In an era dominated by digital connectivity, safeguarding the integrity of networks and information systems has become a global imperative. China, recognizing the critical importance of cybersecurity, has introduced the draft Management Measures for Cybersecurity Incident Reporting (the Measures). The Measures outline a comprehensive approach to reporting cybersecurity incidents, aiming to minimize losses, incentivize legal compliance, protect national cybersecurity, and align with existing legal frameworks. Samuel Yang, Chris Fung, and Bill Zhou, from AnJie Broad Law Firm, explore key provisions in the Measures, shedding light on the intricacies of China’s evolving cybersecurity landscape.

Purpose

Article 1 of the Measures describes the rationale behind the Measures. It emphasizes the Measures’ alignment with foundational privacy, data, and cybersecurity laws in China, such as the Cybersecurity Law, the Data Security Law, the Personal Information Protection Law (PIPL), and the Regulations on the Protection of the Security of Critical Information Infrastructure.

Scope

Article 2 of the Measures sets out the Measures’ scope of application to entities involved in constructing, operating, or providing services through networks within the PRC (Operators).

Regulators

Article 3 of the Measures provides, the central cyberspace administration coordinates and supervises national cybersecurity incident reporting. In contrast, local cyberspace administrations coordinate and supervise cybersecurity incident reporting within their administrative regions.

Timely reporting and incident classification

Article 4 of the Measures contains requirements for the expeditious activation of emergency response plans by Operators and mandates reporting significant, serious, and particularly serious incidents within an hour.

Annexe 1 to the Measures provides meticulously granular guidelines for incident classification. Focusing on severity and impact, Annex 1 categorizes incidents into the strata of particularly serious, serious, significant, or general, as described below, in descending order of severity.

Particularly serious cybersecurity incidents can be identified by important networks and systems facing widespread failure, precipitating a consequential shutdown and loss of functionality, national security facing a particularly serious threat, and the occurrence of other particularly serious threats such as:

  • disruption to key Government websites or major news platforms exceeding a day;
  • critical infrastructure interruptions persist for over six hours or significant function disruption for over 24 hours;
  • impact felt by over 30% of a province’s populace;
  • impact on transport and utilities affecting over 10 million individuals;
  • leakage of important data posing a particularly serious threat to national security;
  • disclosure of personal information affecting over 100 million individuals;
  • impact on information systems resulting in the widespread dissemination of harmful information;
  • direct economic losses exceeding CNY 100 million (approx. $13.9 million); and
  • other particularly serious threats.

Serious cybersecurity incidents can be identified by important networks and systems facing partial failure, impacting operational functionality, national security facing a serious threat, and the occurrence of other serious threats, such as:

  • disruption to key Government websites or major news platforms exceeding six hours;
  • critical infrastructure interruptions persist for over two hours or significant function disruption for over six hours;
  • impact felt by over 30% of a city’s populace;
  • impact on transport and utilities affecting over one million individuals;
  • leakage of important data posing a serious threat to national security;
  • disclosure of personal information affecting over 10 million individuals;
  • impact on information systems resulting in the dissemination of harmful information;
  • direct economic losses exceeding CNY 20 million (approx. $2.8 million); and
  • other particularly serious threats.

Significant cybersecurity incidents can be identified by important networks and systems facing significant system losses, impacting operational capabilities, national security facing a significant threat, and the occurrence of other significant threats, such as:

  • disruption to key Government websites or major news platforms exceeding two hours;
  • critical infrastructure interruptions persist for over 30 minutes or significant function disruption for over two hours;
  • impact felt by over 10% of a city’s populace;
  • impact on transport and utilities affecting over 100,000 individuals;
  • leakage of important data posing a significant threat to national security;
  • Ddsclosure of personal information affecting over one million individuals;
  • impact on information systems resulting in some dissemination of harmful information;
  • direct economic losses exceeding CNY 5 million (approx. $695,500); and
  • Other particularly serious threats.

General cybersecurity incidents can be understood as not meeting the criteria of any of the above categories. This is, in essence, a residual category.

The grade of severity experienced during a cybersecurity incident may also serve as a benchmark that allows Operators to comprehend the regulatory significance of cybersecurity incidents.

Detailed reporting requirements

Article 5 of the Measures outlines what Operators must include in their reports, ranging from incident details, impact, and harm to preliminary analyses of causes and proposed countermeasures. Specifics related to ransomware attacks, such as ransom amounts and payment details, are also mandated.

A translation of the form is provided below for reference:

Cybersecurity Incident Information Report Form

Report Time: [year/month/day/hour/minute]

Report Number: [report number]

Issued by: [signatory]

Organizations with operations in China may wish to include the above fields in any internal forms they use for incident reporting to facilitate reporting to regulators afterward.

Rigid reporting timeframes

Article 6 of the Measures acknowledges that certain incidents may require more time for a comprehensive assessment, including particularly serious or significant incidents. In such circumstances, Operators must provide initial reports within one hour, focusing on certain essential details, such as the basic information about the unit where the incident occurred, including the facilities, systems, and platforms involved, and the time, location, type, impact, and harm caused by the incident, the remedial measures taken and their effectiveness, and ransom amounts and payment details for ransomware incidents. After providing essential information within the mandated one-hour timeframe, Operators should submit supplementary information within 24 hours.

The Measures are silent on the timescales for reporting general cybersecurity incidents. However, Operators may wish to consider adopting the 24-hour standard because it is featured in other legal sources of general application and may apply to general cybersecurity incidents.

Post-incident analysis

Article 7 of the Measures mandates Operators to conduct a thorough analysis and summary within five working days of the incident’s resolution. This comprehensive report should cover incident causes, emergency response measures, damages, liability management, rectification status, lessons learned, and other relevant matters.

Community involvement

Article 8 of the Measures encourages organizations and individuals providing services to Operators to remind them of reporting obligations. In cases of intentional concealment or refusal to report, organizations and individuals are empowered to escalate the matter to local or national authorities.

Public reporting and recognition

Article 9 of the Measures actively encourages social organizations and individuals to report significant cybersecurity incidents, fostering a collective approach to cybersecurity.

Enforcement and consequences

Article 10 of the Measures outlines the basis for penalties for Operators failing to comply with reporting requirements, ensuring accountability. Severe violations resulting in significant harm may, in principle, lead to more stringent penalties.

We note that one basis for penalties is the PIPL, which states the following:

‘If the illegal activity[…] is of a grave nature, the violator will be ordered to make a correction, confiscated of any illegal gain, and fined up to [the higher of] CNY 50 million (approx. $6.95 million), or 5% of last year’s annual revenue[…] and may also be ordered to suspend any related activity or to suspend business for rectification, and/or be reported to the relevant authority for the revocation of the related business permit or the business license; and any person in charge or any other individual directly liable for the violation will be fined [and banned from certain roles for a time].’

Exemptions for responsible Operators

Article 11 of the Measures provides leniency to Operators who have implemented reasonable and necessary protective measures, actively reported incidents, and mitigated the situation’s impact. Such Operators may be exempted or face reduced penalties based on the circumstances. Article 11 can be viewed as an incentive for developing a robust internal compliance framework.

Defining cybersecurity incidents

Article 12 of the Measures clarifies that cybersecurity incidents include events caused by human factors, software or hardware defects, failures, and natural disasters, resulting in harm to networks, information systems, or data, with negative societal consequences.

Handling state secrets

Article 13 of the Measures acknowledges that incidents involving State secrets need to follow specific reporting procedures defined by relevant departments. For the avoidance of doubt, State secrets are not limited to information held by State organs or emanations. State secrets can, in principle, include (without limitation) other types of information, such as health and genetic information and mapping data, etc.

Conclusion

China’s proactive stance in formulating a comprehensive cybersecurity incident reporting framework reflects its commitment to securing digital infrastructure. As the global community grapples with escalating cyber threats, understanding and adapting such measures becomes imperative for fostering a secure and resilient digital environment.

The ongoing public feedback and potential refinements to the Measures will hopefully contribute to their effectiveness in addressing the dynamic challenges of the digital age.

–At the Juncture of the Supreme Court Judgment

At the onset of 2024, AnJie Broad’s antitrust team secured a pivotal second instance judgment from the Supreme People’s Court of China (“the Supreme Court”) in the rare earth antitrust litigation. The ruling completely overturned the first instance judgement rendered by the first instance court Ningbo Intermediate People’s Court (“the Ningbo Court”), holding that the conducts of AnJie Broad’s client Hitachi Metals did not constitute abuse of market dominance. The Supreme Court dismissed all claims brought by the four plaintiffs, four Ningbo rare earth magnets producers.

Reflecting on this case, it undoubtably encompasses several legal issues worthy of in-depth study and contemplation. The key controversies aroused in this case highlight some of the most cutting-edge issues prevalent in current antitrust litigation practice. The proceedings largely showcase the distinctive features of antitrust civil litigation in China. Notably, this case also garnered widespread attention both domestically and internationally.

On 27 April 2022, the Office of the United States Trade Representative (“USTR”) released its annual Special 301 Report (2022). The Report includes an expression relevant to this case:

“In 2021, a local intermediate court issued the first instance ruling declaring certain IP developed by foreign company to be an ‘essential facility’ and finding the company’s failure to license its IP to a Chinese plaintiff – notwithstanding existing licenses to other Chinese parties – to be an abuse of dominance. This decision raises concerns that China’s competition authorities may apply this approach to foreign patent holders for AML enforcement. The case is currently awaiting decision on appeal to the Supreme People’s Court. It is critical that China’s AML enforcement be fair, transparent, and non-discriminatory; afford due process to parties; focus only on the legitimate goals of competition law; and not be used to achieve industrial policy or other goals.”

As a matter of fact, the second instance judgment can clearly respond to the above “concerns” of the USTR’s Office, by displaying that China’s judicial ruling is strictly based on the proper application of the Anti-Monopoly Law (“AML”). Some case particularities are noteworthy and helpful to savour the significance of this millstone case.

I. A Case Lasted Nearly a Decade.

On December 11, 2014, four companies engaged in the production and sale of sintered neodymium-iron-boron (“NdFeB”) permanent magnet materials in Ningbo, namely Ningbo Ketian Magnet Co., Ltd., Ningbo Permanent Magnetic Industry Co., Ltd., Ningbo Tongchuang Strong Magnet Material Co., Ltd. and Ningbo Huahui Magnetic Industry Co., Ltd (collectively “the four plaintiffs”), initiated antitrust actions against Hitachi Metals with the Ningbo Court.

The cross-examination commenced for the first time at the Ningbo Court on September 21, 2015, followed by two subsequent hearings on December 18, 2015, and March 10, 2017, respectively, leading to the handing-down of the first instance judgment by the Ningbo Court on April 23, 2021. Then Hitachi Metals appealed to the Supreme Court.

The second instance was amid the hard pandemic period, and the Supreme Court organized the trial through an online hearing on November 23, 2021, with tens of thousands of people tuning to the live broadcast.

Near the ending of 2023, the Supreme Court rendered the final judgement by completely overturning the first instance judgment, and dismissing all claims made by the plaintiff. To this point, the rare earth antitrust litigation of China was finally brought to the conclusion, with the first and second instances in total spanning nearly a decade.

II. Both Parties Retained Expert Witnesses to Participate in the Trial.

In the first instance, Hitachi Metals engaged Professor Jiong GONG from the University of International Business & Economics as an economics expert, and Professor Jiemin SHENG from Peking University as an antitrust law expert, to participate in the trial. Furthermore, Hitachi Metals also presented an Expert Report issued by the above experts to the Ningbo Court.

For the other side, the four plaintiffs engaged an expert in the field of magnetic materials, Mr. Da MA, along with Mr. Yongwei CHEN and Professor Ming YANG from Peking University, to provide witness opinions from the perspectives of technology, economics and law, respectively.

In the second instance trial, Professor Jiong GONG, Dr. Vanessa Yanhua ZHANG and Professor Zhongwu LIU, engaged by Hitachi Metals, respectively issued the economic analysis and technical expert report for the appeal procedure.

Also, Dr. Vanessa Yanhua ZHANG and Professor Zhongwu LIU engaged by Hitachi Metals, and Mr. Da MA, engaged by the four plaintiffs, appeared in court to provide testimony on specialized issues, including the essentiality of the relevant technology, definition of the relevant market, determination of market dominance, development of upstream technology and competition of downstream products, conditions for the application of essential facilities doctrine, and the relationship between protection of intellectual property and antitrust, etc.

The opinions of those expert witnesses are partly reflected in both the first and second instance judgments.

The first instance judgment states, “Mr. Da MA, an expert in the field of magnetic materials technology, conducted a comprehensive analysis of Hitachi Metals’ patent claims from a patent perspective. He systematically compared them with existing production processes and concluded that the defendant’s patent list includes a series (Class I and Class II patents) of essential patents for the production of sintered NdFeB.” “The economic analysis report provided by Prof. Jiong GONG, expert designated by the defendant, asserts that there is a certain degree of overlap in the applications of sintered NdFeB and bonded NdFeB. For instance, both are utilized in motor products, indicating the substitutability. In terms of product sales scale, the market for sintered NdFeB is significantly larger than that of bonded NdFeB, with the former being roughly six times or more than the latter. Additionally, in certain downstream applications such as speakers and wind power, there is substitutability to some degree between ferrite permanent magnetic materials and sintered NdFeB.”

The second instance judgment underlines that, Prof. Zhongwu LIU, expert designated by Hitachi Metals, provided a technical expert report and stated that the 15 disputed patents are not uncircumventable for sintered NdFeB. According to the data in the Economic Report provided by Hitachi Metals, among Hitachi Metals and the eight Chinese companies licensed to implement its patents, the combined market share of Hitachi Metals and seven Chinese licensees is 13.91%. Although the data for Beijing Thinova Magnet Co., Ltd., one of the eight licensees, was not provided in the Economic Report, its market share cannot exceed that of Beijing Zhong Ke San Huan High-Tech Co., Ltd.’s market share 6.07%. Therefore, the combined market share of sintered NdFeB produced by Hitachi Metals and the eight Chinese licensees in the Chinese market is not more than 20%, and their relevant market share in foreign markets was even lower. Therefore, it cannot be found that Hitachi Metals had a dominant market position in this case. (Certainly, apart from the disputed patents, Hitachi Metals also possesses numerous highly valuable patents.)

In sum, it can be observed from this case that expert witnesses play a significant role in current antitrust civil litigations of China, with the frequent presence of some overseas economists.

