April 29, 2024
Volume XIV, Number 120
Home
Legal Analysis. Expertly Written. Quickly Found.
Login

Trending News

China Revises Proposals on Regulation of Commercial Encryption
Thursday, October 19, 2017
globe, technology, china

Related Practices & Jurisdictions
Print Mail Download i

In the past three weeks, China’s State Council and the State Cryptography Administration (“SCA”) issued two documents that reveal a major change in the regulatory regime governing commercial encryption products in China, potentially paving the way for the draft Encryption Law to establish a uniformed encryption regime. This development and its practical implications will be important to multinationals that manufacture, distribute, or use commercial encryption products in China.

On September 29, 2017, the State Council released the Decision on Removing a Batch of Administrative Approval Requirements (the “State Council Decision”), which removed some approval requirements for the manufacturing, sale, and use of commercial encryption products. On October 12, 2017, the SCA further released a notice (“Notice”) to instruct local Bureaus of Cryptography Administration (“BCA”) on the plan to implement the State Council Decision.

The State Council Decision and the Notice reveals a major change in the regulatory regime governing commercial encryption products in China, potentially paving the way for an Encryption Law that would establish a uniform encryption regime.

With the removal of the approval requirements imposed on entities that are manufacturing, distributing, and using commercial encryption products in China, the regime shifted away from regulating entities in the supply chain towards focusing on regulating the encryption products themselves, which potentially can provide a more level playing field for foreign (i.e., non- Chinese) companies manufacturing such products. This shift is largely aligned with the approach proposed by the draft Encryption Law and will reduce the burden currently imposed on users, including foreign-invested entities and foreign individuals located in China, that have had to apply for permits for their use of foreign-produced commercial encryption products.

Although the term “encryption product” has never been clearly defined, one of the regulations, the Administrative Rules on the Use of Commercial Encryption Products, provided a broad definition of “commercial encryption product,” which included “encryption technologies and products used for encryption protection or security certification information, not involving state secrets.” Some of the commonly used encryption products, such as Virtual Private Network (VPN) software, have been viewed by some as “commercial encryption products” and are subject to these regulations.

Key pieces of the existing regime include:

  • Approval of Manufacturers. Under the existing regulations, only manufacturers that are approved by SCA are allowed to manufacture commercial encryption products in China. Approved manufacturers must not manufacture unapproved encryption products. In practice, no foreign-invested companies have obtained SCA approval to manufacture commercial encryption products in China.

  • Approval of Distributors. Similar to manufacturers, only distributors that are approved by SCA can distribute commercial encryption products in China. Without such a license, no entity or individual may sell commercial encryption products in China. Again, no foreign-invested companies have obtained such approval in the past.

  • Approval of Commercial Encryption Products. The existing regulations also require SCA approval for specific encryption products. Manufacturers must obtain a Product Model Certificate of Commercial Encryption Products before they can produce such products. As a general rule, entities and individuals must use approved encryption products manufactured by approved manufacturers and distributed by approved distributors. The use of pre-approved domestic encryption products by either foreign or domestic entities or individuals does not require additional approval from SCA.

  • Import and Use Permits for Foreign-invested Entities and Individuals. For foreign entities (including foreign-invested entities) and individuals, the regulations offer an exception: such entities and individuals can apply to SCA to use foreign-produced commercial encryption products if they have a legitimate business need to do so, provided that the use of such products “would not be harmful to information security, the legitimate rights of other individuals and organizations, as well as China’s national security.” If a foreign entity or individual would like to use foreign-produced encryption hardware, it must apply for both a use permit and an import permit. If the foreign-produced product is software, no import permit is needed, but a use permit is still required.

The State Council Decision removed approval requirements for manufacturers and distributors of commercial encryption products, as well as the use permit requirement for foreign entities (including foreign-invested entities, such as Chinese subsidiaries of non-Chinese companies) and foreign individuals located in China.

The remaining approval requirements focus on: (i) the approval for commercial encryption products themselves to ensure the quality of the commercial encryption products; and (ii) the import permit requirement for the limited types of foreign-produced encryption hardware listed in a catalog issued by the SCA and China’s General Administration of Customs.

