Due to the COVID-19 epidemic, many observers are predicting an increase in claims relating to insolvency proceedings. Against the backdrop of the increasing prevalence of arbitration clauses and agreements governing commercial disputes, in 2021 courts are likely to face a growing number of claims at the intersection of both arbitration and insolvency law.

In the PRC, the applicable laws for arbitration claims against an insolvent debtor are the 2006 Enterprise Bankruptcy Law of the People’s Republic of China (“EBL“) and the Arbitration Law of the People’s Republic of China (“PRC Arbitration Law”).

There are two paths to bankruptcy under the EBL, both requiring approval from the competent people’s court. First, the debtor may voluntarily petition the court for bankruptcy, and second, a creditor may pursue an involuntary petition against the debtor.

Bankruptcy Results in a Stay of Arbitration Proceedings

Whether initiated by the debtor or creditor, a successful petition for bankruptcy results in a temporary stay of legal proceedings — including both litigation and arbitration claims — against the debtor.  This stay suspends arbitration proceedings relating to the debtor until the court appoints a third-party administrator (the “Administrator“) to handle the debtor’s assets. Until such appointment, ongoing arbitration is suspended and the court is not permitted to direct any of the parties to submit further disputes to arbitration (EBL Art. 20). Note that while the EBL does provide for debtor-in-possession proceedings, in practice, in almost all cases an Administrator is appointed.

The Administrator May Disclaim Some of the Bankrupt’s Contracts, While Arbitration Agreements are Subject to the Strict Doctrine of Severability

Pursuant to EBL 18, once the stay is lifted, the Administrator has a special right to rescind the debtor’s unperformed contracts, but not an arbitration agreement within such a contract. This limited power of rescission is the result of how EBL Art 18 interacts with the strict doctrine of severability articulated in Art 19 of the PRC Arbitration Law. Under Article 19 of the PRC Arbitration Law, an arbitration agreement exists independently from the contract that contains it, such that a contract’s rescission (解除) does not affect the arbitration agreement within. Instead, the validity of the arbitration agreement is decided by PRC Arbitration Law Article 17(3), whereby arbitration agreements can be invalidated only when entered into “by coercive means”. In practice, showing coercion is only possible in exceptional cases.

In a similar vein, pursuant to EBL 31 and 32, the Administrator also has a special right to apply with the court or arbitration commission having jurisdiction over the matter to revoke a contract that is obviously unfair.

The Administrator Steps into the Debtor’s Shoes

Upon the Administrator assuming control of the debtor’s assets, the Administrator registers creditor claims against the debtor and steps into the debtor’s shoes during civil proceedings. First, creditors are required to submit their proof(s) of claims to the Administrator, who then tallies them to create a register of debts (EBL 57). This includes would-be litigants. Unregistered claimants may not bring claims against an insolvent debtor, and claimants seeking to stand on an arbitration agreement to circumvent this requirement are unlikely to succeed.

The Administrator reports to creditors once they are registered, who then supervise the Administrator’s efforts (Ibid Arts 23, 68–69). The Administrator must therefore participate in any applicable arbitration against creditors on the debtor’s behalf, while attempting to maximize the realizable returns of the other creditors. This is an ongoing duty. Where said arbitration continues even after the insolvency proceedings have concluded, the Administrator must nevertheless continue to perform the duties involved and carry such litigation or arbitration through to completion (Ibid Art. 122).

Once the Administrator takes charge of the debtor’s assets, is it business as usual for arbitration claimants against the debtor? The unfortunate fact for most arbitration claimants is that once the debtor enters insolvency, winning an award is still no guarantee that the claimant will recover the amount owed.

There are special procedural hurdles unique to insolvency law which require special consideration from arbitration claimants. Most creditors must follow the priority of claim order detailed in EBL Arts 43 and 113, which describe which creditors are paid first. These clauses call for priority payments to go to bankruptcy expenses, collective debts, medical and disability benefits, pension payments, old-age insurance premiums, employee wages, social insurance premiums, taxes, and finally “common bankruptcy claims”. Art 119 protects claimants whose civil or arbitration proceedings against the debtor extend beyond the conclusion of bankruptcy proceedings. It does so by apportioning a share of the debtor’s assets (proportionate to the claim sought) before an award or judgment is issued:

Article 119

With respect to a claim that involved […]  a […] pending arbitral decision […] [A]dministrator shall preserve the share involved in distribution in advance.

Facing an Administrator, an Arbitration Claimant Must Carefully Craft an Arbitration Strategy

The Administrator is an unusual adversary for an arbitration claimant.

During arbitration proceedings, the arbitration claimant faces an Administrator acting on the debtor’s behalf. The Administrator is also responsible for investigating the amount and validity of claims. However, when the arbitration claimant’s creditor rights have yet to be determined, that claimant may not always have a chance to exercise voting rights along with the other creditors (EBL Art 59, an exception to this is when the People’s Court is able to determine creditor rights provisionally). In addition, and perhaps to the arbitration claimant’s dismay, the Administrator also proposes how to apportion the debtor’s assets for the benefit of creditors (Ibid para Art 115(4)).

This would affect an arbitration claimant in two ways. First, this leaves the door open to the Administrator adjusting the arbitration claimant’s notional claim downwards as new evidence comes to light.  Second, the Administrator can use their role as the drafter of the plan of distribution as leverage against the arbitration claimant. Depending on the size of the arbitration claimant’s claim relative to those of other creditors, it may be easily out-voted during creditor meetings. Once the Administrator’s distribution plan is approved by the Creditors’ Meeting, it is submitted to the People’s Court for approval (Ibid Art 116), and once approved, the debtor’s assets are liquidated and distributed to the creditors. If those creditors wrongfully enlarged their shares at the expense of the arbitration claimant, the claimant’s only recourse after dissolution may be a pyrrhic victory on appeal, since the debtor by that point no longer exists as an entity.

An additional consideration for arbitration claimants is the importance of carefully setting the notional value of an arbitration claim before the responsible people’s court. Once the people’s court grants the arbitration claimant a notional value, this may set a ceiling on their realizable award. Strategically speaking, the amount to be “reserved” for the arbitration claimant’s benefit under EBL Art 119 is difficult to increase after the debtor’s assets have been liquidated. This means that obtaining an unfavourably low “reserve” award could be costly for an arbitral claimant. By way of example, if only $1 million was reserved for the claimant, it does little good for a claimant to win a $5 million award, since any amounts that were not earmarked may be distributed to other creditors by the time the award is issued. Therefore to maximize the amount of a realizable award, an arbitration claimant’s attorneys must be ready to front-load their case and present the full merits of their claim before they may, in fact, have fully developed their arbitration strategy.