III. The First Time to Apply “Essential Facilities” Doctrine in China’s Antitrust Litigation.

The first instance judgment holds that the essential facilities doctrine could be applied as an analytical tool in this case. Its reasons include: such facilities are indispensable for sintered NdFeB enterprises to participate in competition; Hitachi Metals, as the intellectual property owner, has exclusive control of such facilities; competitors could not duplicate the same facilities using reasonable efforts; where the plaintiff raised clear requests for license and was willing to pay reasonable consideration, Hitachi Metals rejected the use of essential facilities; it would be feasible for Hitachi Metals to grant license; the refusal has no reasonable grounds, and the plaintiff, as a large-scale industry operator, is qualified to exploit the patent and has actively expressed its willingness to request a license.

In fact, the above arguments have aroused strong concerns and criticism in China and abroad. It must be pointed out, the essential facilities doctrine has a long history of controversies under antitrust law, lacking a clear and consistent application standard. Consequently, various jurisdictions have always maintained a very cautious and restraint approach to this doctrine. Specifically, this doctrine is usually deemed applicable only under very exceptional circumstances, leading to its limited application in practice. It is true that, before this case, there is not any precedent in China where an enforcement agency or a judicial organ applied the essential facilities doctrine to the behavior of refusing to license, which further underscores the cautious stance towards this doctrine. Although the Supreme Court in the second instance judgement did not explicitly comment on the application of the essential facilities doctrine, it has in essence negated the application of this doctrine by finding Hitachi Metals’ absence of dominant position in the relevant market. It should be recognized that this cautious approach employed by the Supreme Court is commendable.

IV. This Case Involves the Intersection of Anti-Monopoly Law and Intellectual Property Laws.

This case exemplifies the cross-application of antitrust law and intellectual property laws, carrying demonstrative significance in several senses.

The public and private enforcement of antitrust law in the intellectual property field is crucial and complex. It demands striking a proper balance and ensuring coordination between the dual objectives of safeguarding and promoting competition for one thing, and protecting intellectual property rights to stimulate innovation for another. Hence, the AML provides a principle that the AML does not apply to the lawful exercise of intellectual property rights by undertakings pursuant to relevant laws and regulations governing intellectual property rights; however, undertakings’ abuse of intellectual property rights to eliminate or restrict competition shall be still governed by the AML.

The above provision outlines the fundamental principles and stance of the AML regarding the relationship between intellectual property and antitrust, which could be interpreted from three aspects. First, the AML does not interfere with the lawful exercise of intellectual property rights by holders in accordance with intellectual property laws and regulations. Secondly, if the exercise of intellectual property rights amounts to abuse and results in elimination or restriction of competition, the AML shall apply. Thirdly, if the exercise of intellectual property rights constitutes abuse, but without causing elimination or restriction of competition, the AML will not apply; instead, such exercise of intellectual property rights will be regulated within the framework of intellectual property laws.

Jurisprudentially, intellectual property rights are fundamentally a type of private right, constituting a legal monopoly granted by law. The creator and investor of an intellectual property right have exclusive privileges within a specific scope and timeframe. The application of AML should come into play, only under exceptional circumstances when the “abuse of intellectual property rights” results in substantial harms to market competition. Thus, if the abuse of intellectual property rights by the holder does not cause significant harms to market competition, the regulation falls under intellectual property law, civil law, and other relevant statutes, rather than the AML.

Indeed, overapplication of the AML can stifle innovation and competition in the realm of intellectual property rights, contradicting the fundamental principle of freedom of contract and the legislative purpose of the AML. Freedom of contract is essential for a market economy and a prerequisite for fostering free competition. This freedom allows business operators to choose transaction partners and determine transaction conditions at their discretion. It also empowers operators to decline transaction requests from other counterparts for normal business purposes. Consequently, a business operator is generally not obligated to engage in transactions with other market players. The Court of Justice of the European Union expressed a similar viewpoint in the 1988 Volvo case, holding that “… an obligation imposed upon the proprietor of a protected design to grant to third parties, even in return for a reasonable royalty, a licence for the supply of products incorporating the design would lead to the proprietor thereof being deprived of the substance of his exclusive right.” Therefore, the application of the AML should not undermine the freedom of trade, which serves as the cornerstone of a market economy.

V. Definition of the Relevant Market is Fully Debated in This Case.

There is no divergence between the Ningbo Court and the Supreme Court on the time and geographic element of the relevant market, while different views exist on the relevant product market.

The first instance court holds that this case mainly involves disputes over the licensing of sintered NdFeB patent owned by the defendant. Therefore, the technology market most closely related is the market of patent licensing. Where the patent is a product or method patent for manufacturing a specific product, the market dynamics generated by consumers’ selection of products in the downstream product market will directly impact the supply and demand relationship in the upstream technology market. If the downstream product is easily substituted by other products, the competitive product should be taken into consideration not only in the downstream product market, but also in the upstream technology market. Consequently, when determining the substitutability of technologies, the substitutability of downstream sintered NdFeB products shall be first considered, to accurately define the substitutability of specific technology of sintered NdFeB and other magnetic materials technologies. Based on the evidence of the parties, the Ningbo Court concluded that whether from demand or supply substitution, sintered NdFeB and other magnetic materials are not substitutable, thus the downstream product market should be defined as sintered NdFeB product market.

The first instance court then further examined the upstream technology market. By having relied on the opinions of the technical expert engaged by the four plaintiffs, Hitachi Metals’ public statement and relevant statements in third-party reports, the Ningbo Court considered that licensing for sintered NdFeB patents owned by Hitachi Metals is essential. With respect to the scope of essential patents involved in this case, the Ningbo Court accepted the plaintiff’s expert witness’s patent list and its technical opinions.

In addition, the first instance judgment further emphasizes and clarifies that, since Hitachi Metals’ sintered NdFeB patents were not part of a standard, it did not qualify as a standard essential patent (SEP). To avoid ambiguities, the patents discussed in the instant case are referred to as sintered NdFeB “essential patents”, which refers to the Class I and Class II patents as classified by the plaintiff’s expert. In the end, the Ningbo court concluded that the relevant technology market in this case can be defined as the market for licensing the essential sintered NdFeB patents owned by Hitachi Metals.

In sum, the Ningbo Court defined two relevant product markets in this case: one is the market for licensing the essential sintered NdFeB patents owned by Hitachi Metals (upstream), and the other is the market for producing sintered NdFeB (downstream).

While, the Supreme Court dissented on Ningbo Court’s position in terms of the technology market definition, and its analysis of market definition in the second instance judgment is notably more well-knit, solid and appropriate.

The second instance judgment holds that, the evidence at hand is insufficient to prove existence of an independent market for licensing of the essential sintered NdFeB patents, let alone a smaller market for licensing the essential sintered NdFeB patents only owned by Hitachi Metals. The main grounds of the Supreme Court are set out as follows.

Firstly, there are two inconsistent or contradictory claims and facts in this case. On the one hand, the plaintiff held that the relevant patented technology of Hitachi Metals encompasses “essential patents” or important technology for manufacturing sintered NdFeB. On the other hand, some manufacturers such as the plaintiff, who hope to be granted the license by Hitachi Metals, meanwhile claimed that their production did not infringe Hitachi Metals’ patent.

Secondly, the fact regarding sintered NdFeB and the development of its production technology objectively demonstrated that the argument that “Hitachi Metals’ sintered NdFeB patents are essential patents” lacks supporting evidence. Meanwhile, in recent years, China has made a rapid progress in sintered NdFeB patent applications, production, and exports. Sintered NdFeB and their production technology are non-standardized products and non-standardized technologies, with increasingly frequent updates and iterations of technology.

Thirdly, Hitachi Metals used to hold more than 600 patents of sintered NdFeB worldwide. It had expanded its patent portfolio globally in an early time, applying for patents in the United States, Europe, China and other countries. In China, Hitachi Metals used to hold 90 Chinese patents, and only licensed eight companies to implement sintered NdFeB patents to produce and sell sintered NdFeB materials worldwide except in Japan. However, companies that did not obtain a license from Hitachi Metals still produced and sold sintered NdFeB materials in China and exported to Europe and other countries except the United States and Japan.

The Plaintiff further argued in the second instance that the essentiality of the involved patents does not arise from technology but rather stems from Hitachi Metals’ abusive tie-in sales, litigation threats, and exclusive arrangements. This further indicated that the plaintiff’s allegations are lack of sufficient factual basis and were more likely a misjudgment or misconception about the facts.

In summary, the Supreme Court maintained that the definition of the relevant market in this case shall be conducted in accordance with case-specific circumstances, using objective and authentic data and with the aid of economic analysis methods. The Plaintiff claimed that the sintered NdFeB patent of Hitachi Metals was irreplaceable and constituted an independent relevant market. However, it was inconsistent with the actual production, sales and relevant technical development of sintered NdFeB products. It also failed to provide sufficient evidence to prove its claims, especially did not provide evidence to prove why and how the sintered NdFeB patent of Hitachi Metals was technically irreplaceable. Therefore, the plaintiff should bear the adverse consequences for which it was unable to bear the burden of proof.

Take the analysis above into consideration, the Supreme Court concluded that: since the evidence in this case is insufficient to prove that the sintered NdFeB patent of Hitachi Metals technically irreplaceable, and in accordance with the demand-side substitutability of the production technology of sintered NdFeB materials, the relevant product market in this case should be defined as the production technology market of sintered NdFeB materials, including both patented technology and non-patented technology with close substitutability. The first instance court’s market definition lacked factual and legal basis, hence the Supreme Court amended accordingly.

In antitrust civil litigations, especially where abuse of market dominance involves, market definition is not always necessary (this view is also reflected in the latest Draft Judicial Interpretation issued by the Supreme Court). That said, in the specific cases, market definition in most times is still fundamental and a prerequisite step. This is because that definition of the relevant market decides the competitive analysis path and the debate starting point for both parties, further directly affects the judgment. In particularly, the definition of the relevant market is vitally important for antitrust cases involving intellectual property rights.

This rare earth antitrust case was finally brought to its conclusion after nearly a decade. During this long but intriguing journey, as Hitachi Metals’ counsels, we are very privileged to have come across and handled those most cutting-edge issues. We are also very delighted to witness the meticulous and rigorous attitude of all the plaintiff’s counsels, expert witnesses, and the collegial benches of the first and second instances.

The counsels and expert witnesses of both parties, as well as the first and second instance court demonstrated a high level of expertise and professionalism in the whole proceedings. This has led to very in-depth debates and discussions on those key disputed issues between the parties, fully mirroring the technical nature of antitrust litigations. In antitrust civil litigations, for both the parties’ counsels and the adjudicating judges, the complexity of cases and the application of relevant legal theories pose significant challenges. Perhaps, it is precisely the technicality and challenge that make antitrust litigations rather fascinating and charming.

——Analysis of the Supreme Court’s Trial Pattern in the First Antitrust Litigation of Rare Earth Sector

Introduction

Recently, the Supreme People’s Court of China (“the Supreme Court”) has rendered its second instance judgment on the first antitrust case in China’s rare earth industry. The ruling overturned the first instance judgement by having dismissed all claims made by the plaintiff. AnJie Broad team represented Hitachi Metals in both the first instance and appellate proceedings and dedicated a span of nearly ten years to bring this case to its final conclusion. Given that this case marked the first instance of a Chinese court having applied the essential facilities doctrine in an antitrust litigation, this case garnered widespread attention and commentary from both domestic and international industry stakeholders, academic circles, and legal practitioners, rendering it extremely high-profile.

The complex issues involved in this case, such as the approach of defining the relevant technology market, whether the owner of non-SEP might be deemed to have a dominant position simply based on the patent ownership, the conditions for application of essential facilities doctrine and the approach of competitive analysis when it comes to exercising intellectual property rights. This case does not only bear academic significance within the antitrust domain but also wield a guiding influence on economic and innovative activities within the industry.

In addition, it is noteworthy that the Supreme Court’s ultimate ruling in this case not only thoroughly embodies the judicial spirit that “antitrust law protects competition, not specific competitors,” establishing judicial practice on the value and objectives of anti-monopoly law, but also showcases its stringent approach and commitment to impartial justice, especially facing the dispute between the Chinese party and foreign party.

I.       Case Overview

On December 11, 2014, four companies engaged in the production and sale of sintered neodymium-iron-boron (“NdFeB”) permanent magnet materials in Ningbo, China, namely Ningbo Ketian Magnet Co., Ltd., Ningbo Permanent Magnetic Industry Co., Ltd., Ningbo Tongchuang Strong Magnet Material Co., Ltd., and Ningbo Huahui Magnetic Industry Co., Ltd (“the four plaintiffs”), initiated civil antitrust lawsuits against Hitachi Metals, Ltd. (“Hitachi Metals”) with the Intermediate People’s Court of Ningbo, Zhejiang Province (“the Ningbo court”). The four plaintiffs contended that Hitachi Metals owned numerous essential patents related to sintered NdFeB. Hitachi Metals had a dominant position in the essential patent licensing market for sintered NdFeB. Hitachi Metals’ refusal to license without justifiable reasons was considered a “refusal to deal” under the framework of AML. Additionally, the bundling of essential and non-essential patents by Hitachi Metals constituted tie-in sales. Therefore, the four plaintiffs believed that these activities constituted abuse of market dominance and requested the court to order Hitachi Metals to cease infringement and compensate for their economic losses.

On April 23, 2021, the first instance judgment was rendered by the Ningbo court against Hitachi Metals. The Ningbo court defined two relevant markets in the dispute: one upstream market for licensing sintered NdFeB magnet patents held by Hitachi Metals, and one downstream market for producing sintered NdFeB magnets. The Ningbo court determined that Hitachi Metals held a dominant market position in the upstream market, thus its refusal to license was deemed an abuse of dominant market position, leading to the court ordering the cessation of infringement and compensation for economic losses.

Subsequently, Hitachi Metals appealed to the Supreme Court. Following a public trial, the Supreme Court handed down its second instance judgment on December 14, 2023, overturning the first instance ruling and dismissing all claims made by the four plaintiffs. That marked a complete reversal took place in the appeal procedure.

Indeed, a meticulous analysis is necessary to understand the substantial disparity between the judgments of the first instance and second instance courts. What accounts for the complete divergence in the opinions of the two courts on the pivotal issues?

II.    Does Licensing of Sintered NdFeB Patents Owned by Hitachi Metals Constitute A Separate Relevant Market?

1.      The Court’s Ruling

The Ningbo Court, in the first instance, found that from the perspective of demand-side substitution, licensing for sintered NdFeB patents owned by Hitachi Metals is essential. The primary evidence that Ningbo Court relied on includes Hitachi Metals’ public statement, the opinions of technical expert witnesses engaged by the four plaintiffs, and relevant statements of third-party reports. The Ningbo Court further explicitly clarified that since Hitachi Metals’ sintered NdFeB patents were not part of standard-setting, it did not qualify as a standard essential patent (SEP). To avoid ambiguities, the patents discussed in the instant case are referred to as sintered NdFeB “essential patents”.

