China’s cybersecurity authority, the Cyberspace Administration of China (CAC), has introduced a new set of “Network Data Security Management Regulations” to better protect the country’s internet data security. The law would give the government more control over internet usage. Furthermore, any individual or organization providing tools for accessing censored websites, like VPN services, will face enormous fines.
China’s Great Firewall is Getting Stronger
The Chinese government upholds one of the most restrictive internet censorship programs in the world, also known as the Great Firewall of China. This highly controversial firewall blocks a range of foreign websites, slows down internet traffic, and limits freedom of speech.
Over the years, China has further tightened its grip. Recently, Chinese authorities introduced new rules to prevent under 18s from gaming more than 3h per week. The country has also blocked all access to leading cryptocurrency exchanges.
Furthermore, the number of websites blocked now runs in the tens of thousands, including most “Western” social networks, many international news outlets, popular collaboration tools like Dropbox, and anything from Google.
Several companies, including Yahoo and LinkedIn, have exited the Chinese market due to the country’s challenging legal and business environment. Yahoo’s withdrawal coincided with the start of China’s new data protection legislation on November 1, 2021.
Tougher Stance Against VPNs
The new set of regulations is taking things a step further. Among other restrictions, China’s cybersecurity authority is now taking an even tougher stance against VPNs. What’s more, the new “Network Data Security Management Regulations” forbids individuals and organizations from offering programs, tools, routes, or other services that penetrate or bypass cross-border data security gates.
VPNs help internet users protect their privacy and bypass geographical restrictions. Currently, offering VPN services is illegal in China, unless you have prior approval (which is virtually impossible to get). It is also illegal to provide VPN services that bypass China’s Great Firewall.
Nonetheless, people are still using VPNs. The number of VPN services able to avoid detection however is dwindling in the country and if, or rather when, the new rules come into effect their days might be numbered.
Companies breaching the law risk losing their business license too. Furthermore, they could face fines of up to 10 times the profit made from the offense or up to 500,000 yuan (approx. $80,000) for offenders in managerial roles.
The new rules would also apply to foreign companies operating in China. If criminally charged, anyone breaching the law faces up to seven years imprisonment.
Still in Draft
At the moment, the Network Data Security Management Regulations are still in draft. They were released on 14 November for public consultation, which will last until December 13, 2021. Anyone can provide feedback via email to [email protected] or via snail mail. It is, however, most likely that the regulations will pass without being challenged.
In addition to the VPN restrictions, the new rules will also require some mainland companies seeking initial public offerings (IPOs) in Hong Kong to undergo mandatory cybersecurity screening. Companies seeking overseas IPOs already had to undergo these checks if they hold data on 1 million users or more.
Notably, Bytedance, the Chinese owner of the popular video app TikTok, shelved its overseas listing plans following these regulatory hurdles. Rumors quickly started circulating that the company was going to list on the Hong Kong stock exchange instead. The new rules, however, would likely halt that strategy as well. So, for the time being, Bytedance will continue as a private company.