Overall, an arbitration claimant should carefully weigh the options available in devising a suitable arbitration strategy against an insolvent debtor.

 

[1]Steele et al, “Trends and Developments in Chinese Insolvency Law: the First Decade of the PRC Enterprise Bankruptcy Law” 66 Am. J. Comp. L. 669 (2018) at 682

[2]William Lu, “Arbitration and Insolvency Proceedings: The Chinese Law Perspective” Asian Dispute Review, Vol. 23, Issue 1 (January 2021) 18 at 20. See also Supreme People’s Court, “Application of the Enterprise Bankruptcy Law of the People’s Republic of China, Provisions on Several Issues (3)” People’s Court News Media Network, March 28, 2019, online: <www.chinacourt.org/law/detail/2019/03/id/149865.shtml>.

When concluding an insurance contract, the insurance applicant has a duty of disclosure. The applicant is not obliged to disclose information unless the insurer enquires.

The insurer’s remedy for breach of this duty varies. The insurer can either:

  • Rescind the contract and keep the premium. The availability of this remedy depends on the degree of connection between the loss and the intention of the policyholder. If the policyholder deliberately breached this duty, then the insurer can avoid the policy, refuse all claims, and keep the premium.
  • Rescind the contract but return the premium.If the policyholder was merely negligent in breaching the duty, the insurer can avoid the contract but must return the premium.

The insurer has no right to rescind the contract if it underwrote the contract fully aware that the applicant had not provided honest answers.

Also, the right of an insurer to rescind a contract is extinguished if it is not exercised within 30 days from the date the insurer discovers the non-disclosure. Moreover, there is a two-year limitation period from the conclusion of the contract. After this expires, the insurer cannot take any action to avoid the policy.

What is insurance non-disclosure under Chinese law?

To control for adverse risks, the insurance industry is strictly regulated. In turn, insurance policies allocate risk in society. However, the conclusion of an insurance policy involves its own risks; risk of non-disclosure by one of the parties being foremost among them.

In light of its tremendous growth, it is easy to forget that insurance remains comparatively new in China. The first law on insurance, the Insurance Act (1995, the “Insurance Act“) was enacted in 1995 and then amended in 2002, 2009, and 2015.

Typically, non-disclosure arises out of the insured’s failure to disclose material information to the insurer. This is the basis for the doctrine of utmost good faith in the duty to disclose.

The rules governing the insured’s duty to disclose, misrepresentation, and remedies, are laid out in Article 16 of the Insurance Act.

The duty to disclose is found in paragraphs 16(1–2), together with the corresponding remedy of rescission for failing in this duty. Importantly, this duty only extends to non-disclosures or misrepresentations which go to the heart of the policy; in other words, which “affect the insurer’s decision on whether to underwrite the insurance or raise the insurance premium“:

Article 16

(1) Where the insurer makes any inquiry about the subject matter insured or about the insurant when entering into an insurance contract, the insurance applicant shall tell the truth.

(2) The insurance applicant fails to perform the obligation of telling the truth as prescribed in the preceding paragraph intentionally or for gross negligence, which is enough to affect the insurer’s decision on whether to underwrite the insurance or raise the insurance premium, and thus the insurer shall have the right to rescind the contract.

Per paragraph 16(3), there are strict time limits on the insurer exercising a right of rescission. The insurer’s right of rescission expires after 30 days of discovering the non-disclosure or misrepresentation. Moreover, there are no grounds for rescission two years after conclusion of the contract:

(3) The right to rescind as stated in the preceding paragraph shall be extinguished if not exercised within 30 days of the time the insurer knows of the cause for rescission. Once two years have elapsed after the contract is entered into, the contract may not be rescinded even if cause for rescission exists; where an insured incident occurs, the insurer shall be liable for paying indemnity or insurance benefit.

Paragraphs 16(4–5) describe intentional and grossly negligent misrepresentations in further detail, and treat the former more seriously than the latter. They both provide that the insurer shall not be liable for paying indemnity or insurance money for an insured incident that occurs before the contract is rescinded. The major difference is that whereas intentionally failing to tell the truth causes the insured to lose both benefits and premium, gross negligence will cause the insured to lose benefits but obtain a refund of the policy premium:

(4) Where the insurance applicant intentionally fails to perform the obligation of telling the truth, the insurer shall not be liable for paying indemnity or insurance money for an insured incident that occurs before the contract is rescinded, and shall not refund the insurance premium.

(5) Where an assured in gross negligence fails to make truthful disclosure so as to contribute materially to the occurrence of an insured event, the insurer shall not be liable for paying indemnity or insurance money for an insured incident which occurs before the contract is rescinded, but shall refund the insurance premium.

Under paragraph 16(6), the insurer has no right of rescission when it agrees to the policy despite knowing that the insured is not telling the truth:

(6) Where the insurer knowing the truth which the insurance applicant fails to tell enters into an insurance contract with the insurance applicant, the insurer, shall not rescind the contract and, if an insured incident occurs, shall be liable for paying indemnity or insurance money.

Finally, there is also a relevant portion of the Maritime Code of China, which addresses disclosure to a similar degree as the Insurance Act. Specifically, under Article 222,

[B]efore the contract is concluded, the insured shall disclose to the insurer material circumstances which the insured has knowledge of or ought to have knowledge of in his ordinary business practice and which would influence the insurer in deciding the premium or whether he agrees to insure or not.

Thus, while a Chinese insurer may rescind a policy for intentional or grossly negligent non-disclosure, it may not rescind for innocent or minor non-disclosures. While negligent non-disclosure (instead of grossly negligent or intentional non-disclosure) may entitle the insurer to other contractual remedies, this does not include rescission. That said, under Chinese law there are currently no legal definitions for the terms “intentional” or “gross negligence”, leading to judicial uncertainty. Even though the policies might have the definitions for “intentional” or “gross negligence”, the difference between gross negligence and negligence is  difficult to distinguish in many circumstances.

Note that not all non-disclosure by the insured will entitle the insurer to the right of rescission. non-disclosure which does not go to the heart of the agreement does not entitle a contractual party to rescission. According to some authors, there is a legal basis for this in the Interpretation of the Supreme People’s Court on Several Issues pertaining to Application of the Insurance Law of the People’s Republic of China (II), (the “SPC Interpretation II“). The SCP Interpretation II limits, under Article 6,  the insured’s duty to disclose to the insurer’s scope of inquiry (投保人的告知义务限于保险人询问的范围和内容), and furthermore puts the burden of proof on the insurer when a dispute over the scope or content of the enquiry arises. Another author posits that “if the insurer is not asking about important facts, the insured does not breach the duty even by concealing or misrepresenting.” For the latter opinion, there are disagreements in Chinese academia.

