On August 10, 2016, more than 40 international business associations spanning finance, information technology, insurance, and manufacturing urged the Chinese government to revise drafts of new cybersecurity regulations. Led by industry associations from Asia, Australia, Mexico, Europe, and the United States, the groups sent a letter to Chinese premier Li Keqiang expressing concerns with draft provisions that would require foreign companies to store data in China, assist law enforcement with investigations, and subject information technology products to government security reviews. According to news outlets that reviewed the letter, the groups believe the draft regulations are “onerous” and “may constitute barriers to trade as defined by the World Trade Organization.” Further, the groups wrote that the draft regulations “have no additional security benefits but would impede economic growth and create barriers to entry for both foreign and Chinese companies.”
The controversial draft cybersecurity regulations come less than a year after foreign business groups and governments lobbied against similar provisions in a Chinese anti-terrorism law and draft rules concerning financial institutions’ IT purchases. While the anti-terrorism law was passed in December 2015, and required technology providers to help decrypt certain information at the government’s request, it stopped short of requiring companies to provide the government with encryption keys or other “backdoors” into their systems. Some of the concerns with the draft cybersecurity regulations currently being considered relate to what is seen as an attempt by the Chinese government to reintroduce some of these more controversial requirements.