industries, are anticipated.

On the trade front, China is equally eager to expand its reach. Not only will it continue to promote the development of the Belt and Road Initiative, it will also sign and ratify the Regional Comprehensive Economic Partnership Agreement with numerous Southeast Asian nations, the China-EU Comprehensive Agreement on Investment, and continue its negotiations with Japan and Korea on free trade, and of course with the United States to improve their business relations.

4. Covid-19 measures

As a quick update on the Covid-19 measures taken by China, the country very likely will not relax its border control until 2022 in order to control Covid-19 and also because the progress of its vaccination plans is only moderate. The government has repeatedly stressed on the importance of preventing imported cases in case they will lead to local outbreaks. The government has also assured all Chinese citizens, whether living in the country or abroad, that they will also receive free vaccinations pursuant to the “Spring Seedling Action” programme.


We expect that with the stringent Covid-19 measures that are being maintained by the government, China’s Covid-19 situation will remain under control. The Chinese government is clearly looking to speed up the implementation of both the PIPL and the DSL to provide for a more favourable environment to develop the digital economy. This is important as China is expecting to have more and more digital industries like blockchain, big data and cloud computing in the near future, which will contribute to a greater portion of the country’s GDP. In order to keep up with its economic growth at times of Covid-19, the country has also come up with plans to support smaller enterprises and to encourage foreign investment into the territory. Investors and businesses should all look out for the potential business opportunities brought by these new legislations and policies.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Bryan Cave Leighton Paisner | Attorney Advertising

Written by:

Bryan Cave Leighton Paisner

Bryan Cave Leighton Paisner on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.