Thus while facts which involve assessing the underwritten risks are considered material, if the insurer asks about unimportant or irrelevant facts, the insured does not open the policy to rescission by concealing or misrepresenting such facts. Accordingly, the insurer’s inquiry should be limited to material facts and the insurer should not expect a right of rescission after discovering misrepresentation or concealment of facts which had little or no bearing on the conclusion of the policy.

Nevertheless, to avoid rescission, certain facts must be proactively disclosed by the applicant even absent a question from the insurer. While the Insurance Act itself does not address this, interpretive guidance was made available in the 2006 Reply on Issues Related to Insurance Contract Disputes (the “Reply on Insurance Contract Disputes“). Originally, under the Reply on Insurance Contract Disputes, when the insured “knows or should know of certain material matters upon which insurability may turn, and said matters affect the insurer’s decision on underwriting or pricing the premium, then even if the insurer has not made a clear inquiry, the insured must inform the insurer of said information.” That said, this was limited to only information which the insured knows (rather than should know) in Article 5 of the SPC Interpretation II, which specifically classifies information that the policyholder knows of (投保人明知的与保险标的或者被保险人有关的情况) as facts to be declared under paragraph 16(1) of the Insurance Act. Since the duty to disclose said facts falls under Article 16, the insured’s failure to disclose them will also entitle the insurer to the right of rescission.

The duty to proactively disclose facts therefore turns on two elements. First, the fact must be material. Second, the fact affects the insurer’s decision on underwriting or pricing the policy’s premium.

How then to decide which facts are material or immaterial? Somewhat confusingly, this appears to be a partially redundant enquiry between both the first and second elements. A material fact is one “[which] is enough to affect the insurer’s decision on whether to underwrite the insurance or raise the insurance premium.” Whether the standard used for “affect the insurer’s decision” is a subjective or objective one remains an unsettled question under Chinese law. That said, judges from many courts have adopted the “objective standard” of the prudent insurer, rather than place themselves in the shoes of the insurance provider at issue.

Since the first element of the test, on materiality, requires answering the second element of the test, on “affect[ing] the insurer’s decision”, the second element in practice turns on causation. In other words, after establishing that a fact [1] was material (because it would have affected a prudent insurer’s decision), the judge must then be satisfied that [2] the failure to disclose the fact did, in fact, affect the insurer’s decision on underwriting or pricing the policy. If both first and second elements are satisfied, then the insured will be found to have failed in their duty to proactively disclose the fact at issue.

Note that since PRC law does not distinguish between sophisticated insurance applicants and individual insurance applicants, or “business insurance” and “consumer insurance” applicants. Accordingly, the above rules on misrepresentation apply both to natural persons and legal persons applying for insurance. Note however that other specific rules apply when an insurance brokerage is involved in the policy’s negotiation.

What changes do the new Civil Code bring to insurance misrepresentation?

China’s new Civil Code brings very few additions to China’s insurance law regime. In fact, there are only a few articles related to insurance at all. These include, under the section on tort liabilities, a few clauses on compulsory automobile liability insurance (in connection with the Traffic Accident Social Assistance Fund). This is in order to ensure policies are in place to provide compensation to insureds and the third-party victims of traffic accidents. See Civil Code of the People’s Republic of China, arts 1213, 1215–1216. There are also passing references to insurance in the book on real property rights, art 390, on security interests, and art 461, on rights to insurance indemnities when in possession of another’s property, in addition to the book on contracts, which features art 909 on warehousing.

Nevertheless it is important to note that the Civil Code repealed the PRC Contract Law. As a result, Part III (Contracts) of the Civil Code is now the general law applicable to all contracts, including insurance agreements.

 

[1]ZHEN JING, CHINESE INSURANCE CONTRACTS LAW AND PRACTICE 32-43 (2017).

[2]Insurance Law of the People’s Republic of China (promulgated by the Standing Comm. Nat’l People’s Cong., June 30, 1995, effective Apr. 24, 2015), art. 16.

[3]Qihao He & Chun-Yuan Chen,  Insurance Law between Commercial Law and Consumer Law: Can the United States Inspire China in Insurance Misrepresentation, 26 CONN. Ins. L.J. 145 (2020), citing Zhen Jing, Remedies for Breach of the Pre-Contract Duty of Disclosure in Chinese Insurance Law, 23 CONN. INS. L.J. 327, at 348 (2017).

[4]Qihao He & Chun-Yuan Chen,  Insurance Law between Commercial Law and Consumer Law: Can the United States Inspire China in Insurance Misrepresentation, 26 CONN. Ins. L.J. 145 (2020) at 160.

[5]Qihao He & Chun-Yuan Chen,  Insurance Law between Commercial Law and Consumer Law: Can the United States Inspire China in Insurance Misrepresentation, 26 CONN. Ins. L.J. 145 (2020) at 160, citing Min Chang, Study on Insurance Contract Incontestability System, 2 GLOBAL L. Rev. 76-91 (2012).

[6]Qihao He & Chun-Yuan Chen,  Insurance Law between Commercial Law and Consumer Law: Can the United States Inspire China in Insurance Misrepresentation, 26 CONN. Ins. L.J. 145 (2020) at 160, citing the Reply on Issues Related to Insurance Contract Disputes, promulgated by the China Ins. Regulatory Comm’n, Feb. 21, 2006, effective Feb. 21, 2006).

[7]Qihao He & Chun-Yuan Chen, Insurance Law between Commercial Law and Consumer Law: Can the United States Inspire China in Insurance Misrepresentation, 26 CONN. Ins. L.J. 145 (2020) at 160.

[8]Qihao He & Chun-Yuan Chen, Insurance Law between Commercial Law and Consumer Law: Can the United States Inspire China in Insurance Misrepresentation, 26 CONN. Ins. L.J. 145 (2020) p 161, citing the Insurance Law of the People’s Republic of China (Standing Comm. Nat’l People’s Cong., June 30, 1995, effective Apr. 24, 2015), art. 16.

[9]Qihao He & Chun-Yuan Chen, Insurance Law between Commercial Law and Consumer Law: Can the United States Inspire China in Insurance Misrepresentation, 26 CONN. Ins. L.J. 145 (2020) at 160, citing (Zhen Jing, Insured’s Duty of Disclosure and Test of Materiality in Marine and Non-Marine Insurance Laws in China, J. BUS. L. 681, 686-87 (2006).)

