The new ‘new normal’: China’s National Security Law

 A Rising Country with Rising Concerns



National security is a priority for all countries, but this topic seems to carry particular significance where China is concerned. On 1st July, 2015, the National Security Law (NSL) was endorsed by China’s top legislature and adopted with immediate effect. The term ‘national security’ itself is rather neutral, but it becomes more profound in a China context where it is being absorbed as part of a national strategy that many foreign companies feel is already closely associated with many of the various difficulties they are experiencing in the Chinese market. In the following article, Dr Michael Tan, Yang Cui and Lynn Zhao of law firm Taylor Wessing examine why this new law has set alarm bells ringing for foreign investors in China.

New concerns in the new era

Since colonial times, issues of national security and defence have been emotive to the Chinese people. The fact that China is now a socialist regime brings further sensitivity to the topic: the term ‘national security’ seems more poignant to a nation that is constantly under pressure from Western governments to ‘peacefully evolve’ this regime. Therefore when the National People’s Congress (NPC) presented the second draft of the NSL for public comments on 6th May, 2015, there wasn’t a ripple of concern among the Chinese public. This is not the first time that China has had such a law either: an earlier law with the same name had been in existence since 22nd February, 1993, remaining effective until 1st November, 2014. So why is the foreign business community so concerned about the new law?

The main reason is that it appears that the content and reach of the NSL goes far beyond that of its predecessor, and could have a significant impact on foreign enterprises dealing with or operating in China. For a long time, China’s national security concerns were largely focussed on military aspects like defence and espionage, and this is exactly what the first National Security Law was concerned with. Now, as China’s rise to the world’s second largest economy has seen it face more challenges—both internally and externally—China has seen fit to re-evaluate the scope of ‘national security’ to ensure the peaceful, sustainable development of the country as envisaged by its new leadership. As a result it has now been extended beyond conventional concerns to others, such as the economy and even general society, and it is this expansion of scope that has triggered concerns among the foreign business community.

The legal framework

The NSL seeks to establish a comprehensive system safeguarding—among others—the country’s opening up and modernisation, with the aim of realising China’s great rejuvenation. The term ‘national security’ is defined as being a condition under which China’s government, sovereignty, unification, territorial integrity, well-being of its people, sustainable and healthy development of its economy and society, and other major interests are relatively safe and secure from internal and external threats. That this secure status is sustainable is implicit.

All of these points seem perfectly standard, until one starts to analyse the exact meaning of ‘national security’ under this law. The NSL itself remains silent on the precise meaning, opting instead to outline various themes which shall fall under the meaning of this term. These include routine things like defence, territorial integrity and political and social stability, but also stretch to the economy and society in general and it is these areas that have potentially far-reaching implications. The inclusion of some of these ‘sensitive’ themes is that they have a strong political underpinning, such as upholding moral standards or protecting overseas interests. Others are more controversial, such as ensuring market order and safety in key industries and sectors, preventing financial risks, promoting indigenous technologies and encryption technologies, and enhancing cyber security, including controllable security. To implement these, a nationwide security safeguarding system shall be established, which includes intelligence, evaluation, alert, prevention, review and crisis control. It is here that vagueness begins to creep in and concerns among the foreign business community are raised.

National security review

The NSL stipulates the establishment of a national security review system which shall also cover foreign investment. By explicitly mentioning coverage over foreign investment under the final version of the NSL, it now provides a more consolidated and higher-level legal basis for the existing national security review mechanism to be implemented in the area of mergers and acquisitions (M&A), a notion that was initially established by a State Council notice on 3rd February, 2011. Under that notice, only a very general framework for national security review was addressed, and the scope of the review was further limited to M&A cases with the aim of ensuring defence safety, economic and social stability and research and development (R&D) competence regarding key technologies.

In general, it appears that China is going to follow the US CFIUS model[1] to keep a closer eye on economic deals which might have security implications. However, China appears to be even more cautious and hands-on. Prior to the NSL, the draft Foreign Investment Law (FIL), introduced by the Ministry of Commerce (MOFCOM) early this year, already expanded the scope of matters subject to a national security review of foreign investment activities. The reach is extended from the typical greenfield set up and M&A scenarios to all kinds of investment including acquisition of properties and financial ties like lending. This is very far reaching, as it more or less means that any kind of foreign investment into China might potentially trigger a national security review and face transactional uncertainties. Under the related procedures, a foreign investor may not withdraw their applications for national security review without the MOFCOM’s prior consent, and there is also no chance for administrative adjudication or administrative litigation with regard to a decision made. The NSL adopts a position of silence regarding legal remedies available to a foreign company concerned with a national security review case (although a certain right to report and appeal is mentioned with regard to Chinese citizens and organisations, e.g. Article 82)

Cyber security

Articles 24 and 25 of the NSL set forth the general principles with regard to cyber security issues. They stipulate that a national network and information security safeguard system shall be established to raise the capacity to protect network and information security. In this context, a concept of ‘secure and controllable information technology’ is mentioned. This is not the first time this concept has been presented, and it matches the various political and legislative actions taken in recent years by the Chinese Government accelerated by the Snowden revelations and the disclosure of the US PRISM project. This topic is now treated with strategic importance by China.

On 12th November 2013, the Chinese Communist Party announced under its communiqué the decision to build up a national system to handle cyber security concerns. A special agency, the Cyberspace Administration of China (CAC), was quickly established on 27th February, 2014, which was then followed by the so called De-IOE campaign. This campaign is aimed at abolishing IT systems supplied by the three major US players—IBM, Oracle and EMC—and replacing them with equipment and technologies developed by Chinese companies, particularly in the banking sector. Legal bases for the campaign appear to be some internal guidelines from industrial regulators to banks at the end of 2014, of which the detailed contents remain unknown to the public but obviously include requirements such as submission of source codes to authorities, locally-owned intellectual property (IP), and local R&D and customer service centres. And there might be more coming, such as the provisions under the draft Counter Terrorism Law which further requires all telecommunication operators and Internet service providers to set up technical interfaces and submit encryption solutions to enable invasive audits by government agencies. In addition, their equipment and data concerning domestic users must be kept within China. All these measures come under the name of national security, but will have a substantial impact on foreign companies operating in these sectors.

Welcome to the new ‘new normal’

There might not be too much to say about the NSL itself, with most of its contents remaining general and vague. To foreign companies, what matters more are the complex implications behind the scenes. There are parallels with the recent discussion about the draft Foreign Investment Law. On one side, the Chinese Government is displaying a strong desire to further liberalise the market by pushing forward with the streamlining of administrative procedures applicable to foreign investment activities. On the other side, the outside world is perceiving an increase in government oversight of the market, in particular where foreign investment is concerned. This may be a natural phenomenon, with China trying to learn how to use and adapt Western models to handle its own security concerns. But in certain aspects it appears to go quite far, particularly in comparison to its Western peers which are more confident and proficient in handling such matters. Since all this is now a firm strategic priority on China’s political agenda, there is no question that this will become another ‘new normal’ of the Chinese business environment which international companies will need to accept and adapt to.

Taylor Wessing is a full service law firm with approximately 900 lawyers in Europe, the Middle East and Asia, with offices in Shanghai and Beijing. For more information please visit Dr Michael Tan is Senior Counsel (Chinese Partner) in Shanghai with an industrial focus on aerospace, aviation, TMT and other technology-driven sectors.

[1] Resource Centre, The Committee on Foreign Investment in the United States (CFIUS), 20th December 2012, viewed 3rd July, 2014, <>