Examining how related legislation will coexist
Against all odds, despite the COVID-19 crisis the 2020 Cybersecurity Conference still went ahead on 22nd October in Beijing, and was also live-streamed for the first time. This was the fourth Cybersecurity Conference to be organised by the European Chamber.
Chamber President Jörg Wuttke gave a welcoming address, in which he highlighted three trends in the cybersecurity realm: first, the United States (US)-China decoupling and the differential political approaches to each other’s cyberspace administration; second, the rising national scrutiny of data in both countries; and third, the efforts arising from strikingly similar concerns on the vulnerabilities of technology and its potential consequences for national security.
President Wuttke’s message was followed by that of HE Nicolas Chapuis, Ambassador of the Delegation of the European Union (EU) in China. The ambassador noted that businesses’ and people’s reliance on the digital economy expanded rapidly as both the economy and technology developed in recent years; cyber attacks are having a much greater impact on society. He said that cybersecurity will determine the future of the world; since it is closely related to a new economic model, it will not only be looked at as a technical issue, but also a societal one. He said that fairness and trust should be the two principles of cross-border cybersecurity solutions. Ambassador Chapuis concluded by urging China to globalise and open up its regulatory system, and build a non-discriminatory cybersecurity mechanism.
Clas Neumann, senior vice president, SAP, and head of Global SAP Labs Network, gave a keynote speech titled ‘The Recovery Will Be Digital’. Mr Neumann noted that the sudden impact of the novel coronavirus has made digital tools an increasingly popular solution in China, with 75 per cent of companies now planning to accelerate their digital transformation. Mr Neumann went on to explain that new technologies, while providing solutions, also increase cybersecurity risks. He said China, with this in mind, has been avidly constructing its own cybersecurity regulatory framework over the past few years, which has in turn increased compliance obligations for companies.
The first presentation themed ‘Evaluation of Data Security Legislative Strategies in China and Other States’, was deliver by Dr Yanqing Hong, researcher at the Beijing Institute of Technology. Dr Hong, an expert in data legislation and standardisation in China, explained the logical rationale behind data regulation in China, the EU and the US by comparing data security, control of data and possession of data in the three locations. In conclusion, he said that the logic behind many regulatory frameworks is in fact sometimes similar; the difference is often found in the implementation and execution phases.
The second presentation, ‘Understanding Cybersecurity Review Measures and Business Compliance’, was given by Mr Jihong Chen, partner at Zhonglun Law Firm. He gave a brief run-through of the Cybersecurity Review Measures, effective since 1st June 2020, which heavily impact the purchases of critical information infrastructure (CII) operators. Mr Chen gave advice on practical steps companies supplying CII operators could take to ensure predictability and compliance, including but not limited to building internal appropriate compliance frameworks and revising bidding mechanisms in a CII-related service provision.
The third presentation, ‘Cybersecurity Market and New Infrastructure Plans’, by Ms Dan Gao, general manager at the China Centre for Information Industry Development (CCID), was a comprehensive analysis of how the cybersecurity regulatory framework could boost the development of China’s ‘New Infrastructure’ plan and related investment opportunities.
The fourth presentation, ‘Open Data and Data Security’, was delivered by Ms Maggie Yin, Strategic Development Officer and Data Protection Officer at RELX Group. It outlined the different possibilities of data utilisation, such as in research development, combatting viruses, reducing risks and costs, and protecting consumer rights. Ms Yin also warned of the need to balance the openness of data with its efficient protection for the future.
The fifth presentation, ‘Understanding Further the Classified Cybersecurity Protection Scheme (CCPS)’, was given by Mr Xinjie Wang, general manager of service provider Beijing Powertime. Mr Wang first dove into the creation of the CPPS and subsequently explained relevant standardisation regulations. He then advised businesses on how to comply, operate and prepare themselves for the enforcement of the CCPS.
After the thematic presentations, two panel discussions took place. The first panel, comprised of Dr Yanqing Hong and Dr Shenkuo Wu, assistant professor at Beijing Normal University, had a lively exchange on ‘International and Chinese Regulations on Data and Personal Information’. In the discussion, they touched upon points such as cross-border data transfer in free trade areas in China, the influence of foreign data regulations on China’s legislative work, and the relationship between the different existing regulations in China with regard to personal information and data protection.
The second panel, featuring Mr Jihong Chen, Mr Xinjie Wan, and Dr Bangcai Wu, information security expert at the British Standardisation Institute, had a heated debate on the‘Business Impacts of CII, CCPS and Cybersecurity Review Measures’. The panellists answered questions from the audience on specific steps to be taken in a CPPS self-evaluation, and discussed the definition of CII in China as well as how foreign businesses operating in China should supply, coexist and cooperate with CII operators.
Cindi Yu is coordinator of the Cybersecurity Sub-working Group and its parent group, the Information and Communications Technology Working Group, at the European Chamber. The Cybersecurity Sub-working Group focusses on advocacy in relation to security-related legislations and any extension of such policies into banking, insurance and other industries. To join or for more details, contact Ms Yu at email@example.com