[10]Ibid  at 163.

Michael Gu / Grace Wu / Vivian Wang [1]Introduction

The year 2020 is an unusual year. The outbreak of COVID-19 pandemic and continued international trade tensions posed challenges to Chinese antitrust law enforcement authority, the State Administration for Market Regulation (SAMR). Particularly, the SAMR was tested on their ability to address the impacts coming along with the crisis and to rapidly respond to new circumstances in the Chinese market. Despite the challenges, the SAMR maintained prudent in conducting the merger control review and even concluded more merger cases compared with the year 2019. In fact, the SAMR’s review process has become more efficient in 2020. On average, compared with 2019, it took less time for concluding a merger case review, especially for simple cases and normal cases with less competition impacts. According to the working report 2020 of the SAMR [2], the SAMR accepted filings of 481 cases and concluded the review of 473 cases. The figures represent an increase of 5% for accepted merger filings and 1.7% for concluded merger cases from 2019. The average time for case filing and conclusion fell by 27% and 14.5%, respectively.

As to conditionally-approved cases, the number is relatively stable in 2020 (four cases) compared with the previous year (five cases). Four cases were approved with behavioural conditions. Two of the four conditionally-approved cases in 2020 were withdrawn and resubmitted before the expiry of the first statutory merger review period (i.e., 180 days). This shows that the SAMR is still prudent in reviewing mega mergers which may raise competition concerns. Withdrawal of the filing also provides notifying parties with flexibility and sufficient time to communicate with the SAMR. From the first submission of filing materials to the case being conditionally concluded, the review process for the four cases above lasted for a minimum of 238 days [3] , a maximum of 358 days [4] , and an average of 291 days. There was no prohibition decision rendered by the SAMR in 2020.

Furthermore, the SAMR continued its tough stance against non-filers. The SAMR published 13 penalty decisions that failed to fulfil the notification obligations under Anti-monopoly Law.  In addition, the SAMR also clarified that the concentration involving variable interest entity (VIE) structure transactions [5] is within the scope of merger control review.

Legislation

Release of The Interim Provisions for Merger Control Review

On 7 January 2020, the SAMR released a draft of the Interim Provisions for Merger Control Review (hereinafter “the Interim Provisions”) for public comment. The final version of the Interim Provisions was adopted in October 2020 [6] . The Interim Provisions consolidate all major regulations for merger control review into one coherent, comprehensive and easy-to-follow regulation, although no substantial changes have been proposed thereunder. However, it is notable that, pursuant to Article 2 of the Interim Provisions, the SAMR can authorize its provincial branches to take charge of merger control review. The decentralization of antitrust enforcement serves the purpose to better allocate the heavy workload undertook by the SAMR, by which it could focus on reviewing relatively complex cases. Therefore, we expect that the SAMR will continue to lead the review process of most cases in the near future. However, specific questions remained to be answered. For example, in what types of cases will the SAMR authorize its provincial branches? When exactly will the SAMR authorize? If authorized, what scope, i.e. to what extent, will the authorization be? These questions are expected to be answered through observation of SAMR practices.

Revision of The Anti-monopoly Law in Process

On 2 January 2020, the SAMR released a draft of revisions to the Anti-monopoly Law for public comment (hereinafter “the Revised AML”) [7] . Although the Revised AML follows the current Anti-monopoly Law’s basic framework, it significantly enhances the legal liability of Anti-monopoly Law violators. For example, in accordance with Article 55 of the Revised AML, the proposed penalty will be up to 10% of the non-filer’s annual sales in previous year instead of the maximum amount of fine RMB500,000 under the current Anti-monopoly Law, which is clearly insufficient for deterring non-filers. The Revised AML also clarifies practical issues such as ‘controlling rights’ for merger filing purposes. In addition, the Revised Draft introduces the so-called ‘stop-clock’ clause that specifies three conditions to discontinue the mandatory timelines for merger review:

  • on application or consent by the notifying parties;
  • supplementary submissions of documents and materials at the request of the antitrust authority; or
  • remedy discussions with the antitrust authority.

The revision of Anti-monopoly Law has been scheduled as key legislative work for 2021 [8] , and the new Anti-monopoly Law is expected to be adopted in the near future.

Enhanced Antitrust Scrutiny on E-commerce Platforms

On November 2020, the SAMR released “Antitrust Guidelines for the Platform Economic Industry” for public comment (hereinafter “Guidelines for Platform”). Just within three months, the final version of Guidelines for Platform was approved and implemented on 7 February 2021 [9] . The Guidelines for Platform provide a chapter of regulations, specifically obliging business operators in the platform economic industry to merger control review, including the filing standard, evaluation of competition concerns and restriction conditions. It is also notable that the Guidelines for Platform clarify that the concentration involving VIE structure transactions is within the scope of merger control review. The Guidelines further clarify that transactions involving start-ups, new types of platform or free business models with the possibility of eliminating or restricting competition cannot be exempted from merger filing, even though they do not meet the turnover standard.

Unconditionally cleared cases

The SAMR unconditionally approved 469 cases in 2020 – slightly more than the previous year (460 cases). With regard to simple cases, a total of 364 cases were concluded in 2020, accounting for 76.96 per cent of all cases. The proportion of simple cases increased compared with that of 2019 (the number of simple cases accounted for around 73.3 percent of total cases in 2019). On average, simple cases took 12.81 days to be concluded (among which 12.79 days for the first quarter, 12.59 days for the second, 13.35 days for the third, and 13.35 days for the fourth), which was slightly reduced from 15.37 days in 2019 (among which 15.12 days for the first quarter, 18.29 days for the second, 18.24 days for the third, and 13.37 days for the fourth). And in 2020, 27.47 per cent of those cases were unconditionally approved upon expiration of the 10-day publication period. This demonstrates that simple case procedure plays an active role in enhancing the efficiency of concentration review, particularly in the sense of reducing the reviewing time.

Based on statistics above and our experience, we reckon that since the fourth quarter in 2020, the SAMR has been exploring tailored approach of review to different types and structures of transactions, and accelerating its process for certain transaction types. Moreover, we notice that from the fourth quarter in 2020, the accelerating rate of the SAMR’s efficiency on simple case review has slowed down. Accordingly, we estimate that time spent before acceptance of the case, i.e. the time from the submission of filing materials to the acceptance notice of filing, will be longer, had the SAMR intended to further reduce the interval time between the public notification and that of case conclusion. Notably, for the first time, the SAMR disclosed that the time spent before acceptance of the case was 24 days on average in 2019, as provided in its Annual Report on the Enforcement of Anti-monopoly Law of China (2019) [10] .