The Supreme Court held in the second instance ruling that the evidence at hand is inadequate to establish the existence of an independent market for licensing of essential patents for sintered NdFeB, let alone the relevant market for licensing of essential patents for sintered NdFeB owned by Hitachi Metals. Specific reasons for this conclusion include:

Firstly, there are two inconsistent or contradictory claims in this case. On the one hand, the four plaintiffs argued that Hitachi Metals’ patents were essential or crucial technology for manufacturing sintered NdFeB. On the other hand, the four plaintiffs sought a patent exploitation license from Hitachi Metals while simultaneously asserting that their production of sintered NdFeB did not infringe Hitachi Metals’ patent.

Secondly, the fact regarding the development of sintered NdFeB’s production technology objectively demonstrated that the argument at the time of the allegation that “Hitachi Metals’ sintered NdFeB patents are essential patents” lacked evidence to support. The technologies of manufacturers included patents, technical secrets, and publicly known technologies. Meanwhile, in recent years, China has made rapid progress in patent applications, production, and exports of sintered NdFeB. Sintered NdFeB and its production technology are non-standardized products and non-standardized technologies, characterized by frequent updates and iterations of technology.

Thirdly, Hitachi Metals used to hold more than 600 patents of sintered NdFeB worldwide. In China, Hitachi Metals held 90 Chinese patents and granted licenses to eight Chinese companies, such as Zhong Ke San Huan, for implementation. Nevertheless, companies that did not obtain licenses from Hitachi Metals continued to manufacture and sell sintered NdFeB materials in China, exporting to Europe and other countries, except the United States and Japan.

Fourth, the four plaintiffs further contended that the essential nature of the patents concerned did not result from technology but rather stems from Hitachi Metals’ abusive tie-in sales, litigation threats, and exclusive arrangements. This further indicated that claims such as “Hitachi Metals’ patents concerned are essential patents that cannot be design around in the production of sintered NdFeB materials” and “Chinese rare earth permanent magnet companies without license from Hitachi Metals cannot export their products to designated countries such as the United States” lacked sufficient factual basis and were more likely a misjudgment or misconception about the facts.

Based on the afore-mentioned reasons and through comprehensive analysis, the Supreme Court held that the four plaintiffs’ claim – the sintered NdFeB patent of Hitachi Metals was irreplaceable and constituted an independent relevant market – was inconsistent with the reality. The four plaintiffs also failed to provide sufficient evidence to prove its claims, especially did not provide evidence to prove why and how Hitachi Metals’ sintered NdFeB patents were technically irreplaceable. In the Supreme Court’s view, the relevant product market in this case should be defined as the market for the production technology of sintered NdFeB materials, encompassing both patented technology and non-patented technology with close substitutability.

2.      Comments: “Patent Licensing Market” Is Different From “Technology Market”

Guidelines of the Anti-Monopoly Commission under the State Council on the Definition of  Relevant Market (“Guidelines on Relevant Market”)and Provisions on Prohibition of Abuse of Intellectual Property to Exclude or Restrict Competition (“Antitrust Provisions on Abuse of Intellectual Property”) respectively stipulate that “In the antitrust enforcement for technology trade, licensing agreement, etc. that involves intellectual property, it might be necessary to define the relevant technology market in consideration of such factors as intellectual property and innovation.” and “In the antitrust enforcement involving intellectual property licensing, the relevant commodity market may be a technology market or a product market containing specific intellectual property.” Antitrust Provisions on Abuse of Intellectual Property also provides that “The relevant technology market refers to the market formed by the competition between technologies involved in the exercise of intellectual property and the same type of technologies that are mutually substitutable.”

Based on the above rules, it can be inferred that, substitutable technologies of the same type are not limited to patents. In other words, non-patented technologies can also constitute substitutes to patented technologies and may belong to the same relevant technology market along with patented technologies. Therefore, when defining the relevant technology market, it is necessary to examine not only the existence of substitutable patented technologies, but also the existence of substitutable non-patented technologies to accurately define the scope of the relevant technology market under antitrust regime. We must avoid falling into the misconception that the “relevant technology market” is equivalent to the “patent licensing market”.

It should be recognized that the judicial pattern of the Supreme Court’s judgment in this case aligns with the legislative spirit of the Antitrust Provisions on Abuse of Intellectual Property.

III.  The Application of Essential Facilities Doctrine in the Field of Intellectual Property should Be Strictly Limited

1.       The Court’s Ruling

The Ningbo Court held in the first instance that, Hitachi Metals’ concerned patents enjoys a strong market dominance due to their technological irreplaceability, which was then further strengthened by the solidification of market awareness. The Ningbo Court believed that the “essential facilities” doctrine could be applied as an analytical tool in this case and determined that Hitachi Metals’ patents concerned had already constituted essential facilities. The rationale behind this decision is as follows: such a “facility” was indispensable for sintered NdFeB enterprises to participate in competition; Hitachi Metals, as the intellectual property rights holder, monopolistically controlled the essential facility; competitors cannot duplicate the facility exerting reasonable efforts; Hitachi Metals denied the use of the facility by competitors when the four plaintiffs having explicitly made licensing requests and being willing to pay reasonable consideration; the refusal to license is not justified.

Although the Supreme Court did not explicitly evaluate the application of essential facilities doctrine in the second instance ruling, the decision to overturn the determination of Hitachi Metals’ market dominance in the relevant market essentially negated the first instance finding of essential facilities. In reality, Hitachi Metals owns some important patents in the relevant product market, and it does not mean that Hitachi Metals has a dominant position under the AML.

2.      Comments: the Application of Essential Facilities Doctrine shall be strictly restricted

Pursuant to Article 123 of the Civil Code, a civil person or entity enjoys an intellectual property right in accordance with the law. The intellectual property right is a “proprietary right” enjoyed by the right holder in respect of a specific object. Given that intellectual property rights belong to the category of private rights and its nature of civil rights, the application of essential facilities doctrine in the field of intellectual property requires especially careful precaution.

Noteworthy, the Antitrust Provisions on Abuse of Intellectual Property released in 2023, compared to its old version in 2015, deleted the provision on essential facilities doctrine. Such a subtle legislative change further evidences the cautious attitude toward application of essential facilities doctrine in the Intellectual Property.

As a matter of fact, the application of essential facilities doctrine is also rare and controversial in other jurisdictions, such as Europe and the United States.

The essential facilities doctrine was first introduced in the case United States. v Terminal Railroad Association of St. Louis (1912). However, the Supreme Court of the United States remained conservative on the application of this doctrine in cases involving intellectual property. It has noted that compulsory licensing is in conflict with the legislative purpose of antitrust laws, as it would weaken the innovation incentives of competitors. In the case Verizon Communications Inc. v. Law Offices of Curtis v Trinko, LLP (2004), the Supreme Court of the United States elaborated on the potential conflict between compulsory licensing of intellectual property and the legislative purpose of antitrust laws as follows:

Compelling firms to share the source of their advantage is in some tension with the underlying purpose of antitrust law, since it may lessen the incentive for the monopolist, the rival, or both to invest in those economically beneficial facilities. Enforced sharing also requires antitrust courts to act as central planners, identifying the proper price, quantity, and other terms of dealing-a role for which they are ill suited. Moreover, compelling negotiation between competitors may facilitate the supreme evil of antitrust: collusion.

Similarly, there have been very strict requirements for the application of essential facilities doctrine in Europe as well. Relevant EU rules explicitly stipulate the requirements for applying the essential facilities doctrine, including: first, the refusal of the relevant product or service is objectively essential for effective competition in the downstream market; second, the refusal is likely to eliminate effective competition in the downstream market; third, the refusal is likely to cause harms to consumers; fourth, licensing will not have a negative impact on the innovation.

It’s critical to highlight that the EU has introduced an additional criterion for applying the essential facilities doctrine to intellectual property in practice, known as the “new product” standard. This means that it must be demonstrated that, after compulsory licensing, the result will be the creation of a new product that meets consumers’ new demand. For instance, in the Magill v Radio Telefis Eireann case, the plaintiff Magill intended to introduce a new business involving a comprehensive “television program guide” that met consumer demand. Similarly, in the IMS Health GmbH & Co. OHG v NDC Health GmbH & Co. KG case, IMS provided innovative regional sales data for pharmaceutical products in Germany, addressing consumer demand.

The “new demand” standard of the EU is reasonably justified. This is because intellectual property essentially grants intellectual property holders the legitimate right to restrict competitors from producing, selling, and offering products identical to their own. If, after licensing, the result is merely that other licensees produce products identical to those of the intellectual property holder, it would have no effect in promoting innovation. On the contrary, it could significantly dampen the enthusiasm of operators to innovate.

The first instance judgment of this case marks the first-time application of essential facilities doctrine in China, representing a bold attempt. However, this attempt is evidently flawed. The Supreme Court’s second instance judgment provides insights into the future application approach of essential facilities doctrine in China.

IV.  Is the Key to Conduct Competitive Analysis on the Upstream Technology Market or Downstream Product Market?

1.       The Court’s Ruling

In the first instance judgment, the Ningbo Court directly concluded that Hitachi Metals’ activities excluded and restricted competition. Nevertheless, the Ningbo Court did not examine the fundamental facts needed for the “competitive effects analysis” nor elaborated on the “competition analysis process”.

In the second instance judgment, the Supreme Court held that it was difficult to establish Hitachi Metals’ dominant market position, and consequently, the plaintiff’s claims of dominant market position and bearing civil liability were difficult to substantiate. As a result, the Supreme Court decided not to further examine the case. That said, it is noteworthy that when discussing whether Hitachi Metals had market dominance, the Supreme Court had, in fact, carried out examinations and analysis of the competition in the downstream product market. Specifically, the Supreme Court maintained that in a situation where multiple competitive technologies exist in the relevant technology market, the market share of downstream products implementing that technology could more accurately and conveniently reflect the conditions of the relevant technology market. It could also more accurately reflect the market position of the operator owning that technology. The combined market share of sintered NdFeB produced by Hitachi Metals and eight Chinese enterprises licensed under its patents did not exceed 20% of the Chinese sintered NdFeB product market. Furthermore, the market share of Hitachi Metals and the eight Chinese licensees, along with foreign licensees, in foreign markets was even lower. In addition, despite not licensing other Chinese enterprises after 2013, the production of NdFeB magnets in China had increased significantly since 2014. This further supported the finding that Hitachi Metals did not have a dominant market position, either in the upstream NdFeB technology market or the downstream materials market.

2.      Comments: The Key to Antitrust Evaluations of the Exercise of Intellectual Property is the Competitive Analysis of Downstream Product Market

Pursuant to Article 68 of the Anti-Monopoly Law (AML) 2022, the AML does not apply to the exercise of intellectual property rights by undertakings according to relevant laws and administrative regulations governing intellectual property rights; however, undertakings’ abuse of intellectual property rights to eliminate or restrict competition shall be governed by the AML. Consequently, justifiable exercise of a patent right is a legitimate and free activity of the party involved and does not constitute an abuse of intellectual property rights under the AML.

As mentioned above, the application of essential facilities doctrine to regulate refusal to license activities is uncommon in global judicial practices. As emphasized by the Supreme Court of the United States in the case United States v. Colgate, every operator should have the right to freely choose its trading partners, and antitrust laws do not prevent operators from exercising their inherent autonomy in business. Compulsory transactions contradict the fundamental legal principle of freedom of contract. Therefore, the prerequisite for compulsory transactions must be that the refusal to deal would have a serious anticompetitive impact on the relevant market.

Moreover, although the Antitrust Provisions on Abuse of Intellectual Property only mentions that “refusal to license the intellectual property will have adverse impact on the competition or innovation in the relevant market, thus harming the interests of consumers or the public” without specifying which market it is, according to the domestic and overseas judicial practices, the primary consideration for the impact on competition should be the downstream product market. For instance, section 3.2 of the U.S. Antitrust Guidelines for the Licensing of Intellectual Property explicitly states that if the patent licensing appears likely to have anticompetitive effects, the Agencies normally will identify one or more relevant market in which the effects are likely to occur. Usually, enforcement agencies evaluate the downstream product market, and in other circumstances, they may consider the impact on technology or research and development markets.

Hence, when evaluating conduct that seems to be the lawful exercise of intellectual property rights, the primary emphasis in antitrust law assessment should be on examining whether it exerts substantial exclusionary or anticompetitive effects on the downstream product market, rather than the upstream technology market. This is crucial because obtaining a patent license is specifically for the production and sale of downstream products. If the upstream technology lacks application value, scrutinizing the market position in the upstream market becomes meaningless.

Conclusion

The refusal to license a patent presents distinctive features compared to a typical refusal to deal. When regulating the refusal to license, considerations should extend not only to protecting the licensor’s contractual rights, it is also essential to take into account the incentives for innovation and the strike on the proprietary nature of patent rights. In the case of refusal to license non-SEP, antitrust law should use intervention more cautiously to avoid inappropriate interference. Forcing patent owners into licensing may impede innovation and diminish incentives in alternative technologies, ultimately harming technological innovation in the market as a whole. From a technical standpoint, defining the relevant technology market should consider both patented and non-patented technologies. The application of essential facilities doctrine, given its controversial nature, should be cautious in the realm of intellectual property. When assessing antitrust implications of the normal exercise of intellectual property rights, careful attention should be directed towards analyzing the competitive effects on downstream product markets.

The nearly-ten-year legal dispute in the Hitachi Metals case has ultimately come to an end. The judicial pattern of the Supreme People’s Court of China in the first antitrust litigation of rare earth sector deserves careful study.

On December 14, 2023, China Supreme People’s Court (“the Supreme Court”) rendered a second-instance judgment on the case of four Ningbo rare earth enterprises suing Hitachi Metals for abusing its dominant market position, overturning the first-instance judgment by the Ningbo Intermediate People’s Court (“Ningbo Intermediate Court”) and dismissing all claims of the plaintiffs in the first instance. Scan the QR code below for an English translation of the second-instance judgment.

On April 23, 2021, the Ningbo Intermediate Court, in its first-instance judgment, held that the relevant product market in this case should be defined as the market for “licensing sintered NdFeB essential patents owned by Hitachi Metals”. Therefore, Hitachi Metals, Ltd (“Hitachi Metals”), as the sole patent holder in this assumed market, was deemed to possess a 100% market share, and its refusal to grant patent licenses to potential licensees was considered an abuse of its dominant market position by refusing to deal. The Ningbo Intermediate Court’s aforementioned reasoning made this case the first antitrust case involving refusal to license non-standard essential patents “non-SEPs” in China.

In the second-instance judgment, the Supreme Court pointed out that the relevant product market in this case should be defined as the market for the production technology of sintered NdFeB materials. The market definition in the first-instance judgment lacked factual and legal basis. Additionally, since the plaintiffs in the first instance failed to provide evidence demonstrating Hitachi Metals’ market dominance in the relevant market, their claims regarding Hitachi Metals’ abuse of its dominant market position and the corresponding civil liability were naturally untenable.

