September 19, 2020

Volume X, Number 263

September 18, 2020

Subscribe to Latest Legal News and Analysis

September 17, 2020

Subscribe to Latest Legal News and Analysis

September 16, 2020

Subscribe to Latest Legal News and Analysis

China Enacts New Counter-Terrorism Law

On December 27, 2015, the Standing Committee of the National People’s Congress (NPC), China’s top legislative body, enacted a Counter-Terrorism Law (see the Chinese version here, and an unofficial English translation here), which took effect on January 1, 2016.  The adoption of this law, a year after the first draft was released for public comment, followed closely the adoption of a new National Security Law and a draft Network Security Law.

The Counter-Terrorism Law reinforces the government’s broad powers to investigate and prevent incidents of terrorism and requires citizens and companies to assist and cooperate with the government in such matters. The law imposes additional and specific obligations on companies in certain sectors, including those providing telecommunications, Internet, and financial services.  Non-compliance or non-cooperation can lead to significant penalties, including fines on companies and criminal charges or detention for responsible individuals. In some respects, the new law provides greater, higher-level legal authority to pre-existing regulations and practice. In others, it imposes new obligations or makes existing obligations more specific (e.g., penalties).

The law’s broadly-worded requirements create some uncertainty as to their implications for companies’ data protection and security policies. The final version of the law removes some of the more controversial requirements of the draft versions, including the requirement that telecommunications and Internet services providers install “backdoors” into their products, register encryption keys with the government, and keep servers and data related to Chinese users within the country. Nonetheless, the law imposes new requirements that require careful attention. For example, telecommunications and Internet services companies must:

  • Provide technical support and assistance, including handing over access or interface information and decryption keys; and

  • Establish content monitoring and network security programs and adopt precautionary security measures to prevent the dissemination of information on extremism, report terrorism information to the authorities in a timely manner, keep original records, and promptly delete such messages to prevent further circulation.

Companies in many other sectors, such as freight, transportation, and hospitality (including car rental), as well as providers of telecommunications, Internet, and financial services, are required to conduct identity checks of their customers or clients and refuse to provide services to those that decline to provide such information. It is unclear how these new provisions will interact with other provisions that require companies to collect certain types of personal data only with permission from customers.

These specific requirements are framed against the backdrop of more general obligations to assist government authorities in counter-terrorism investigations and operations. As is common with high-level Chinese laws, the language in the new Counter-Terrorism Law, including the definition of “terrorism” itself, is broad, leaving significant discretion in the hands of the responsible agencies. The contours of its implementation in practice, including its implications for companies handling user data and information, may become clearer as implementing regulations are issued.

© 2020 Covington & Burling LLPNational Law Review, Volume VI, Number 5

TRENDING LEGAL ANALYSIS


About this Author

Eric Carlson, Litigation Attorney, Covington Law Firm
Partner

Eric Carlson advises clients operating in China and other jurisdictions in Asia on a range of anti-corruption laws, including the Foreign Corrupt Practices Act (FCPA). He has deep experience leading highly sensitive anti-corruption/FCPA investigations in China and other jurisdictions in Asia, including investigations presenting complex legal, political, and reputational risks.​​

86-21-6036-2503
Ashwin Kaja, Covington Burling, International trade lawyer
Associate

Ashwin Kaja is an associate in the firm’s Beijing office and is a member of the firm’s International Trade, Public Policy, Data Privacy & Cybersecurity, and Anti-Corruption practice groups. He has advised multinational companies, governments, and other clients on a range of matters related to international trade, public policy and government affairs, data privacy, foreign investment, anti-corruption compliance and investigations, corporate law, real estate, and the globalization of higher education. He also serves as the China and India editor for Covington’s GlobalPolicyWatch.com. Mr. Kaja is also a certified information privacy professional (CIPP/US). Prior to joining the firm, Mr. Kaja was an associate at another major international law firm in Beijing.

86-10-5910-0511
Yan Lou, Regulatory and public policy lawyer, Covington
Of Counsel

Yan Luo advises clients in a broad array of regulatory matters in connection with international trade, cybersecurity and antitrust/competition laws in the U.S., EU and China.

With previous work experience in Washington, DC and Brussels before relocating to Beijing, Ms. Luo has fostered her government and regulatory skills in all three capitals. She is able to strategically advise international companies on Chinese regulatory matters and represent Chinese companies in regulatory reviews in other markets.

86.10.5910.0516