Concluding from recent cases, it appears that the SAMR has a varying standard with its merger control review process depending on the nature and structure of the transaction. Firstly, horizontal mergers typically attract greater level of scrutiny compared to non-horizontal mergers; secondly, the SAMR also pays closer attention to transactions concerning industries with higher level of concentration; thirdly, for purely offshore transactions, that is, transactions that only involve joint ventures or companies with a small asset base in China that do not engage in substantial economic activities within China, the level of scrutiny is noticeably (and unsurprisingly) lower compared to transactions with a domestic implication; fourthly, transaction that involves the acquisition of an equity stake would be more closely reviewed compared to joint ventures; finally, complex transactions, such as multi-stage acquisition, privatization of a listed company, and red-chip model restructuring, would likely endure a more prolonged review process by the SAMR.

Mingcha Zhegang Case [11]

On 16 July 2020, the SAMR unconditionally approved the joint venture between Shanghai Mingcha Zhegang Management Consulting Co., Ltd. (‘Mingcha Zhegang’) and Huansheng Information Technology (Shanghai) Co., Ltd. (‘Huansheng’). Mingcha Zhegang provides data analysis and artificial intelligence solutions to enterprises in the catering industry, whereas Huansheng is a subsidiary of Yum China which in turn owns brands including KFC, Pizza Hut, and Taco Bell. The joint venture proposes to engage in information and network technology development in the catering industry. This is the first case reviewed by the SAMR where it officially acknowledged the presence of a VIE structure used by a party to the transaction. Here, the ultimate controlling party of Mingcha Zhegang is a Cayman-incorporated company, Leading Smart Holdings Limited. Since the SAMR’s publication of the simple case review on 20 April 2020, the case received widespread attention due to the uncertain result of merger control review involving VIE arrangements.

Despite the lengthy approval process (88 days), which is significantly longer than the average review period of unconditionally approved cases, taking up almost the entire duration allowed for in simple case review, the delay, contrary to public perception, may be unrelated to the presence of the VIE structure. Instead, the delay was more likely a result of the reasonable objections by related third parties, with regard to relevant market definition, market share of the notifying parties, etc., which in turn led to competition concerns to the SAMR. As the transaction was likely motivated by data consolidation between the two notifying parties, it was also alleged that this would raise issues relating to data monopolization. Ultimately, however, these issues did not appear to be detrimental to the result of merger control review, as the SAMR approved the transaction unconditionally.

Car Inc (Shenzhou Zuche) Case [12]

On 25 November 2020, the SAMR published the simple case summary that it would be reviewing MBK Partners’ proposed acquisition of Car Inc (Shenzhou Zuche). MBK Partners is a private equity firm predominantly focused on the North Asia region, and Shenzhou Zuche is China’s largest car rental company. Similar to the Mingcha Zhegang Case, this case also involves the use of a VIE structure, though this would almost certainly not be the focus of the SAMR’s review. Instead, the SAMR closely scrutinized this transaction for competition concerns, as this particular transaction involves financial and transportation industries, which have been the focus of regulatory attention in recent years. With MBK’s shares in the consortium that took eHi Car Services, China’s second largest car rental firm, private last year, such competition concerns would certainly be more pronounced. Beyond anti-competition issues, this transaction may also trigger foreign investment concern with the recent passage of Measures on Security of Foreign Investments [13] . Ultimately, the SAMR approved this case on 21 January 2021, which was a rather lengthy approval process (57 days).

As highlighted by these two cases, the SAMR has signaled its intention to review, with heightened scrutiny, cases which involve VIE structures. Putting aside any extrapolation from these decisions of the SAMR’s stance on the legality of the VIE structure, it is evident that at least within the anti-monopoly enforcement framework, it would be imprudent for companies which employ a VIE structure to ignore filing obligations. This is further evidenced with the introduction of the ‘Guidelines for Platform’, the penalties opposed on three tech companies for failing to comply with their filing obligations, and from recent statements made by the SAMR [14] . Given the SAMR’s approval in the Mingcha Zhegang Case and Car Inc (Shenzhou Zuche) Case, the consensus among practitioners is that transactions involving VIE structure would not be adversely affected. Companies should thus proactively assess their situation and ensure that they are compliant with the Anti-monopoly Law.

Conditionally cleared cases

In 2020, the SAMR conditionally approved four cases, a relatively stable number compared with 2019 (five cases). Figure 1 (below) illustrates the number of cases conditionally cleared from 2009 to 2020.

Figure 1

These conditional cases cover automobile, computer, electronic components, and pharmaceutical industries. They are the key areas of antitrust enforcement. The relevant products involved in these cases are not only related to people’s daily life but also high-tech driven. For example, the relevant product markets in ZF Friedrichshafen AG’s acquisition of WABCO Holdings case is related to automatic manual transmission (AMT) controllers; in Nvidia’s acquisition of Melox case is related to Ethernet adapters; and in Danaher’s acquisition of GE’s BioPharma case is related to microcarrier and other biological analysis instruments. Due to the relatively strong technical nature of the relevant market, the notifying parties in two of the four conditional cases withdrew and resubmitted the notifications. From the first submission of filing materials to the case being conditionally concluded, the review process for the four cases lasted for a minimum of 238 days, a maximum of 358 days, and an average of 291 days. There are many reasons for the lengthy review process, which may include the following.

  • In the absence of the ‘stop-clock’ clause in Anti-monopoly Law, the process of preparation for supplementary materials and negotiation for restrictive conditions are included in the reviewing period. Therefore, the review time for complex cases may exceed the statutory merger review period;
  • The transaction structures and the relevant products are complicated (e.g. in GE/Danaher case, Danaher and the target had horizontal overlaps in 25 products);
  • The relevant market is highly technical and complicated (e.g. Ethernet adapter and data center server in Melox/Nvidia case); and
  • The SAMR becomes more cautious in analyzing the competition impact of these cases.

Danaher’s acquisition of GE’s BioPharma Case [13]

On 28 February 2020, the SAMR conditionally approved Danaher’s acquisition of GE’s BioPharma unit, almost a year after the transaction’s initial merger filing. Danaher is an American diversified conglomerate involved in the healthcare and environmental industry. GE’s BioPharma unit, renamed Cytiva, provides both hardware and software used in biopharmaceutical research.