AnJie Broad Antitrust Team has been representing Hitachi Metals since 2014 against the lawsuits filed by the four plaintiffs and finally achieved a total victory after nearly a decade of litigation. This case, as the first antitrust case involving refusal to license non-SEPs in China, has garnered significant attention worldwide. The Supreme Court’s approach to the adjudication of key issues in this case, including the definition of relevant markets, the boundaries of antitrust intervention in the exercise of intellectual property rights, and the prudent application of essential facilities doctrine in the field of intellectual property, holds significant milestone value in both the judicial and administrative enforcement practices of antitrust law in China.

Legislative Practice of Trade Sanctions in China

China’s trade sanctions system has counter and defensive characteristics and is established and continuously improved to address discriminatory and restrictive measures taken by foreign countries against Chinese citizens, enterprises, or other organizations, which deviate from international law and basic norms of international relations, as well as measures that harm the legitimate rights and interests of China, other organizations, or individuals.

1. Provisions on Blocking the Improper Extraterritorial Application of Foreign Laws, Measures, and Judgments

On January 9, 2021, the Ministry of Commerce of China issued the “Measures for Blocking the Inappropriate Extraterritorial Application of Foreign Laws and Measures” (hereinafter referred to as the “Blocking Measures”), in order to block the extraterritorial application of foreign laws and measures that violate international law and basic norms of international relations, and improperly prohibit or restrict Chinese citizens, legal persons, or other organizations from engaging in normal economic, trade, and related activities with third countries (regions) and their citizens, legal persons, or other organizations.

The “Blocking Measures” requires Chinese citizens, legal persons, or other organizations to truthfully report the relevant situation to the competent commerce department of the State Council within 30 days when encountering situations where foreign laws and measures prohibit or restrict their normal economic and trade activities with third countries (regions) and their citizens, legal persons, or other organizations.[1] For foreign laws and measures which have been assessed and confirmed to have improper extraterritorial application, the competent commerce department of the State Council may decide to issue an injunction prohibiting recognition, enforcement, and compliance with relevant foreign laws and measures.[2] If a party complies with foreign laws and measures within the scope of the prohibition, which infringes on the legitimate rights and interests of Chinese citizens, legal persons, or other organizations and causes losses, Chinese citizens, legal persons, or other organizations may bring a lawsuit to the court in accordance with the law, requiring the party to compensate for the losses. If the aforementioned parties refuse to fulfill the effective judgment or ruling of the court, Chinese citizens, legal persons, or other organizations may apply to the court for compulsory execution in accordance with the law.[3]

On June 10, 2021, the Anti Foreign Sanctions Law of the People’s Republic of China (hereinafter referred to as the “Anti Foreign Sanctions Law”) officially came into effect. Article 12, Paragraph 1 of the Anti Foreign Sanctions Law requires that no organization or individual shall enforce or assist in enforcing discriminatory restrictive measures taken by foreign countries against Chinese citizens and organizations.[4]

In addition, for the recognition and enforcement of effective judgments made by foreign courts, Article 300 of the new Civil Procedure Law of the People’s Republic of China, which comes into effect on January 1, 2024, stipulates that if a court determines that an effective judgment made by a foreign court violates the basic principles of the laws of the People’s Republic of China or national sovereignty, security, or social public interests, it shall rule not to recognize and enforce it.[5]

2. Principle Provisions on Sanctions and Countermeasures

The Cybersecurity Law of the People’s Republic of China (hereinafter referred to as the “Cybersecurity Law”), which came into effect on June 1, 2017, is a law formulated by China to ensure cybersecurity, safeguard cyberspace sovereignty, and national security. Article 75 of the Cybersecurity Law provides for sanctions against overseas institutions, organizations, and individuals who attack critical information infrastructure. It stipulates that if overseas institutions, organizations, or individuals engage in activities that endanger the critical information infrastructure of the People’s Republic of China, such as attacks, intrusion, interference, or destruction, and cause serious consequences, China has the right to hold them legally responsible in accordance with the law. The public security department and relevant departments of the State Council may also decide to take measures to freeze property or other necessary sanctions against the institution, organization, or individual.[6] This is an earlier legal provision that explicitly regards the adoption of sanctions against overseas illegal entities as legal responsibility.

On December 1, 2020, the Export Control Law of the People’s Republic of China (hereinafter referred to as the “Export Control Law”) was officially implemented. Article 48 of the Export Control Law stipulates that if any country or region abuses export control measures to endanger the national security and interests of the People’s Republic of China, China may take corresponding measures against that country or region based on the actual situation.[7]

Article 12 of the “Blocking Measures” issued by the Chinese Ministry of Commerce in January 2021 clearly stipulates that the Chinese government can also take necessary countermeasures against the inappropriate extraterritorial application of foreign laws and measures based on actual circumstances and needs.[8]

On July 1, 2023, the Foreign Relations Law of the People’s Republic of China (hereinafter referred to as the “Foreign Relations Law”) began to be implemented officially. The Foreign Relations Law clarifies the powers of state organs in foreign relations affairs, the goals of developing foreign relations, the system of foreign relations, and the guarantees for developing foreign relations. According to Article 33, China has the right to take corresponding countermeasures and restrictive measures against actions that violate international law and basic norms of international relations and endanger China’s sovereignty, security, and development interests. The Foreign Relations Law further stipulates that decisions made by relevant state organs in accordance with the aforementioned provisions shall be final.[9]

In addition, the Foreign Relations Law also provides a legal basis for the implementation and compliance of United Nations Security Council sanctions and related measures within China. Article 35 clearly stipulates that the state shall take measures to implement binding sanctions resolutions and related measures made by the United Nations Security Council under Chapter VII of the United Nations Charter. The Ministry of Foreign Affairs is responsible for issuing notices and announcing the implementation of the aforementioned sanctions resolutions and measures. Relevant national departments and regional governments shall take measures to implement them within their respective powers. Organizations and individuals within China shall comply with the contents of the Ministry of Foreign Affairs announcement and relevant measures of various departments and regions, and shall not engage in any behaviour that violates the aforementioned sanctions resolutions and measures.[10]

3. Provisions on Specific Measures for Sanctions and Countermeasures

On September 19, 2020, the Ministry of Commerce of China issued the “Regulations on the List of Unreliable Entities”, establishing a working mechanism for the list of unreliable entities. It clearly states that foreign entities (foreign enterprises, other organizations or individuals) (1) which endanger China’s national sovereignty, security, and development interests, or (2) which violate normal market trading principles, interrupt normal transactions with Chinese enterprises, other organizations, or individuals, or take discriminatory measures against Chinese enterprises, other organizations, or individuals, seriously damaging legitimate rights and interests of Chinese enterprises, other organizations or individuals in international economic and trade activities, will be included in the list of unreliable entities.[11]

The working mechanism of the list of unreliable entities can determine to take one or several of the following measures against the relevant foreign entities: 

(1) restrict or prohibit engagement in import and export activities related to China; 

(2) restrict or prohibit investment within China; 

(3) restrict or prohibit the entry of its related personnel, transportation vehicles, etc.; 

(4) restrict or cancel the work permit, stay or residence qualification of its related personnel within China; 

(5) impose a corresponding amount of fine based on the severity of the situation;

(6)  other necessary measures.[12]

On the other hand. The working mechanism also has a certain degree of flexibility. 

(1) a correction deadline can be set for foreign entities, and no measures will be taken within the deadline.[13]

(2) if a foreign entity corrects its behavior and takes measures to eliminate the consequences of the behaviour within the correction period, the working mechanism shall remove it from the list of unreliable entities.[14]

(3) if a foreign entity is restricted or prohibited from engaging in import and export activities related to China, and Chinese enterprises, other organizations or individuals need to engage in transactions with the foreign entity under special circumstances, they should apply to the Office of the Working Mechanism, and with consent, they can engage in corresponding transactions with the foreign entity.[15]

In addition to the working mechanism for the list of unreliable entities, the Anti Foreign Sanctions Law, which officially came into effect on June 10, 2021, specifies the situations in which China has the right to take countermeasures, including: 

(1) foreign countries violate international law and basic norms of international relations, use various excuses or based on their own laws to contain and suppress China, adopt discriminatory restrictive measures against Chinese citizens and organizations, and interfere in China’s internal affairs;[16] or 

(2) foreign countries, organizations, or individuals commit, assist, or support actions that endanger China’s sovereignty, security, and development interests.[17]

The objects of taking countermeasures include: 

(1) individuals and organizations who directly or indirectly participate in the formulation, decision, and implementation of discriminatory restrictive measures;[18]

(2) spouses and immediate family members of individuals included in the counter list; 

(3) senior management personnel or actual controllers of organizations included in the counter list; 

(4) organizations where individuals listed on the counter list serve as senior management personnel; 

(5) organizations that are actually controlled or involved in the establishment and operation by individuals and organizations included in the counter list.[19]

The relevant departments of the State Council may decide to take one or several of the following countermeasures based on the actual situation:

(1) not issue visas, not allow entry, cancel visas, or expel; 

(2) seizure and freezing of movable, immovable, and other types of property within the territory of China;

(3) prohibit or restrict organizations or individuals within China from engaging in related transactions, cooperation, and other activities with them; 

(4) other necessary measures.[20]

 In addition, if any organization or individual implements or assists in implementing discriminatory restrictive measures taken by foreign countries against Chinese citizens or organizations, which infringes on the legitimate rights and interests of Chinese citizens or organizations, Chinese citizens or organizations may bring a lawsuit to the court in accordance with the law.[21]

Judicial Practice of Trade Sanctions in China

1. Case of Sales Contract Dispute between Company A and Company B [22]

In this case, the seller Company A signed a methanol procurement contract with the buyer Company B, and Company A promised in Annex 3 of the procurement contract “Declaration and Guarantee on Trade Sanctions” that the goods it provided did not come from Iran. Otherwise, Company B has the right to terminate the contract and refuse payment. Afterwards, Company B suspected that the methanol provided by Company A may originate from Iran and requested Company A to provide a certificate of origin, but Company A was unable to provide such proof. Company B refused to make payment, while Company A filed a lawsuit claiming that Annex 3 of the contract in question violated the Anti Foreign Sanctions Law and the Blocking Measures, violated mandatory provisions of laws and administrative regulations, and should be deemed invalid. At the same time, Company A requested the court to judge Company B for breach of contract and pay liquidated damages and compensation for losses.

After trial, the court found that the statement was a unilateral commitment issued by Company A to Company B when signing the procurement contract with Company B. The document bears the seal of Company A and should be considered as a true expression of Company A’s intention. Secondly, the main content of this document is that Company A promises that the goods it provides do not come from countries such as Iran, not falling within the scope of the Foreign Sanctions Act and the Blocking Measures. Therefore, Company A’s claim that this commitment should be invalid lacks basis, and will not be adopted. Company A’s inability to provide relevant supporting documents to prove to Company B that the source of the goods involved in the case constitutes a breach of contract.

2. Case of C Company and D Company Applying for Recognition and Enforcement of Foreign Arbitral Awards [23]

In this case, Company C applied to the court for recognition and enforcement of an arbitration award made by the Singapore International Arbitration Centre Arbitration Tribunal. The respondent Company D requests the court not to recognize and enforce the arbitration award, for the following reasons: 

(1) the law firm to which the chief arbitrator belongs has been sanctioned by the Chinese government, resulting in the arbitration award being unfair;

(2) According to the “Blocking Measures”, Company D is a Chinese enterprise engaged in liquefied gas pipeline business that affects social and livelihood projects. It complies with this regulation and hopes that the court will consider the central “six stability and six guarantees” policy and the spirit of protecting the development of private enterprises in the trial.

Regarding the issue of whether the sanctions imposed by the Chinese government on the law firm to which the arbitrator belongs will affect the hearing of this case, the court believes that the sanctions are aimed at the law firm to which the chief arbitrator belongs and not at its arbitrator’s identity. At the time of the sanctions being imposed, the arbitration award involved in this case had been completed. This sanction is not within the scope of non recognition as stipulated in Article 5 of the Convention on the Recognition and Enforcement of Foreign Arbitral Awards, and is not related to the trial of this case; During the process of selecting arbitrators, both the Singapore International Arbitration Center and the applicant fulfilled their obligation of disclosure to the respondent, and there was no improper procedure.

Regarding the issue of whether the recognition and enforcement of arbitration awards comply with the “Blocking Measures”, the improper extraterritorial application of foreign laws stipulated in the “Blocking Measures” is not related to this case, and the choice of arbitration is the result of the autonomy of the parties in this case. The special protection of a certain type of private enterprise during special periods is a policy consideration and should not affect the recognition of the arbitration results in this case. The rule of law is the best business environment. If the results of legal implementation cannot be guaranteed, it may be beneficial to protect individual enterprises, but in the long run, it will harm more enterprises. Therefore, the court shall handle the disputes involved in this case fairly and impartially in accordance with the law.

The court ultimately held that the award made by the Singapore International Arbitration Centre in question did not fall under the circumstances of non-recognition and enforcement under Article 5 of the Convention on the Recognition and Enforcement of Foreign Arbitral Awards and shall be recognized and enforced.

Summary

At present, China’s regulations on trade sanctions are relatively general and principled, and relevant details still depend on further provisions of supporting regulations and rules. Thus, Article 33 of the Foreign Relations Law requires the State Council and its departments shall formulate necessary administrative regulations and departmental rules, establish corresponding work systems and mechanisms, strengthen departmental coordination, and determine and implement relevant countermeasures and restrictive measures. 

Article 13 of the Anti Foreign Sanctions Law also stipulates that relevant laws, administrative regulations, and departmental rules can further regulate countermeasures against actions that endanger China’s sovereignty, security, and development interests. On the other hand, there are currently few precedents that cite laws and regulations related to sanctions. In the aforementioned precedents citing the Anti Foreign Sanctions Law or the Blocking Measures, the court held that the relevant cases did not fall within the scope of application of the Anti Foreign Sanctions Law or the Blocking Measures and did not further discuss them. Against the backdrop of foreign countries continuing to impose sanctions on China, it is expected that China will continue to take countermeasures. In the future, with the enactment of relevant supporting documents, the responsibilities and obligations of all parties involved will be further clarified, and the application of trade sanctions laws and regulations by courts will also be more frequent.

Note: 

[1] Article 5 of the Measures for Blocking the Improper Extraterritorial Application of Foreign Laws and Measures.

[2] Article 7 of the Measures for Blocking the Improper Extraterritorial Application of Foreign Laws and Measures.

[3] Article 9 of the Measures for Blocking the Improper Extraterritorial Application of Foreign Laws and Measures.

