Cybersecurity’s Impact on European (and Chinese) Business
On 7th November, 2016, the Chinese authorities passed a new Cybersecurity Law that will have significant ramifications for the operations of European businesses when it comes into force on 1st June this year. For one, existing requirements for localising their storage of data on servers located within Chinese territory will be further strengthened. This includes the personal data of their customers as well as important business information. Network operators will also be required to provide ‘technical support’ for national security and law enforcement, which may include pressure to compromise their encryption.
All of this fits with the speech that President Xi Jinping delivered during an October 2016 Politburo meeting on cyber and ICT issues, which was attended by most members of the Leading Small Group for Cybersecurity and Informatisation that President Xi leads. He stated that China “must accelerate the advancement of domestic production, indigenous and controllable substitution plans, and the building of secure and controllable information technology systems.” This sent a clear signal to the bureaucracy that these issues continue to be a top priority for the senior leadership. It also aligned with the Science and Technology Innovation Five-year Plan that was released in August 2016, on the importance of strengthening indigenous innovation capabilities and fully realising the effectiveness of science and technology innovation in safeguarding national security.
These messages delivered at the highest level of the Chinese Government and Communist Party combined with the market share targets included in the China Manufacturing 2025 implementation roadmap indicate that European business will play a diminishing role in China’s ICT industry. However, this is not just an issue for ICT companies, it will impact many others. The emerging Industry 4.0 model is powered by big data that can be utilised and shared throughout entire industrial value chains. While this enables companies to respond to challenges and opportunities in real time and to better understand how different aspects of their business connect with each other, they need to be fully confident that they will not lose control of their proprietary information.
The new law will also have a serious bearing on Chinese companies. The reduction in market-driven competition in China’s ICT industry will negatively impact China’s capacity to drive innovation overall. Chinese enterprises across a wide range of industries will also be increasingly unable to adopt the best technologies available internationally, and requirements to adopt ‘secure and controllable’ technology instead—which may not serve their business needs—will compromise their ability to enter, and successfully operate in, international markets.
While every country has legitimate security interests in industries related to IT, the approach that the Chinese authorities have taken is distorting the market and will carry a real economic cost. For example, it has been calculated that the potential de-globalisation of China’s ICT industry more broadly could lead to a 1.8 to 3.4 per cent reduction in China’s GDP. Based on 2015 figures, this amounts to EUR 190 billion per year, and by 2025 could amount to a cumulative reduction of EUR 2.85 trillion. This would result in part from a reduction in transfers of knowhow and the related decline in efficiencies and domestic innovation as a consequence of reducing openness to foreign business.
The European Chamber will continue to engage with the Chinese authorities on why the new legislation is not in the country’s own long-term interests. We also encourage Chamber members to take the time necessary to understand how these issues may impact their business. This issue of EURObiz presents an important opportunity to do so.