In addition to implicating a sensitive and strategically important industry, this case stands out for its complexity, involving 25 different product markets where the notifying parties had horizontal overlaps. In the SAMR’s analysis, the relevant geographical market for these product markets is defined as the worldwide market given that there were minimal trade barriers (as evinced by the low ratio of shipping cost to sales price) and minimal price differentiation across borders. The SAMR found that in many of the product markets, including the markets for microcarriers, chromatography systems, and hollow fiber filter modules, the transaction would have the effect of eliminating or restricting competition. For example, the SAMR found that, in the microcarriers market, the notifying parties would have a combined market share of nearly 70 per cent to 75 per cent worldwide. In addition to market share, the SAMR also appeared to be concerned with the impact of the transaction on innovation and R&D, particularly in the hollow fiber filter module market.

After several rounds of consultation, the SAMR accepted Danaher and GE’s proposal for structural remedies to salvage the transaction, concluding that the remedies would reduce the transaction’s adverse impact on competition. Danaher was to divest various businesses, such as the businesses in the aforementioned product markets which raised competitive concerns, including all its tangible and intangible asset and staff. Moreover, Danaher was to reach transitional agreement and share its relevant tangible assets and proprietary research of the ‘Emily Project’ to buyers of its divested businesses, aimed to encourage R&D and investment into new products. This last remedy stands out with the SAMR going beyond its traditional anti-competition toolbox to impose conditions that the agency believed would encourage innovation and facilitate greater product selection within the relevant market, instead of merely eliminating the negative impact raised.

We expect that the SAMR will continue to explore and deepen its anti-competition toolbox in major scientific research fields in life sciences and other high-end scientific research fields (for example, cutting-edge R&D involving biopharmaceuticals, or transactions involving innovative drugs for the treatment of critical diseases and rare diseases). The notifying parties should weigh and coordinate the filing strategies of various jurisdictions and carefully submit remedies based on the impact on the Chinese market to resolve the competition concerns of the SAMR.

Penalties on Non-filers

In recent years, the antitrust authorities have never relaxed their supervision of non-filing cases. In 2020, the SAMR significantly strengthened its supervision of and penalties on non-filing parties. The SAMR published 13 non-filing cases with a total fine of RMB5.65 million. The highest fine issued was RMB500,000, while the lowest was RMB300,000.

MBK Partners/Siyanli Industrial Case [16]

On 6 January 2020, the SAMR published its penalty decision against MBK Partners for its failure to notify its acquisition of a 23.53 per cent stake in Siyanli Industrial (‘Siyanli’). By failing to do so, the notifying parties breached Article 21 of the Anti-monopoly Law and was fined RMB350,000 accordingly.

This case also marks the first penalty decision relating to an investment fund acquiring a minority interest, suggesting that the SAMR has not only kept itself up to date of market movements, but that it is taking up a proactive role in policing this area. While the stake of 23.53 per cent prima facie appears to be a small proportion of the overall business, it is likely that the SAMR took a strict approach with its interpretation on ‘controlling rights’. The reason could be that this transaction is distinguished from most other PE/VC transactions where there is a greater difference in the proportion of equity stake between the fund investor and controlling party, and where the investment fund was largely kept away from the operations of the business.

Based on our experience, notifying parties holding a minority interest would have to assess their filing obligations under specific circumstances. Typical considerations include:

  • the voting right arrangement on major corporate decisions (such as whether financial investors had veto power), and
  • the presence of any special shareholder rights (such as preemptive rights, preferential rights, drag-along rights, buyback rights).

If an investor in a later financing round shares the same special shareholder rights to previous investors due to a most-favored-nation clause, this may also trigger filing obligations.

Intime Retail Case, New Classics Media Case & China Post Smart Delivery Case

On 14 December 2020, the SAMR published its penalty decisions against three non-filers, namely, (1) Alibaba for its acquisition of Intime Retail (Intime Retail Case) , (2) China Literature Limited for its acquisition of New Classics Media (New Classic Media Case) [18] , and (3) Hive Box Technology for its acquisition of China Post Smart Delivery (Hive Box Technology Case) [19] . The three cases all involve Internet companies using a VIE structure. It is the first time where the SAMR penalized concentration involving a VIE structure.

Among the three cases, the SAMR’s investigation into the Intime Retail Case and New Classics Media Case each took approximately 40 days, whereas the SAMR’s investigation into the China Post Smart Delivery Case took 174 days, significantly longer than the other two. It is further worth noting that the actual transaction of the first two cases took place in 2017 and 2018 respectively, whereas Hive Box Technology’s acquisition of China Post Smart Delivery was only recently completed in May 2020, implying that the SAMR had begun its investigation only a month after the deal’s conclusion. According to the SAMR’s subsequent press conference (Press Conference) [20] , the SAMR had conducted a comprehensive review of the transactions’ impact on market competition, examining the underlying market condition and the effect that the concentration would have. In the end, however, the SAMR concluded that the three transactions would not reduce or eliminate competition.

Dohia Case [21]

On 9 September 2020, the SAMR published their penalty decision against Zhejiang Construction Investment Group (‘ZCIGC’) for its failure to notify the agency of its 29.83% acquisition of Dohia Group (‘Dohia’). The transaction was conceived as a reverse merger whereby ZCIGC, a private company, would bypass the IPO process and become publicly listed through a complex arrangement with Dohia Group. The first phase involved ZCIGC acquiring a 29.83% of shares in Dohia. This was completed on 10 May 2019, where ZCIGC became Dohia’s largest shareholder. The second phase involved an asset swap between the two entities such that ZCIGC’s shareholders would become shareholders in Dohia.

Relevantly, ZCIGC had notified the SAMR when it was engaging in the second phase of its reverse merger in October 2019. However, the SAMR found that filing obligations would already have been triggered in the first phase of the transaction, handing out a penalty decision accordingly. Based on the penalty decision, it is likely that the SAMR made its decision based on the ownership concentration. With the SAMR specifically highlighting the 29.83% of shares, this suggests that the SAMR intended to create a deterrence effect, serving as a clear warning sign for other undertakings, as in the MBK Partners/Siyanli Industrial Case [22] . Therefore, companies engaging in asset restructuring, reverse mergers, and other multi-stage transactions should critically assess and determine the relevant stage of which filing obligations may be triggered. Moreover, publicly listed companies with a disperse shareholder base should also be mindful that a minority interest less than 30% may still be considered to be controlling interest. Any transaction that involves a change in ownership should be critically assessed as to whether the transaction triggers filing obligations.