[4] Article 12 of the Anti Foreign Sanctions Law of the People’s Republic of China.

[5] Article 300 of the New Civil Procedure Law of the People’s Republic of China.

[6] Article 75 of the Cybersecurity Law of the People’s Republic of China.

[7] Article 48 of the Export Control Law of the People’s Republic of China.

[8] Article 12 of the Measures for Blocking the Improper Extraterritorial Application of Foreign Laws and Measures.

[9] Article 33 of the Foreign Relations Law of the People’s Republic of China.

[10] Article 35 of the Foreign Relations Law of the People’s Republic of China.

[11] Article 2 of the Regulations on the List of Unreliable Entities.

[12] Article 10 of the Regulations on the List of Unreliable Entities.

[13] Article 11 of the Regulations on the List of Unreliable Entities.

[14] Article 13 of the Regulations on the List of Unreliable Entities.

[15] Article 12 of the Regulations on the List of Unreliable Entities.

[16] Article 3 of the Anti Foreign Sanctions Law of the People’s Republic of China.

[17] Article 15 of the Anti Foreign Sanctions Law of the People’s Republic of China.

[18] Article 4 of the Anti Foreign Sanctions Law of the People’s Republic of China.

[19] Article 5 of the Anti Foreign Sanctions Law of the People’s Republic of China.

[20] Article 6 of the Anti Foreign Sanctions Law of the People’s Republic of China.

[21] Article 12 of the Anti Foreign Sanctions Law of the People’s Republic of China.

[22] See Award (2021) Yue 01 Min Chu No. 1365.

[23] See Rule (2021) Hu 74 Xiewairen 1.

for Video Game Industry

China has been in lack of a comprehensive regulation governing online game industry in general since July 2019, when the Ministry of Culture and Tourism (“MOCT”) formally abolished the Interim Administrative Measures on Online Games promulgated by it in 2010. Since the National Press and Publication Administration (“NPPA”) became China’s sole regulatory body of online game business in early 2019, it has released a number of policies to guide and regulate the market on different aspects, in particular, on minor protection. However, due to the absence of an overall regulatory framework, the NPPA’s specific requirements and their legal consequences are less systematic and sometimes blurry.

On Dec 22, 2023, the NPPA released the long-awaited draft Online Game Administrative Measures (“Draft Measures”) to solicit public comments by Jan 22, 2024. Despite of the immediate concerns and controversies raised by gaming companies and other stakeholders, the introduction of a comprehensive regulation in game industry will undoubtfully fill the legislative gap and create more regulatory certainty.

Two Major Participants: Publishing Entity and Operating Entity

As game-specific approval (aka, ISBN) is a key administrative measure that the NPPA takes to regulate online game market, the NPPA divides its administrative dimension into two stages, namely prior-launch approval and after-launch supervision. It follows that the NPPA imposes regulatory duties on two entities: a game publishing entity (“Publishing Entity”) that must have an Internet Publishing Permit (“IPP”) in order to file an application for the ISBN to the NPPA and a game operating entity (“Operating Entity”) that must have an ICP License in order to distribute and operate an approved game. Such an approach follows the way the NPPA regulates traditional publishing business where a publishing house (comparable to a Publishing Entity) is in charge of the review and censorship of the content of a book, while bookstores (comparable to an Operating Entity) are in charge of the distribution of books. Though the split of the roles in game market does not make too much sense, such approach has been adopted by the NPPA for many years and is widely viewed as a “Chinese feature” in the regulatory landscape.

However, under such model, the NPPA feels its hands are tied when administrating Operating Entities, because an ICP License is granted by the Ministry of Industry and Information Technology. In other words, the NPPA is unable to impose any administrative power through a license or permit that an Operating Entity must have and maintain for its game operation activities. To close this loophole, the Draft Measures require a Publishing Entity must have an IPP with the business scope of online game publishing (“IPP-Publishing”) issued by the NPPA and an Operating Entity must have an IPP with the business scope of online game operation (“IPP-Operating”) issued by the provincial branch of the NPPA. The conditions for obtaining an IPP-Publishing are same as the requirements under a higher-level regulation, including having 8 qualified editors, which remains a high bar that most game companies are unable to satisfy. The conditions for obtaining an IPP-Operating are no stricter than the requirements for an ICP License that most game companies can meet. Thus, if the Draft Measures are finalized in current form, most gaming companies will simply need to go through some formalities to have an IPP-Operating. Apparently the newly introduced IPP-Operating is not meant to make it more difficult for companies to enter the market, but to bring them into the NPPA’s license/permit system so that to closely influence, monitor and rule them in relation to their game operation activities. By the same token, the Draft Measures also require that the change of registered matters, shareholding structure or ultimate controller of an IPP-Publishing/IPP-Operating holder, as well as the merger or split of the company or the setup of a branch should be subject to the NPPA’s approval. Moreover, an IPP-Publishing/IPP-Operating holder should submit annual reports to the NPPA’s provincial branch according to the Draft Measures.

The Draft Measures also emphasize that an IPP-Operating or IPP-Publishing holder must make sure its servers are located in China, which is required by other relevant laws and regulation.

No Harmful Content in Games Published Outside China

The Draft Measures list forbidden content in games, which has no substantial difference from the existing legal requirements and policies. However, the Draft Measures necessitate Chinese gaming companies to comply with those forbidden content in games targeting non-China users, which is quite controversial considering the NPPA should have no direct jurisdictions over those overseas game publishing activities.

Game Launch within 1 Year After Grant of ISBN

The Draft Measures require a game should go live within 1 year after the issuance of the ISBN, otherwise the Publishing Entity and/or the Operating Entity should explain the reasons in writing to the NPPA’s provincial branch, so that to prevent any company from stocking up ISBNs for any potential illegal use.

No Forced PvP

According to the Draft Measures, users can not be forced to play any PvP mode. In fact, such requirement was adopted by the MOCT before, thus most gaming companies are quite familiar with it and already have solutions to make players to “voluntarily” take part in duels. SLG games are most likely be affected by this requirement.

No Circumvention for Beta Test and Ad-only Games

The Draft Measures target to close loopholes for unlicensed games made available to the public in the name of a Beta test or ad-only games. If a company intends to do any technical test for an unlicensed games, then testers involved should be no more than 20,000, and the tester’s account and game record should be deleted, in addition, such test should be reported to the NPPA’s provincial branch in advance.

No Excessive Spend

The Draft Measures forbid rewards that may induce game addiction or excessive spend, such as for daily log-in, first time purchase or consecutive purchases. To hype or auction virtual items in order to offer them at a high price is also prohibited. In addition, game companies are required to put a cap on in-game spend, articulate the spend limitations in their terms of services and remind users not to spend excessively in pop-up windows.

Apparently, these rules are intended to prevent gaming companies from using the most commonly seen incentive mechanisms to enhance users’ engagement and urge to spend, they immediately became the most controversial part in the Draft Measures. Some companies argue such harsh restrictions are unfair and unnecessary, as similar incentives are widely used by other online businesses, and to encourage users to spend more time or money is determined by the nature of all online business. It’s worth noting that these limitations on in-game spend and live operations will likely be applicable to adult users only, since minors are subject to much stricter in-game spend limits and game hour restrictions in China. Such new rules may greatly change most game companies’ monetization model and user engagement practice once they are formally promulgated.

No Payment Services for Unlicensed Games

To curb commercial operation of any unlicensed game and illegal game operations, the Draft Measures disallow online payment solution providers to integrate their payment services in any unlicensed games or offer any payment services for any illegal game operation activities.

Trading of In-game Currency

The Draft Measures prohibit a company that issues in-game currency from setting up or operating any platform to facilitate the trading of the in-game currencies by users. A in-game currency trading platform can only allow users to use real-name digital RMB when purchasing or selling in-game currency.

Minor Protection

Considering China has already put in place the strictest rules in the world to prevent minors from game addiction, the Draft Measures stipulate these measures in greater details. In addition to reiterating the existing requirements, the Draft Measures prohibit minors’ access to loot box mechanisms and minors’ tipping in live streaming of games, which are not mentioned in any regulatory policies before. It is unknown whether game companies will be required to launch minor only version if loot box is used in gameplay.

Administrative Punishments

Though there are quite lengthy provisions on the consequences for violating the Draft Measures, no new administrative punishment is created due to the relatively low level of this piece of legislation. However, the Draft Measures quote and consolidate the administrative punishments under other relevant laws, such as China’s Cybersecrutiy Law and Personal Information Protection Law, which contain quite high administrative fines and make the Draft Measures look much stricter on the legal consequences.

Aftermath

The release of the Draft Measures caused a great deal of concerns and worries about the business of gaming companies that mainly make money from China market, and reportedly led US$80bn in market value being wiped off from China’s two biggest companies, Tencent and NetEase. The NPPA did not seem well-prepared for such a huge wreck in stock markets and immediately made 3 moves to soften its stance: on Dec 22, it announced the approval of 40 foreign game titles during the trading hours, just a few hour after the release of the Draft Measures; on the next day (Saturday), it responded to the market reaction that the Draft Measures are meant to promote the prosperity and healthy development of the industry, and it will carefully study the feedback and try to improve the next draft; on Dec 25 (Monday), it unprecedentedly granted 105 domestic game approvals in early morning with a clear intention to boost confidence in the stock market.

Outlook

As a draft of new legislation seeking public opinions, the Draft Measures still seem relatively rough and premature considering quite some provisions are less logically sound or too vague/general to put into implementation. Given the drastic reaction in the market and the NPPA’s prompt attempt to change its position, it may take some time for the NPPA to address the concerns of various stakeholders and come up with the next or final version of the Draft Measures, which is expected to, on the one hand, demonstrate the regulator’s attitude to encourage more innovative and high quality games, on the other hand, avoid creating the impression that the regulator may try to crack down on game industry.

— Based on Preliminary Analysis of Several Typical Judicial Cases Released by Pudong New Area People’s Court of Shanghai

On November 10, 2023, Pudong New Area People’s Court of Shanghai (“Pudong Court”) released 50 typical cases regarding the judicial protection of intellectual property (“IP”) at a press conference (“Pudong IP Cases”). The typical cases encompass a variety of IP matters, ranging from traditional issues in the fields of copyright law, trademark law and anti-unfair competition to practical matters like IP-related contractual disputes. This preliminary analysis will briefly address issues relating to interim measures particularly injection relief taken by Pudong Court in Pudong IP Cases. 

1. Injunction system under the current PRC law

In general, injunctive relief serves as a remedy that prohibits a party from doing an act or restrains from doing a threatened act, or mandatorily requires a party to do an act. Injunctive relief has existed in China for many years, particularly in the realm of IP rights (“IPR”), although the Civil Procedure Law of the People’s Republic of China (the “Civil Procedure Law”) did not formally endorse it until 2012.[1]

The Civil Procedure Law stipulates the interim measures which includes both the preservation of evidence and property and the injunctive relief. Such interim measures are available both before and after a litigation is initiated. Where an injunctive relief is sought before a litigation is initiated, the court shall make a decision within 48 hours and the decision should be executed immediately after the decision is made.[2] According to the Civil Procedure Law, the application of injunction relief shall be filed under the urgent situation.[3] 

According to the Provisions of the Supreme People’s Court on Several Issues concerning the Application of Law in Reviewing the Injunction Cases involving Intellectual Property Disputes, taking effect on January 1, 2019 (the “IP Injunction Provisions”), several cases are listed as urgent situations like the disputed IP is about to be at an illegal disposal or the IP of a relatively time-sensitive and hot show or program is or about to be infringed.[4] Furthermore, the IP Injunction Provisions provide that the People’s Court shall consider the following factors when reviewing an application for injunction such as (i) whether the failure to enforce an injunction will cause the applicant’s legitimate rights and interests to suffer irreparable injuries or will lead to the difficulty in executing a judicial ruling and (ii) whether the applicant’s injury due to the failure of issuing an injunction will exceed the respondent’s injury as a result of the enforcement of an injunction.[5]

It is commonly known that the subject matters of IPR are intangible assets, which can be easily reproduced regardless of time and space. In terms of infringement, IPRs are even more vulnerable than tangible property rights, which are more likely to result in extremely severe situations and cause irreversible damages. Injunctive reliefs offer several  advantages  for protecting IPR in the judicial process. Specifically, IP litigation normally involves a rich variety of complex legal, commercial or even technical issues, inevitably requiring the engagement of expert determination and demonstration of evidence. As such, the judicial process would usually last longer, and in the meantime, existing and potential damages would easily get increased if no remedial measures like injunctive relief are taken before a trial.

2. Injunctive Relief in Pudong IP Cases

According to the Judicial Protection of Intellectual Property Rights in Chinese Courts (2022) published by the IP Court of the Supreme People’s Court, courts in Beijing, Tianjin, and Shanghai, issued injunctions against acts such as the piracy of the Beijing Winter Olympics and the Qatar World Cup, which in turn improves the market environment for digital culture. 

Pudong Court further released three representative cases in which the injunctive relief was applied so as to timely protect the IPR before the trial. Below is the basic information of each case:

It is noted from the foregoing typical cases that Pudong Court adhered to the IP Injunction Provisions, thoroughly considered various situations of each case, and eventually issued the injunction in a relatively prudent manner. 

What’s more, considering that all of the foregoing cases are related to the emerging industrial sector such as livestream, online game and video aggregation, when determining whether irreparable damages may exist in a certain case, Pudong Court has given much attention to factors like comparative advantages and market shares may be affecting the industrial landscape as a whole. After all, to tackle IP issues in the digital era, a rich and complex understanding in terms of law and regulations, public policy, economy and commerce, technology and even culture is highly required.

Last but not least, one of the hot topics in IP is about balancing the interests of rightsholders and the public, which is continuously discussed both in the academic circle and the legal practice. Based on the analysis of those typical cases, Pudong Court has also proactively taken into account such balance when deciding to issue an injunction.

3. Looking ahead: increasing application of injunctive reliefs to boost the digital culture

It has been widely recognized that IP is of significant importance. Countries need an effective IP system to bolster innovation and creativity, helping to ensure economic prosperity and a vibrant cultural life. Moreover, the rapid development of the digital economy in China has sparked greater efforts to protect IPR through judicial procedure.

On September 22, 2021, China issued a long-term plan for the development of IPR power, stating that the country’s IPR competitiveness will rank among the top in the world by 2035, with a complete IPR system, prosperous growth in IPR-driven innovation and a better social environment for IPR culture. The injunctive relief, like the IP laws and regulations, is actually brought in from the Western legal regime. We have witnessed that Chinese courts focused more on solving IP disputes concerning new technologies and digital industries in recent years as they sought to adhere to the nation’s development strategy and promote innovation. The improved judicial efficiency is a boon for new businesses like the digital industry. The quick resolution of disputes allows market entities to invest in a fresh round of research and development as soon as possible, thus facilitating the creation of more new technologies.