The use of foreign-produced encryption software such as VPN software or off-the-shelf products that are not included in the catalog will no longer be subject to any approval requirements.

SCA will, however, redirect its efforts, among other enforcement goals, towards:

  • promoting national standards for encryption products;

  • improving the review process for the Product Model Certificate of Commercial Encryption Products;

  • controlling end users (and end-uses) for imported encryption hardware that is subject to the approval requirement; and

  • establishing a “blacklist” to name entities not in compliance with the encryption rules.

Given the rapidly evolving regulatory regime, multinationals that plan to manufacture, distribute, or use commercial encryption products in China should closely follow the developments.

© 2024 Covington & Burling LLP

Current Legal Analysis

More from Covington & Burling LLP

Standing Issues in Data Breach Litigation: An Overview
by: Priscilla Fasoro , Lauren Wiseman
Financial Agencies Release Joint Statement on Innovative Efforts to Combat Money Laundering and Terrorist Financing
by: Lucille C. Bartholomew
Senate Confirms Kraninger as BCFP Director
by: Luis Urbina
FTC Solicits Public Comment on Identity Theft Detection Rules
by: S. Burr Eckstut
Significant FDA Digital Health Policy Development for Prescription Drug Sponsors
by: Mingham Ji , Christina G. Kuhn
First Significant Pay-to-Play Legislation for the District of Columbia Approved by D.C. Council
by: Kevin Glandon
FTC Settles with PR Firm and Publisher Over Social Media Endorsements
by: Inside Privacy Blog at Covington and Burling
Senate Testimony Highlights Tensions in BSA/AML Reform Efforts as Lawmakers Consider Bipartisan Legislation
by: Sam Adriance
Reprieve in U.S.-China Trade Tensions: U.S. Tariffs on $200 Billion in Chinese Imports to Stay at 10 Percent for 90 Days; China to Purchase U.S. Goods
by: Christopher Adams , John Veroneau
AI Update: FCC Hosts Inaugural Forum on Artificial Intelligence
by: Thomas Parisi

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins

 

Logo-white

Legal Disclaimer

You are responsible for reading, understanding and agreeing to the National Law Review's (NLR’s) and the National Law Forum LLC's  Terms of Use and Privacy Policy before using the National Law Review website. The National Law Review is a free to use, no-log in database of legal and business articles. The content and links on www.NatLawReview.com are intended for general information purposes only. Any legal analysis, legislative updates or other content and links should not be construed as legal or professional advice or a substitute for such advice. No attorney-client or confidential relationship is formed by the transmission of information between you and the National Law Review website or any of the law firms, attorneys or other professionals or organizations who include content on the National Law Review website. If you require legal or professional advice, kindly contact an attorney or other suitable professional advisor.  

Some states have laws and ethical rules regarding solicitation and advertisement practices by attorneys and/or other professionals. The National Law Review is not a law firm nor is www.NatLawReview.com  intended to be  a referral service for attorneys and/or other professionals. The NLR does not wish, nor does it intend, to solicit the business of anyone or to refer anyone to an attorney or other professional.  NLR does not answer legal questions nor will we refer you to an attorney or other professional if you request such information from us. 

Under certain state laws the following statements may be required on this website and we have included them in order to be in full compliance with these rules. The choice of a lawyer or other professional is an important decision and should not be based solely upon advertisements. Attorney Advertising Notice: Prior results do not guarantee a similar outcome. Statement in compliance with Texas Rules of Professional Conduct. Unless otherwise noted, attorneys are not certified by the Texas Board of Legal Specialization, nor can NLR attest to the accuracy of any notation of Legal Specialization or other Professional Credentials.

The National Law Review - National Law Forum LLC 3 Grant Square #141 Hinsdale, IL 60521  Telephone  (708) 357-3317 or toll free (877) 357-3317.  If you would ike to contact us via email please click here.

Copyright ©2024 National Law Forum, LLC