Concluding from the non-filing cases as stated above, it is likely that the SAMR will continue its ex-post crackdown on previous transactions involving Internet companies using a VIE structure which have failed to comply with their filing obligations. Such companies shall remain vigilant and ensure that a robust compliance framework is in place. Strategic decisions, including the order of transaction to be reported and the supplementary material to be provided, shall consider all potential repercussions. The aforementioned cases are good precedents which shed light into the SAMR’s approach in defining the relevant market and in determining whether the conduct engaged would amount to monopolistic behavior.

Comments and Conclusion

In 2020, the SAMR maintained a consistently rigorous and prudent attitude towards merger control review. Despite the COVID-19, the time scale for filing and approval of merger control review (especially simple cases) has shortened compared to the previous year. As to conditional cases, the SAMR has imposed various conditions based on the characteristics of relevant products and the competition and innovation conditions of the relevant market, so as to eliminate the possible negative effects of concentration. In addition, 13 non-filing cases published in 2020 shows that the SAMR maintains its supervision of and penalties on non-filing parties. The SAMR has also clarified its attitudes towards transactions in the Internet sector involving a VIE structure.

The new trends and features of the SAMR should raise attention of enterprises in the relevant industries, whether it be the trend of scrutinizing transactions involving a VIE structure and the non-filing of minority stake investment by funds, or the trend of making intensive competition analysis of innovative markets. We expect that the SAMR will continue to accelerate the construction of antitrust enforcement system in 2021. When conducting the merger control review, the SAMR usually maintains the consistency between current and past cases, in particular, as to the market definition and certain factual issues. Meanwhile, to facilitate efficiency, high quality of notification materials will be required from the SAMR. Therefore, enterprises are advised to focus on the trends of antitrust enforcement and the revision process of the Anti-monopoly Law. In particular, enterprises shall understand the regulations of merger control review correctly, actively fulfill their filing obligations, and work closely with external experts to avoid delays in the closing of transaction, which would in turn affect their business plans. Furthermore, we expect that the SAMR will continue to strengthen the investigation and penalty of non-filing cases in 2021. Thus, before the revision of AML, enterprises shall consider to submit the post-consummation filing to the SAMR of such transactions.

 

FOOTNOTES:
Swipe up or down to view the contents
[1]Michael Gu is a partner of AnJie Law Firm based in Beijing. Michael specializes in competition law and M&A. Michael can be reached by email: michaelgu@anjielaw.com, or telephone at (86 10) 8567 5959. Grace Wu is an associate of AnJie Law Firm, and Vivian Wang is an intern of AnJie Law Firm.[2]The original Chinese version of the working report 2020 of the SAMR is available at the SAMR’s website:http://www.samr.gov.cn/xw/zj/202102/t20210205_325918.html

[3]Infineon’s acquisition of Cypress case, the announcement is available at the SAMR’s website

http://www.samr.gov.cn/fldj/tzgg/ftjpz/202004/t20200408_313950.html

[5]Nvidia’s acquisition of Melox case, the announcement is available at the SAMR’s website

http://www.samr.gov.cn/fldj/tzgg/ftjpz/202004/t20200416_314327.html

[5]A VIE structure is designed to allow foreign offshore investors to invest and control Chinese onshore business(es) through a series of contracts and agreements, overcoming foreign capital restrictions on particular sectors.

[6]The original Chinese version is available at the SAMR’s website:

http://gkml.samr.gov.cn/nsjg/fgs/20 2010/t20201027_322664.html

[7]The original Chinese version is available at the SAMR’s website:

www.samr.gov.cn/hd/zjdc/202001/ t20200102_310120.html.

[8]http://www.npc.gov.cn/npc/c30834/202012/f4fd27270f78471dbe8f88c31c47cb0f.shtml

[9]The original Chinese version is available at the SAMR’s website:

http://gkml.samr.gov.cn/nsjg/fldj/202102/t20210207_325967.html

[10]The original Chinese version is available at the SAMR’s website:

http://www.samr.gov.cn/xw/zj/202012/t20201224_324676.html

[11]The announcement of unconditional approval is available at the SAMR’s website:

http://www.samr.gov.cn/fldj/ajgs/wtjjzajgs/202007/t20200722_320099.html

[12]The publication of simple case review is available at the SAMR’s website

http://www.samr.gov.cn/fldj/ajgs/jzjyajgs/202011/t20201125_323881.html

[13]The original Chinese version is available at the NDRC’s website:

https://www.ndrc.gov.cn/xxgk/zcfb/fzggwl/202012/t20201219_1255025_ext.html

[14]The press conference of the SAMR is available at the SMAR’s website:

http://www.samr.gov.cn/xw/zj/202012/t20201214_324336.html

[15]The original Chinese version is available at the SAMR’s website:

http://www.samr.gov.cn/fldj/tzgg/ftjpz/202002/t20200228_312297.html

[16]The original Chinese version is available at the SAMR’s website:

http://www.samr.gov.cn/fldj/tzgg/xzcf/202001/t20200106_310261.html

[17]The original Chinese penalty decision is available at the SAMR’s website:

http://www.samr.gov.cn/fldj/tzgg/xzcf/202012/t20201214_324334.html

[18]The original Chinese penalty decision is available at the SAMR’s website:

http://www.samr.gov.cn/fldj/tzgg/xzcf/202012/t20201214_324340.html

[19]The original Chinese penalty decision is available at the SAMR’s website:

http://www.samr.gov.cn/fldj/tzgg/xzcf/202012/t20201214_324337.html

[20]The press conference is available at the SAMR’s website:

http://www.samr.gov.cn/xw/zj/202012/t20201214_324336.html

[21]The original Chinese penalty decision is available at the SAMR’s website:

http://www.samr.gov.cn/fldj/tzgg/xzcf/202010/t20201014_322326.html

[22]The original Chinese penalty decision is available at the SAMR’s website:

http://www.samr.gov.cn/fldj/tzgg/xzcf/202001/t20200106_310261.html

China’s Supreme Court made a final judgment applying HCCH 1965 Service Convention to serve a Japanese litigant by post in 2019, under the situation where the government of Japan opposed to postal service but the Japanese litigant agreed to accept it.

I. Overview

On 22 Nov. 2019, the Supreme People’s Court of China (“the SPC”) rendered a final judgment over guarantee liability matters, Tang Yimin v. China Development Bank[1], involving the issue of cross-border service by postal channels to a Japanese under HCCH 1965 Service Convention[2].