The injunctive relief is designed to offer IP rightsholders effective measures to beef up IPR protection in disputes, specifically under urgent situations. As more and more injunctive reliefs are issued upon parties’ application in the IP litigation, this may further invite more rightsholders to proceed with such measures prior to an IP trial. With injunctive relief functions as a better safeguard in real cases, IP rightsholders could be protected even under extreme and urgent situations. Similar to other IP protection measures, it is believed that the application of injunctive relief would ultimately stimulate the creation and the economy driven by innovation. 

Currently, China is advancing the revision of laws in the fields of resolving disputes evidenced by the newly amended Civil Procedure Law to take effect on January 1, 2024 and the Arbitration Law in the amending and consultation process. As such, it can better solve disputes efficiently, optimize the arrangement of judicial resources, enhance the usage of technical methods in resolving disputes and effectively meet the public’s diverging expectations on resolving judicial cases in a variety of contexts such as fairness, high-efficiency and expediency. With the release of typical cases concerning the issuance of injunction, we may expect more injunctive reliefs would be taken in the future IP litigation. With respect to the arbitration process, however, injunctive reliefs are still in discussion and rarely filed in real cases, which has become an impediment for parties to choose arbitration for purposes of resolving IP disputes. For purposes of better allocating judicial resources, we would anticipate the usage of injunctions in the arbitration so as to resolve IP disputes more effectively and efficiently.

[1] Wenyan Ding, Application and Review of Civil Preservation of Act, People’s Judicature (Application) Issue 34 (2017), available at: http://yyfx.court.gov.cn/news/xq-622.html, (Accessed 26 November 2023)

[2] See article 103 of the Civil Procedure Law of the People’s Republic of China (Amended in 2023).

[3] See article 103 of the Civil Procedure Law of the People’s Republic of China (Amended in 2023).

[4] See article 6 of the Provisions of the Supreme People’s Court on Several Issues concerning the Application of Law in Reviewing the Injunction Cases involving Intellectual Property Disputes.

[5] See article 7 of the Provisions of the Supreme People’s Court on Several Issues concerning the Application of Law in Reviewing the Injunction Cases involving Intellectual Property Disputes.

The enactment of the Personal Information Protection Law (“PIPL”) in 2021 establishes a legal framework regulating foreign and domestic companies alike in collecting personal information (“PI”) in China and its cross-border transfer (or export, using interchangeably below). PIPL has extra-territorial effect. Foreign companies processing Chinese PI remotely from their home countries are subject to PIPL’s scrutiny, necessitating the establishment of an entity in China or the designation of a Chinese representative. This local entity or representative must comply with PIPL requirements and register with the Cyberspace Administration of China (“CAC”).

According to Article 38 of PIPL, companies exporting PI, regardless of that of Chinese or foreign nationals, must fulfil one of the following options:

a) pass a security assessment by CAC;

b) sign a standard contract with the overseas PI recipient and file it, along with PI Protection Impact Assessment, with the provincial level CAC; or

c) obtain certification from an accredited institution.

Under the Measures for Security Assessment of Data Cross-border Transfer, data processors who:

  • transfer important data;
  • are key information infrastructure operators or PI processors handling PI of over 1 million people; or
  • export PI of over 100,000 subjects or Sensitive PI of over 10,000 subjects since January 1st of the previous year

must apply for security assessments (Option (a)). Options (b) and (c) are not available for them.

PIPL empowers CAC to stipulate rules about Options (a)-(c). CAC has since issued the following regulations to set out deadlines for PI processors:

ConditionDeadlineRelevant regulations
Security AssessmentMarch 1, 2023Measures for Security Assessment of Data Cross-border Transfer
Standard ContractDecember 1, 2023Measures for Personal Information Cross-border Transfer Standard Contract
CertificationNo set deadlineImplementation Rules for Personal Information Protection Certification

Facing these deadlines, foreign enterprises in China have largely taken two approaches: proactive preparation for security assessment or standard contract, or awaiting further clarification or guidance from CAC.

On September 28, 2023, CAC issued the Draft Provisions on Regulating and Promoting Cross-border Data Transfers (“Draft Provisions”), providing exemptions under certain conditions. If a PI processor exports PI of fewer than 10,000 subjects, it may be exempted from fulfilling any of the three options. The consultation period of the Draft Provisions ended on October 15.

Once the Draft Provisions become law, this is good news for foreign companies collecting a small amount of PI in China and export it as part of their business operations. For instance, they may export a Chinese employee’s PI to manage global HR, or collect Chinese consumer’s PI to enrich their worldwide membership database. However, the PI amount and its business value, along with the business benefit derived from such PI export, do not justify disproportionate spending on legal compliance. Leveraging the Draft Provisions, they can claim exemptions from filing with CAC.

But as the second deadline of 1 December for filing the standard contract is now overdue and the final version of the Draft Provisions has not yet been released, these foreign companies which have previously taken a wait-and-see approach are now anxious about compliance issues. The first question popping into their head would be:

What is the legal consequence if we fail to file with CAC before the deadlines?

This article aims at answering the question, applicable even when the Draft Provisions become law. Preparing a precise response is challenging, as the laws are new and the deadlines not yet long overdue. Precedents are scant. No penalty has yet been issued for missing the deadlines. Given these restrictions, this article tries to offer insights from both a legal interpretation and practical perspective.

Legal interpretation

Chapter 7 of PIPL, titled “Legal Responsibility”, stipulates consequence for non-compliance by a PI processor.

Legal responsibility under PIPL includes administrative and civil liability. For criminal liability, Article 71 of PIPL defers to the Criminal Law of the People’s Republic of China. Article 286 of the Criminal Law stipulates certain criminal liabilities in extreme cases of non-compliance under the Crime of Refusing to Fulfill Information Network Security Management Obligations.

For administrative liability, Article 66 of PIPL provides directives for different violation levels, ranging from rectification orders and warnings to fines and business shutdowns. Article 67 records violations in the credit rating of the violating entity.

Article 66 (1) of PIPL subdivides violation into three levels, depending on the seriousness of the breach. For the first level, petty violation, CAC can issue the following decisions:

  • Rectification order,
  • Warning,
  • Confiscation of illegal gain, and
  • Order for suspension or termination of service.

If the violator fails to comply with the rectification order, it is subject to the second level liability, which includes:

  • A fine of below RMB 1 million yuan (approx. US$143,000) imposed on the PI processing entity, and
  • A fine of RMB 10,000-100,000 yuan (approx. US$1,430-14,300) for responsible person(s).

For more aggrieved circumstances, the highest-level administrative penalty is stipulated in Article 66 (2), which empowers provincial level CAC to issue the following decisions:

  • Rectification order,
  • Confiscation of illegal gains,
  • A fine of not more than RMB 50 million yuan (approx. US$7.15 million) or less than 5% of the previous year’s turnover,
  • Business suspension,
  • Business shutdown for rectification,
  • Notification to relevant authorities to revoke business license,
  • A fine of RMB 100,000 – 1 million yuan (approx. US$14,300 – US$143,000) for responsible person(s), and
  • Prohibition of that person(s) serving as a director and other responsible position in a company.

Civil liability is briefly mentioned in Articles 69-70 without going into detail about how damages are measured. Article 69 introduces a reversed burden of proof. If a PI processor infringes upon PI rights and causes damage, but cannot prove that it is not at fault, it shall bear the liability for infringement such as compensation for damages.

Article 70 introduces the concept of class action. The People’s Procuratorate, consumer organizations and organizations determined by CAC may file a lawsuit with the People’s Court on behalf of a group of affected individuals.

In practice

Without precedent cases for reference, foreign companies may find it challenging to gauge the actual risk level for not meeting the deadlines. The risk level would definitely increase over time.

CAC is aware of business justifications for foreign companies to export certain PI back to their headquarters in home countries. In practice, there is no technical means to detect all PI export activities in China and penalize all violators in one go. Unavoidably, CAC may focus enforcement actions on cases which possess higher risk to the Chinese PI subjects, society and national security as a whole.

Depending on certain factors, foreign enterprises may experience different challenges in conducting their compliance activities in China. Companies may consider the following non-exclusive list of factors in their risk assessment and preparing an appropriate level of compliance activities that they find fitting:

FactorCommentary
PI SensitivityPIPL affords a stronger protection to Sensitive PI, as defined by the law and National Standard. Priority should be given to PI considered particularly sensitive in the Chinese context, for example biometric data, credit ratings, medical records, PI of minors and financial data. A foreign company exporting a substantial amount of Sensitive PI, should plan ahead in their compliance activities.  
Industry sectorsCAC may consider certain business sectors as strategic, under which any PI collected and exported would likely invite more scrutiny from the authority. While not explicitly stated in the law, foreign PI processors in areas such as finance, education, medical, telecom, transportation, energy, and advanced technology (e.g. AI, electric vehicle, microchips, robotic, life science) are advised to pay more attention to PI compliance issue.  
Scale of PI exportDestination – Chinese PI being exported to a country lacking legal and technical protection for PI would certainly raise eyebrows at the Chinese authority. Even if the recipient country has a sophisticated legal framework on PI protection, inconsistencies with PIPL or discriminatory measures against Chinese PI may prompt CAC intervention.   PI Amount – The higher the amount of PI export, the riskier the exporter is for being accused of non-compliance.   PI Scope – To calculate whether the amount of PI export has reached a certain threshold, all PI belonging to the same PI individual would be considered as one count only. A foreign company exporting a smaller amount of PI may not reach the threshold of a security assessment. However, if it exports a large scope of PI for the same person that goes beyond usual items like name, sex, date of birth, telephone number, etc., its risk level may increase.   Duration – PIPL requires PI processors to delete PI upon completion of the stated processing purpose. If a piece of PI stays overseas for too long without a proper retention and deletion process, CAC may challenge the entire PI export activity.
Location of foreign companies in China  Exporting PI from a major Chinese city (Beijing, Shanghai, Shenzhen, etc.) is a double-edged sword. On one hand, that invites scrutiny from a more proactive provincial CAC bureau that is eager to enforce PIPL. These local bureaus are, however, also more experience in resolving PI exporting issues faced by a foreign company and more ready to provide guidance. Foreign companies setting up a branch office in China are advised to stay closely in touch with their local CAC.
Origin of foreign companies  A foreign investor from a more PI law-advanced country may be more reputed in its PI export activities. But if China’s relationship with this country turns sour, any activity of this investor would be in the limelight.
Other factorsOther dynamic factors such as government attitude, public and media opinion, and PI leakage incidents, may change from time to time but are crucial for foreign companies to measure their risk level in Chinese PI compliance.

Conclusion

While the factors above affect the likelihood of CAC’s accusations, violation occurrence remains a fact. A time bomb is ticking. It is advised for even low-risk foreign companies to engage third-party assessors for PI export compliance activities. These activities may include:

  • PI Protection Impact Assessment: even if they are not prepared to file an application with CAC, organizations are required under Article 55 of PIPL to conduct an impact assessment for any cross-border PI transfer.
  • Consent Management: Organizations must obtain explicit consent from individuals before transferring their PI across borders. The consent process should be transparent, and individuals should be informed about the purpose, scope, and destination of the PI transfer.
  • Data Localization: PIPL emphasizes PI localization requirements, meaning that certain types of PI must be stored within the borders of mainland China. Organizations should assess the types of PI they are collecting and ensure compliance with localization requirements.
  • Security Measures: Implementing appropriate security measures to protect PI during its export is crucial. This includes encryption, access controls, and other safeguards to prevent unauthorized access, disclosure, alteration, and destruction of PI
  • Contractual Obligations: Organizations engaging in PI export should establish clear contractual agreements with overseas PI recipients, outlining the responsibilities and obligations of each party in ensuring the protection and lawful use of the transferred PI.
  • Notification and Transparency: Individuals should be informed about the cross-border transfer of their PI, and organizations should be transparent about their PI processing practices. Notification may be required before or after the transfer.
  • Recordkeeping: Maintaining records of cross-border PI transfers is essential for compliance. Organizations should be able to demonstrate to regulatory authorities that they are handling PI in accordance with the law.
  • PI Subject Rights: Ensure that individuals have the right to access, correct, and delete their PI even when it is transferred across borders. Organizations should establish mechanisms for individuals to exercise their PI subject rights.
  • Compliance Audits: Regularly conduct internal audits to assess compliance with PIPL and related regulations. Audits can help identify areas for improvement and ensure that the organization’s practices align with legal requirements.

Businesses operating in China or dealing with Chinese citizens’ PI should stay informed about the latest regulations and non-legal updates, such as PI news in China and China’s diplomatic relationship with other countries. The regulatory and other PI landscape can evolve, and companies should regularly review their PI protection policies and practices to align with the current circumstances.

For the most up-to-date and accurate information, it is recommended to consult CAC directly or other legal professionals in China.

Guiding Cases 199-201 Issued by the PRC Supreme People’s Court – Further Steps Toward a Pro-Arbitration Regime

On December 30, 2022, the Supreme People’s Court of the People’s Republic of China (“SPC”) released its 36th batch of six guiding cases, all of which relate to the judicial review of arbitration awards. Our previous article focused on the first three guiding cases (Guiding Cases 196, 197, and 198) which addressed several critical issues related to arbitration agreements. This article elaborates on the context and pivotal holdings of the three remaining cases—Guiding Case 199, 200 and 201.

Guiding Case 199: Public Interest Related to Cryptocurrency

Guiding Case 199 (Gao Zheyu v. Shenzhen YunSilk Road Innovation Development Co. Ltd and Li Bin) – recognized[1] as the first Chinese case concerning setting aside of an arbitral award involving bitcoins – is one of the rare cases in recent years where Chinese courts have invoked the concept of “public interest” to annul an award.

China’s strict regulatory stance towards cryptocurrency stands in contrast to the broader recognition of cryptocurrency in a few neighboring jurisdictions (e.g., Hong Kong[2] and Singapore [3] ). Back in 2017, seven Chinese authorities (including the People’s Bank of China and the China Securities Regulatory Commission) jointly issued the Announcement on Preventing the Financing Risks on Initial Coin Offerings[4]. Article 3 of the Announcement strictly prohibits any financial institution operating in China from offering cryptocurrency-related services, including pricing, intermediation or engaging in the buying or selling of cryptocurrency.

The arbitral award, which was set aside by the court, mandated that the respondent compensate the claimant a certain amount of Chinese Yuan equivalent to the bitcoins owed by the respondent to the claimant. In determining the value of the bitcoins, the tribunal referred to the bitcoin price provided on the Okcoin[5] website. This award, which sparked intense debate, was eventually set aside by the Shenzhen Intermediate People’s Court on the ground that it, in effect, facilitated the exchange between the bitcoin and fiat currency, resulting in the violation of the stability and integrity of the Chinese financial market and public interest.

