If you are considering doing business in, exporting to or receiving investment from China - make sure you are to speed on the latest guidance. There have been a variety of legislative changes in the last few years both in China and the UK that may impact how you do business. Before any interaction, make sure you ask yourself:
- Am I aware of the UK government's power to intervene in foreign investment?
- Am I aware of my obligations under UK export controls?
- Am I aware of China's laws on data and data storage?
- Do I know what China's import and export regulations mean for my business?
- Do I know what the Critical Information Infrastructure Security Protection Regulations mean for my business?
UK: EXPORT CONTROLS
On 8 December 2021, the UK announced a package of measures to update the export controls regime. This includes, firstly, revising with immediate effect the licensing criteria for strategic export controls, to be known as the Strategic Export Licensing Criteria. Secondly, the UK will be legislating to enhance the Military End-Use Control, amending the definition of military end-use to fully capture threats to national security, international peace and security, and human rights arising from the use of non-listed items by the military, police or security forces, or entities acting on their behalf, in an embargoed destination. In addition, China will be added to the list of destinations subject to military end-use controls.
If you are considering exporting to China, the UK Government has guidance that explains which type of exports need a licence, how to apply and what compliance responsibilities you'll have. The Export Control's Joint Unit (ECJU) page provides up to date information on obtaining an export license, export controls on dual use items and contact information for queries about export controls. This step-by-step guide to exporting goods to countries outside the EU includes advice on how to register your business for exporting.
The changes to the military end-use controls require amendments to the Export Control Order 2008. The UK government intends to lay the secondary legislation to implement these changes in the Spring of 2022.
UK: FOREIGN INVESTMENT
The UK, like China, reserves the right to scrutinise and intervene in inward investment and other acquisitions of control in our economy, irrespective of origin, where there are potential risks to national security. The government keeps all its powers under review and will not hesitate to take further action if it judges this necessary to protect national security.
The National Security and Investment Act 2021 commenced fully on 4 January 2022. Under new rules the government will be able to scrutinise and intervene in certain acquisitions made by anyone, including businesses and investors, that could harm the UK's national security.
Acquisitions in all sectors are within scope of the Act, meaning they can be called in for scrutiny and, if necessary and proportionate, intervention. Certain acquisitions of entities operating in 17 sensitive areas of the economy must be notified and receive approval from the government before they can be completed - known as the mandatory notification regime'.
Further information on the NSI Act and on the mandatory notification regime can be found here.
CHINA: NEW REGULATORY FRAMEWORK FOR DATA
China's regulatory framework for data falls under the Cybersecurity Law, Data Security Law, and Personal Information Protection Law. The new laws represent the Chinese government's continued efforts to protect data security and personal information, as handled by private entities, and regulate cross-border data transfer. China has, in a relatively short space of time, legislated for one of the most comprehensive set of data laws in the world; the full implications of these new laws on foreign businesses are unclear. It is therefore essential that UK companies are aware of their obligations and the potential impact of the new laws on their operations in China.
The Data Security Law (DSL) came into effect on 1st September 2021 and represents the Chinese government's further efforts to protect data security and regulate cross-border data transfers. The law includes new concepts such as "National Core Data", provisions for handling data requests from foreign judicial or law enforcement organisations, and confidentiality obligations.
The Personal Information Protection Law (PIPL) came into effect on 1st November 2021 and provides a comprehensive framework for the handling of personal data in China. The law regulates the handling of personal information, and the handling of sensitive personal information' requires additional measures. The law also makes provision for the transfer of personal data overseas under certain circumstances.
You should also be aware that if you provide online services, the draft regulations on algorithmic recommendation systems are likely to have some impact on your operations in China.
CHINA: IMPORT AND EXPORT CONTROLS
In addition to Laws on Cybersecurity and Data Security, businesses working in and/or exporting from China should be aware of updated Regulations on the Administration of Technology Import and Export (announced August 2020) and the Export Control Law (in force from December 2020) - and understand how these might affect their operations.
CHINA: Critical Information Infrastructure Security Protection Regulations
The Regulations provide long-awaited details about how critical information infrastructure (CII) operators will be designated and what their responsibilities will be to protect the security of networks that they build and operate. This summary from Stanford University's DigiChina project can help you stay compliant.
If you are considering doing business in china or you're already doing business in China please visit gov.uk/digitalandtechchina