This guiding case, without doubt, conveys a clear message of Chinese courts’ stance on implementing stringent supervision over cryptocurrencies. However, taking a step back, if the award merely required the respondent to compensate the claimant with a certain number of bitcoins or allowed the value of the bitcoins to be determined through parties’ negotiation instead of by reference to the price from a third-party website, would such award be enforceable? In the authors’ view, that remains an open question. As a case in point, in Sun Dingshang v. Xie Zuozheng[6], the court confirmed the validity of directly returning the bitcoins; and in a case shared by the Shanghai High Court[7], the plaintiff, through negotiations between the parties, waived the request for the defendant to return one bitcoin and instead agreed to receive a certain amount of Chinese Yuan as compensation.

Thus, while the guiding case is consistent with China’s regulatory bottom line for cryptocurrency-related issues, the extent to which courts will tolerate similar arbitral awards remains to be elucidated through future cases.

Guiding Case 200: Proactive Attitude in Harmonizing Expedited Arbitration and Ad Hoc Arbitration

Guiding case 200 (SvenskHonungsfora–dlingAB v. Nanjing Changli Bees Product Co. Ltd) reflects Chinese court’s consistent pro-enforcement stance towards foreign arbitration awards adjudicated in the way of ad hoc arbitrations.

As a general matter, ad hoc arbitrations are not recognized under the PRC Arbitration Law, which requires that an effective arbitration clause must designate a specific arbitration commission. The key issue before the Nanjing Intermediate People’s Court was whether, notwithstanding this provision, a foreign ad hoc arbitration initiated by the parties was in conformity with the parties’ dispute resolution clause that “in case of disputes governed by Swedish law and that disputes should be settled by Expedited Arbitration in Sweden.” The court found that ad hoc arbitration and expedited arbitration share the features of efficiency, convenience and economy, and are both focused on simplifying arbitration procedures, shortening arbitration time and reducing arbitration costs. Based on the above reasons, the court held that the term of expedited arbitration in the dispute resolution clause does not exclude resorting to ad hoc arbitration to solve the parties’ dispute.

It is noteworthy to consider, alongside Guiding Case 200, the development of ad hoc arbitration in China. Early in 2016, the SPC has officially opened the door for companies registered in free trade zones (“FTZs”) to submit their disputes to ad hoc arbitrations.[8] However, it was not until 30 June 2023 that the first ad hoc arbitration award in China was adjudicated based on the ad hoc arbitration rules of China Maritime Law Association[9], with the institutional assistance of the China Maritime Arbitration Commission. Another significant milestone in the development of ad hoc arbitration in China was the release of the Notice Regarding Requesting Public Comments on the Bills to Revise the Arbitration Law (Exposure Draft)[10] in 2021. According to Article 91 of the Exposure Draft, parties are entitled to refer foreign-related commercial disputes to an ad hoc arbitral tribunal. Whilst not applicable to domestic cases and confined to commercial disputes, this proposed change is a step forward for China to further align with the international arbitration practice.

In sum, the pro-enforcement attitude towards foreign awards issued in ad hoc arbitrations, positive attempts of applying ad hoc arbitrations in FTZs, and the latest amendments in the Exposure Draft all signify China’s readiness to take steady steps to modify its arbitration laws and regime to align with international practice. Whether ad hoc arbitration, as a relatively new concept in China, can effectively serve its function and flourish in China remains to be observed.

Guiding Case 201: Clarifying the Concept of “Sports Arbitration”

in China

Guiding Case 201 arose out of a Professional Coach Contract signed between a Serbian coach and a Chinese football club. The Chinese football club was required to pay the outstanding wages to the coach pursuant to an award rendered by FIFA Players’ Status Committee (“FPSC”)—an internal dispute resolution body in the football field. Due to respondent’s non-fulfillment of the award, claimant brought this award to Chinese local court for enforcement based on the New York Convention.

During the trial, the Shanghai First Intermediate People’s Court was faced with two major issues—(1) whether the award rendered by FPSC counts as an arbitral award under New York Convention; and (2) whether the arbitration clause—“In the case of disputes over which FIFA does not have jurisdiction, the parties shall submit such disputes to the CAS”—excludes the court’s jurisdiction over the current case.

Regarding the first issue, the court held that because FPSC is a self-governing internal dispute resolution body with the enforcement of the award primarily relying on the self-governing mechanism within the football industry—instead of an independent arbitral institution—the award does not possess binding force. Moreover, the award issued by FPSC is not final because such award does not preclude the parties from seeking recourse to the local court or CAS. In light of the above reasons, the court ruled that the award rendered by FPSC does not fall within the definition of an “arbitral award” under the New York Convention. From the court’s reasoning, it can be observed that Chinese courts typically place significant weight on the criteria of “Independence,” “Binding Force,” and “Finality” when interpreting the term “arbitral award” in the context of the New York Convention.

Regarding the effect of the arbitration clause in the contract, the court took a two-step approach. After confirming the validity of the arbitration clause, the court elaborated that as the pre-condition of initiating CAS arbitration was not satisfied, i.e., because FIFA had exercised its jurisdiction over the dispute, the clause was rendered unenforceable. Based on this, the court ruled that an unenforceable arbitration clause could not exclude the court’s jurisdiction.

An interesting hypothetical question arising from this case is whether, in the event that the dispute is submitted to CAS and an award is rendered by a CAS tribunal, such award would be recognized as an “arbitral award” under the New York Convention. Given that CAS, as a sports arbitral institution, deals with a wide range of disputes covering not only commercial issues but also areas like sponsorship and doping, the authors’ opinion is that Chinese court’s stance regarding CAS awards would remain ambiguous. And this ambiguity is further compounded by China’s declaration of “Commercial Reservation” when ratifying the New York Convention.

Concluding Thoughts

The 36th batch of six guiding cases clarifies multiple significant issues concerning both domestic and international arbitration in China. At the same time, considering the ongoing substantial revision of the PRC Arbitration Law, there is much anticipation for the future arbitration practice within this regime.

Note: 

[1] https://www.bjac.org.cn/news/view?id=4068

[2] For example, in the landmark decision of Re Gatecoin Limited (In Liquidation) [2023] HKCFI 914 issued this year, the Court of First Instance of Hong Kong, for the first time. held that cryptocurrency constitutes property under Hong Kong Law.

[3] For example, under the Payment Services Act 2019 of Singapore, cryptocurrencies are considered digital payment tokens regulated by the Monetary Authority of Singapore. The Monetary Authority of Singapore states that the Payment Services Act 2019 “provides for regulatory certainty and consumer safeguards, while encouraging innovation and growth of payment services and FinTech.”

[4] https://www.gov.cn/xinwen/2017-09/04/content_5222657.htm

[5] https://www.okcoin.com/

[6] https://law.wkinfo.com.cn/judgment-documents/detail/MjAzMTUxMTE2Njk%3D?searchId=68d9479f8ebe47cbaad22af67cccffe8&index=1&q=%EF%BC%882020%EF%BC%89%E6%B5%9903%E6%B0%91%E7%BB%88347%E5%8F%B7&module=&summary=%E6%B5%99%E6%B1%9F%E7%9C%81%E6%B8%A9%E5%B7%9E%E5%B8%258

[7] https://mp.weixin.qq.com/s/4KH68E0MVhxjgyeWgJAHOA

[8] https://cicc.court.gov.cn/html/1/218/62/409/410.html

[9] https://cmac.org.cn/data/upload/image/20220318/1647588189657054.pdf

[10] http://www.moj.gov.cn/pub/sfbgw/lfyjzj/lflfyjzj/202107/t20210730_432967.html

The Basic Requirements for the Security of Generative Artificial Intelligence Services

Recently, the National Information Security Standardization Technical Committee (“TC260“) issued the Basic Requirements for Security of Generative Artificial Intelligence Services (Draft for Soliciting Opinions) (“Draft Requirements“).[1]This is China’s first national standard that specifically puts forward specific security requirements for generative artificial intelligence (“GAI“), and also assists the implementation of the Interim Measures for the Management of Generative Artificial Intelligence Services (“GAI Measures“) in practice.

The Draft Requirements provide basic guidance on the security issues facing GAI services regarding training data security, model security, security measures, security evaluation, filing applications, security assessments, and other matters, which we explore in more detail below based on China’s existing artificial intelligence governance framework, judicial practice in related fields, and our practical experience.

Outline of the Existing Legal Framework

China has not promulgated a dedicated artificial intelligence (“AI“) law. Applicable rules governing AI-related fields are spread across a patchwork of laws (such as the Personal Information Protection Law (“PIPL“), the Data Security Law and the Cybersecurity Law (“CSL“)), regulations, policies, and standards, coming from different legislative bodies at different levels of the government.

The National Cyberspace Administration (“CAC“) and other departments have issued the following 3 overlapping administrative regulations to implement laws and regulate AI:

  • Administrative Provisions on Algorithmic Recommendation in Internet-Based Information Services 2021
  • Administrative Provisions on Deep Synthesis in Internet-Based Information Services 2022
  • Interim Measures for the Management of Generative Artificial Intelligence Services 2023

In addition, other regulations in different fields are deeply influencing the regulation of China’s AI industry, such as:

  • Opinions on Strengthening the Governance of Scientific and Technological Ethics
  • Measures for the Review of Science and Technology Ethics
  • Provisions on the Security Assessment for Internet-based Information Services Capable of Creating Public Opinions or Social Mobilisation.

Scope of the Draft Requirements

The Draft Requirements outline the basic security requirements for GAI services and cover aspects such as data sources (语料安全), model security (模型安全), security measures (安全措施), security assessments (安全评估), and more.

It applies to organisations and individuals providing GAI services to the public within China, and its purpose is to enhance the security level of these services.

The Draft Requirements allow for self-assessments by GAI service providers or assessments conducted by third parties. It can also serve as a reference for relevant regulatory authorities to evaluate the security of GAI services.

Normative References

The Draft Requirements reference the following standards:

  • GB/T35273 Information Security Technology Personal Information Security Specification: This standard was released earlier than the PIPL. It puts forward detailed requirements for the principles of personal information processing and full life cycle processing activities. It is an important reference for regulatory authorities when enforcing the law. While some of its requirements are inconsistent with PIPL, it remains an important reference source.
  • The CSL: The CSL can be considered one of the cornerstones of the Chinese legal framework regulating online activities, including providing GAI services. The security requirements of the Draft Requirements generally align with those in the CSL.
  • Provisions on Ecological Governance of Network Information Content 2019 (“Content Provisions“): The Content Provisions regulate online content in China. The prohibitions in Appendix A of the Draft Requirements generally align with those in the Content Provisions and, in some cases, provide more detail and specification. However, the list of prohibitions in Appendix A does not fully replicate that found in the Content Provisions.
  • TC260-PG-20233A Cybersecurity Standard Practice Guide – Generative Artificial Intelligence Service Content Identification Methodology: This contains content labelling guidelines.
  • Interim Measures for the Administration of Generative Artificial Intelligence Services 2023: The Interim Measures are regulations that directly govern GAI services. The Draft Requirements and the previously released TC260-PG-20233A are supporting documents for the GAI Measures, which provide more specific and practical requirements. The correspondence between the three is as follows:
Category

Basic Security RequirementsRelevant Laws & Regulations
Training Data SecuritySource SecurityArticle 7 (1) of GAI Measures
Content SecurityArticles 4 & 7 of GAI Measures
Label SecurityArticle 8 of GAI Measures
Model SecurityModel Source ComplianceArticle 7 (1) of GAI Measures
Generate Content SecurityArticle 14  of GAI Measures
Transparency, accuracy, and reliabilityArticle 4 (5) & 10  of GAI Measures
Security MeasuresSpecial population protectionArticle 10  of GAI Measures
Personal Information ProtectionArticle 9 of GAI Measures
Input Information ProtectionArticle 11 of GAI Measures
Content identificationTC260-PG-20233A
User complaint reporting channelsArticle 15 of GAI Measures

Terms and Definitions

The Draft Requirements provide several key terms and definitions that are essential to understanding their content:

  • Generative Artificial Intelligence Service: This is defined as “Artificial intelligence services based on data, algorithms, models, and rules that are capable of generating text, images, audio, video, and other content based on user prompts.” It would perhaps be more helpful to readers if AI were also defined within the Draft Requirements. A more general definition for AI systems can be found in GB/T 41867-2022, Information Technology – Artificial Intelligence – Terminology, which defines AI systems as “a class of engineering systems that are designed with specific goals defined by humans, generating outputs such as content, predictions, recommendations, or decisions…” We suspect that several technologies could fall within the scope of this definition that people would not normally consider AI, such as pocket calculators.
  • Provider: A provider is defined as “Organisations or individuals that provide generative artificial intelligence services to the public in China in the form of interactive interfaces, programmable interfaces, etc.” This definition restricts providers to those providing GAI services to the public in China while leaving the form of services open.
  • Training Data: This is defined as all “data directly used as input for model training, including input data during pre-training and optimisation training.”
  • Illegal and Unhealthy Information: This is a collective term for following 11 types of illegal information and 9 types of undesirable information noted in Content Provisions:
  •  
Illegal InformationUndesirable Information
Content opposing the basic principles established by the Constitution.Content using exaggerated titles, with serious inconsistency between content and title.
Content endangering national security, disclosing state secrets, subverting state power or undermining national unity.Hyped gossip, scandals, misdeeds, etc.
Content harming the honour or interests of the State.Improper comment on natural disasters, major accidents and other disasters.
Content distorting, vilifying, desecrating or denying the deeds and spirit of heroic martyrs, or infringing upon their names, portraits, reputation or honour by insulting them, slandering them or other means.Content making sexual suggestions, sexual provocations, etc., which is prone to cause association with sex.
Content propagating terrorism or extremism or inciting the implementation of terrorist or extremist activities.Content showing blood, horror, cruelty, etc., which causes physical and mental discomfort.
Content inciting national hatred or discrimination or undermining national unity.Content inciting mass discrimination, regional discrimination, etc.
Content undermining the State’s religious policies or propagating heresy or feudal superstition.Propagation of vulgar, obscene, and kitsch content.
Content spreading rumours or disturbing the economic and social order.Content that is likely to cause minors to imitate unsafe behaviour, violate social morality or induce minors to form bad habits, etc.
Content spreading obscenity, pornography, gambling, violence, murder or terror, or abetting crimes.Other content that has adverse effects on the network ecology.
Content insulting or slandering others, infringing upon others’ reputation, privacy or other legitimate rights and interests. 
Other content prohibited by laws and administrative regulations. 

It can sometimes be difficult to delineate the boundaries of illegal and undesirable information precisely. This could make some GAI service providers overly cautious or relaxed when categorising information.

  • Sampling Qualified Rate: In the context of security assessments, the proportion of a sample that does not include any of the 31 security risks listed in Appendix A of the Draft Requirements. It is perhaps more helpful to express it as follows:

× 100

General

The Draft Requirements not only specify specific requirements for GAI services in terms of training data security, model security, security measures, and the like. They also provide additional specifications and details on the procedures and content of security assessments for GAI services. According to Article 17 of the GAI Measures, those who provide GAI services with attributes of public opinion or social mobilisation shall conduct a security assessment in accordance with relevant national regulations and fulfil algorithm filing procedures. On 31 August 2023, 11 major model service providers became the first batch of enterprises to pass the GAI service filing. [1]

The Draft Requirements explicitly state that GAI service providers should conduct a security assessment before submitting a filing application to begin providing services with the relevant regulatory authorities, and they should submit their internal assessment results and supporting materials at the time of filing. Service providers can conduct security assessments themselves or entrust third parties for the assessment. The content of the security assessment should cover all the provisions of the Draft Requirements, and each provision should form a separate assessment conclusion, which, along with relevant evidence and supporting materials, forms the final assessment report.

In recent years, assessments conducted by companies themselves or by third-party service providers have gradually become an important compliance obligation in various fields, such as the risk assessment required when handling important data by automotive data processors or the ethical assessment required for technology activities. This current legal framework sometimes also stipulates that security assessments are a prerequisite for filing, such as personal information protection impact assessment reports, which must be submitted when filing the standard contract issued by the CAC for personal information outflows.

It is worth noting that although companies themselves conduct these assessments, regulatory authorities may provide feedback or request modifications to the assessment report. Therefore, we recommend that companies communicate with relevant departments before conducting a security assessment for GAI services or when complications arise during such an assessment to ensure that the assessment meets both the form and substance of regulatory requirements.

Training Data Security Requirements

As discussed above, in the Draft Requirements, the term training data (“语料”) refers to all data directly used as input for model training, including data used in pre-training and fine-tuning processes. While the Draft Requirements appear to be introducing a new concept, from its definition and the English translation provided in the draft (“Training Data”), it appears that “语料” in the Draft Requirements and “训练数据” in the GAI Measures should both refer to training data. Therefore, the necessity of creating a new concept in the Draft Requirements in this context is subject to debate.

When using training data to train artificial intelligence, service providers should avoid using illegal or harmful information and refrain from infringing upon the legitimate rights and interests of third parties, including but not limited to data rights, intellectual property rights, and personal information rights.

For example, in the past, PenShen ZuoWen publicly accused its partner Xue Er Si of unlawfully scraping data from servers without consent and using that data for training an upcoming large AI model.[1] Similarly, in foreign countries, companies like OpenAI, Google, and Stability AI Inc. have faced lawsuits for using training data suspected of copyright infringement. [2]

Keywords

Keywords are referred to in Sections 5.2 and 8.2 of the Draft Requirements. Section 9.1 of the Draft Requirements specifies what a comprehensive keyword library should contain. Keywords should generally not exceed 10 Chinese characters or 5 words in any other language. The library needs to be extensive, containing no fewer than 10,000 keywords. Furthermore, to ensure inclusivity, the library must include at least 17 types of security risks, as listed in Appendices A.1 and A.2. Each of the security risks in Appendix A.1 should have no fewer than 200 associated keywords, while those in Appendix A.2 should have no fewer than 100.

Data Rights Protection

The Draft Requirements stipulate that service providers must refrain from using data with conflicting rights or unclear origins. They must also possess proof of the legality of the data source, such as authorised agreements, transaction contracts, or legally binding documents.

In addition to the requirements listed in the Draft Requirements, service providers must also comply with other legal regulations regarding data rights. Data rights can be protected in China through the Anti-Unfair Competition Law and its implementing regulations. While no direct legal provisions exist, a mature set of rules have evolved through judicial rulings. For example, the Chinese courts have determined the scope of lawful use by assessing whether using web scraping technology “violates the principles of honesty and commercial ethics.” The following behaviours may violate business ethics and principles of honesty and credit:

  • Violating a target website’s Robots.txt file and user agreements;
  • Excessively or inappropriately using the scraped data;
  • Failing to protect consumer rights adequately;
  • Obstructing or disrupting the normal operation of other legitimate online products or services operators provide.

Intellectual Property Protection

The Draft Requirements mandate that service providers establish an intellectual property management strategy and designate an intellectual property manager for the corpus and generated content. Before using the corpus for training, individuals responsible for intellectual property matters should identify cases of intellectual property infringement within the corpus, including but not limited to copyright, trademark, patent, and trade secret infringements.

Additionally, service providers should take measures to enhance the transparency of intellectual property protection for GAI services:

  1. Establish channels for complaints and reports related to intellectual property issues and allow third parties to inquire about the usage of the corpus and associated intellectual property situations.
  2. Disclose summary information about the intellectual property aspects within the training corpus.

Protection of Personal Information Rights

There should be an appropriate legal basis when using data containing personal information. Article 13 of the PIPL stipulates seven legal bases, including consent, necessity for contract performance, and statutory obligations. However, in practice, most GAI services still rely on the consent of data subjects to meet the legal requirements for personal information processing.

In Section 5.2(c) of the Draft Requirements, service providers are specifically required to obtain written authorisation and consent from the corresponding data subjects when using data containing biometric information such as facial features. Written consent is a more stringent form of consent. In situations where laws and regulations require the written consent of individuals, personal information processors must express what is being consented to in a tangible form, such as paper or digital documents, and obtain the individual’s consent through active signing, sealing, or other forms.

According to the upcoming national standard, Information Security Technology – Guidelines for Notification and Consent in Personal Information Processing, which takes effect in December 2023, written consent must be explicitly expressed in text and cannot be obtained through methods like clicks to confirm, click to agree, upload submission, login use, or photography.

Currently, Chinese law does not require personal information processors to obtain written consent for processing biometric information like facial features. Article 14 of the PIPL clearly states that only laws and administrative regulations can establish provisions for written consent. Therefore, the specific requirements in Draft Requirements Section 5.2(c) do not have a clear legal basis.

Model Security Requirements

As AI continues to evolve and play an increasingly integral role in our lives, the need for model safety and reliability has become paramount. As such, the Draft Requirements contain a section dedicated to content security, transparency, accuracy, and reliability.

Content Security

A fundamental concern in AI development is generating safe and reliable content. The Draft Requirements address this issue with several crucial points:

  • Use of Registered Base Models: AI service providers are instructed not to use base models not registered with the relevant regulatory authorities.
  • Content Safety Throughout the Development Process: Content needs to be considered throughout an AI model’s lifecycle. During the training process, it is essential to evaluate content safety as a primary indicator of model quality. The goal is to ensure that the model generates safe and appropriate content. We believe that Regulators would consider a model with a high Sampling Qualified Rate to be comparatively safer.
  • Real-time Content Safety Checks: AI models should incorporate real-time security checks during user interactions. Any security issues identified during service provision or regular monitoring should prompt targeted adjustments, including fine-tuning and reinforcement through methods like machine learning.
  • Defining Model-Generated Content: Model-generated content refers to the unprocessed, direct output of the AI model. It is essential to clarify this definition to ensure consistent understanding and adherence to content security standards.

Transparency

Transparency is key to model security, providing users with information about the service and its functioning. The Draft Requirements emphasise transparency through various stipulations:

  • Public Disclosure on Websites: AI services provided through interactive interfaces, such as websites, should prominently display information about the service’s intended audience, use cases, and third-party base model usage. This transparency helps users make informed decisions regarding service usage.
  • Limitations and Technical Information: Interactive GAI services must also clarify their limitations and provide an overview of the model’s architecture, training framework, and other essential technical details that aid users in understanding how the service operates. This may not be easy for some organisations as they may not fully understand how their model(s) operate internally due to the Black Box Effect. As such, some organisations may only be able to achieve compliance on a relatively shallow basis.
  • Documentation for API Services: For services provided through programmable interfaces, essential information should be made available in documentation accessible to users.

Content Accuracy and Reliability

Content accuracy and reliability are critical to ensuring AI services provide meaningful and dependable responses. The Draft Requirements focus on these aspects with the following expectations:

  • Accurate Content Generation: AI models should generate content that accurately aligns with the user’s input intent. The content should also adhere to scientific knowledge and mainstream understanding and be free from errors or misleading information. Achieving alignment with a user’s input intent might be a challenge in many instances because of technical and linguistic limitations.
  • Effective and Reliable Responses: AI services should provide logically structured responses, contain highly valid content, and be genuinely helpful to users in addressing their queries or concerns.

Security Measures Requirements

The Draft Requirements contain seven essential security measures that AI service providers should follow to promote safety, transparency, and regulatory compliance. We discuss these requirements below.

  • Justification: Providers should thoroughly demonstrate the necessity, suitability, and safety of using GAI across various fields within their service scope. In cases where AI services are deployed in crucial contexts like critical information infrastructure, automatic control, medical information services, or psychological counselling, providers should implement protection measures appropriate to the level of risk involved.
  • Protecting Minors: When AI services cater to minors, several safeguards are required: allowing guardians to set anti-addiction measures for minors, protected with passwords; imposing limits on daily interactions and duration for minors, and requiring a management password if exceeded; requiring the consent of a guardian before content can be consumed; and filtering out content that is not suitable for minors, ensuring the display of content that promotes physical and mental well-being.
  • Personal Information Handling: The Draft Requirements stipulate that AI providers must handle personal information following China’s personal information protection requirements and explicitly references “existing national standards, such as GB/T 35273, etc.” As discussed above, while GB/T 35273 is highly regarded, it predates the PIPL and does not perfectly align with it.
  • User Data Usage for Training: Prior consent should be obtained from users for using their input for training purposes. Users should have the option to disable the use of their inputs for training. Accessing privacy options from the main interface should be user-friendly, requiring no more than four clicks. Users must be clearly informed about data collection and the method for opting out.
  • Content Labelling: Content labelling must conform to guidelines established in TC260-PG-20233A, Cybersecurity Standard Practice Guidelines – Generative Artificial Intelligence Service Content Identification Methodology. This includes clearly identifying display areas, textual prompts, hidden watermarks, metadata, and specific service scenarios. We note the watermarking technologies are relatively immature at present.
  • Complaint Reporting Mechanism: GAI service providers must establish channels for receiving complaints and reports from the public and users. This can include telephone, email, interactive windows, SMS, and more. Clear rules and defined timeframes for resolving complaints and reports should be in place.
  • Content Quality Assurance: For user queries, AI services must decline to respond to obviously radical or illegal content. Supervisors should be designated to enhance content quality in alignment with national policies and third-party feedback, with the number of supervisors reflecting the service’s scale.
  • Model Updates and Upgrades: Providers should develop a robust security management strategy for model updates and upgrades. After significant updates, a security assessment should be conducted, and models should be re-filed with the relevant authorities as required.

Security Assessment Requirements

Providers are expected to conduct comprehensive security assessments, including corpus safety, generated content safety, and question rejection, with specific criteria for each aspect to ensure responsible and safe deployment of generative AI services.

Comprehensive Security Assessments for Responsible AI Deployment

Providers should conduct security assessments either before service deployment or during significant updates and have the option to choose internal or third-party evaluators. Each clause within the Draft Requirements should be assessed to produce a distinct assessment result of either “compliant,” “non-compliant,” or “not applicable.” Assessment results should be supported with evidence. In cases where format constraints prevent certain outcomes from being included, they can be appended to the report. Self-assessments require signatures from at least three key figures, such as the legal representative, the security assessment lead, and the legality assessment lead.

Assessing Corpus Safety

Evaluating corpus safety entails a very granular review. At least 4,000 randomly selected training data items must be inspected manually, demonstrating a Sampling Qualified Rate of 96% or higher. Additionally, keyword and classification model inspections necessitate random sampling of no less than 10% of the training data, achieving a Sampling Qualified Rate of 98% or higher. The keyword library and classification model should comply with the specifications outlined in Section 9.

Evaluating Generated Content Safety

To assess generated content safety, a random sample of at least 1,000 test questions should maintain an acceptance rate of 90% or higher. The same criteria apply to keyword and classification model inspections, involving random sampling of at least 1,000 test questions with an acceptance rate of 90% or higher.

Test questions should come from a comprehensive content testing question bank designed to evaluate AI-generated content’s adherence to security standards. It should comprise no fewer than 2,000 questions. The question bank must comprehensively cover all 31 security risks in Appendix A. Each risk in Appendices A.1 and A.2 should be represented by no fewer than 50 questions, while other security risks should have at least 20 questions each. Based on the content testing question bank, standard operating procedures should be established to identify all 31 security risks.

Assessing Question Rejection

A rejection question bank should be established to prevent AI models from providing harmful or inappropriate responses. This question bank should contain no fewer than 500 questions and be representative, covering the 17 security risks in Appendices A.1 and A.2, with each risk having no fewer than 20 associated questions. In contrast, a non-rejection question bank should also be created with no fewer than 500 questions. These questions should represent various aspects of Chinese culture, beliefs, personal attributes, and more, ensuring that AI models provide suitable responses for various contexts and user profiles.

During a security assessment, at least 300 test questions from the rejection bank should exhibit a rejection rate of 95% or higher. In the case of non-rejection, no more than 5% of test questions from the non-rejection bank should be rejected.

Conclusion

This article outlines the basic security requirements for GAI services under the Draft Requirements. These requirements encompass language data security, model security, security measures, and security assessments. They apply to GAI service providers aimed at the public in China.

Overall, the Draft Requirements seek to strike a balance between harnessing the potential of GAI and ensuring that it operates safely and effectively, with due consideration to the diverse needs and contexts of users and the broader Chinese public.

When the Draft Requirements are finalised, they will help GAI service providers maintain a higher level of legal compliance, safety, and reliability. Given that GAI services are a relatively new phenomenon, this is a positive development for service providers because it clarifies what is generally expected of them. Additionally, the Draft Requirements may serve as a useful reference for the Courts and relevant regulatory authorities in assessing the security of GAI services and other related matters.


[1] News report: https://m.thepaper.cn/newsDetail_forward_24432246

[2] See Case 3:23-cv-03440-LB; Case 3:23-cv-03199; Case 1:23-cv-00135-UNA; Case 3:23-cv-00201.


[1]The Draft Requirements can be accessed in full at: https://www.tc260.org.cn/front/postDetail.html?id=20231011143225

[2]News report: https://m.thepaper.cn/newsDetail_forward_24432246.

[3] News report: https://m.thepaper.cn/newsDetail_forward_24432246

[4] See Case 3:23-cv-03440-LB; Case 3:23-cv-03199; Case 1:23-cv-00135-UNA; Case 3:23-cv-00201.