In this case, one of the litigants, the Japanese named Toshihide Inoue provided in writing to the SPC his mailing address in Japan and expressly accepted the court to serve him directly by mail. The SPC served the judicial documents to Toshihide Inoue by post even though Japan declared the opposition to Article 10(a) of HCCH 1965 Service Convention that “the freedom to send judicial documents, by postal channels, directly to persons abroad”[3] under the situations where China and Japan are both contracting states of HCCH 1965 Service Convention.

II. Case Brief

On 26 Mar. 2007, China Development Bank (hereinafter referred to as “CDB”) and Xu Hui (hereinafter referred as “Xu”) signed the “Guarantee Contract”. Xu assumed joint and several suretyships for the debts under the “Syndicated Loan Contract” with the amount of US$65 million.

On 23 Dec. 2011, Xu, the Guarantor, deceased. On 10 May 2017, Tianjin No. 2 Intermediate People’s Court made a final judgment[4] that Tang Yimin inherited 50% of Xu’s estate and Inoue Toshihide inherited 9% (other heirs not related to this article will not be described here).

On 24 Dec. 2018, Tianjin Higher People’s Court rendered the first-instance judgment. In this case, CDB sued Tang Yimin, Inoue Toshihide and other heirs of Xu to assume joint and several guarantee liabilities within the inheritance, the first-instance court supported the plaintiff’s claims.[5] Tang Yimin appealed to the SPC. In the second-instance trial, the SPC served judicial documents to one of the appellees, Inoue Toshihide, in the postal method. Finally, the SPC dismissed the appeal and upheld the first instance judgment.

III. The SPC’s Decision and Opinions

Regarding the service to the Japanese citizen Inoue Toshihide in the second instance of this case, the SPC ascertained that Japan is a contracting state of HCCH 1965 Service Convention, and gave notice of its declaration of opposition to Article 10(a) that “the freedom to send judicial documents, by postal channels, directly to persons abroad” on 21 December 2018. However, in this case, Toshihide Inoue provided the SPC with his mailing address in Japan, and expressly accepted the SPC to serve him by mail. After receiving the judicial documents from the SPC, Toshihide Inoue signed those documents and sent the corresponding certificate of service back to the SPC.

The SPC held that in terms of civil cases that require cross-border service, if one contracting State to HCCH 1965 Service Convention where the litigant domiciles made oppositions to the postal method of cross-border service, serving judicial documents in a postal manner by the other contracting States to litigants who domicile in the contracting State shall not have the procedural legal binding force. However, the SPC reasoned that HCCH 1965 Service Convention is a convention of private law in nature as its content mainly deals with the service abroad of judicial and extrajudicial documents in civil or commercial matters. In terms of specific cases, if the litigants expressly agree to accept the postal service from the courts of other countries, it shall be construed as a waiver of the party. Respecting the parties’ reasonable choices based on their own places is conducive to the protection of the parties’ litigation interests and the justice of procedure.

Therefore, the waiver that Japanese citizen Toshihide Inoue has made in a private law case involving his own interests is not inconsistent with the Japanese government’s opposition to the way of service by post. Subject to the written consent and the actual acceptance of Inoue Toshihide, the postal service of judicial documents by the SPC complies with due process.

IV. Comments

Article 267 paragraph 1 of Civil Procedure Law (“CPL”) of China stipulates the ways for Chinese courts to serve judicial documents towards parties who do not have a domicile in China, that is, ” in the way specified in the international treaties concluded or acceded to by both the China and the country where the person on whom service is to be made resides”. In the realm of cross-border service, HCCH 1965 Service Convention has a strong influence around the world, both China and Japan are contracting parties to it. In this case, the SPC applied HCCH 1965 Service Convention to serve judicial documents to a Japanese litigant by mail according to the litigant’s clear choice, even if the Japanese government opposed the postal service.

Service abroad is a vital part of international civil procedure. It not only directly relates to whether the transnational litigation in a certain jurisdiction can be carried out in a timely and legal manner, but also relates to whether the procedural rights of the parties are fully protected, and whether the judicial sovereignty of a territory where the party is served is respected as necessary. In this case, the SPC tended to balance the side of judicial efficiency, judicial sovereignty, and the procedural rights of the parties.

 

References:

[1] (2019) Zui Gao Fa Min Zhong No. 395.

[2] Convention on the Service Abroad of Judicial and Extrajudicial Documents in Civil or Commercial Matters concluded on15 November 1965 by Hague Conference on Private International Law (HCCH).

[3] TABLE REFLECTING APPLICABILITY OF ARTICLES 8(2), 10(a)(b) AND (c), 15(2) AND 16(3) OF THE HAGUE SERVICE CONVENTION, see:

https://assets.hcch.net/docs/6365f76b-22b3-4bac-82ea-395bf75b2254.pdf .

[4] (2016) Jin 02 Min Zhong No. 4339.

[5] (2014) Jin Gao Min Er Chu Zi No.0052.

REGULATIONS

CAC seeks comments on revising Administrative Measures for Internet Information Services

On January 8, 2021, the Cyberspace Administration of China (“CAC”) issued the Administrative Measures for Internet Information Services (Revised Draft for Comments) (the “Draft for Comment”) for public comments by February 7, 2021.

The Draft for Comment applies to any organization or individual within the territory of the People’s Republic of China providing Internet information services to domestic users by using domestic and foreign network resources.

The Draft for Comment requires that those who engage in Internet information services, which belong to operating the business of telecommunications, shall obtain the business license from the competent department of telecommunications; those who do not belong to operating the business of telecommunications shall undertake the filing-for-record formalities with the competent department of telecommunications. Those who have not obtained the business license of telecommunication business or have not completed the filing-for-record formalities shall not engage in Internet information services.

The Draft for Comment requires that Internet information service providers, Internet network access service providers and their staff shall adopt technical measures and other necessary measures to protect the identity information and log information collected and used from leakage, damage and loss.

http://www.cac.gov.cn/2021-01/08/c_1611676476075132.htm

 

MOFCOM issued the Rules on Counteracting Unjustified Extra-Territorial Application of Foreign Legislation and Other Measures

On January 9, 2021, the Rules on Counteracting Unjustified Extra-Territorial Application of Foreign Legislation and Other Measures (“Rules”), are hereby promulgated by Ministry of Commerce of the People’s Republic of China (“MOFCOM”) and shall be effective as of the date of the promulgation.

These Rules apply to situations where the extra-territorial application of foreign legislation and other measures, in violation of international law and the basic principles of international relations, unjustifiably prohibits or restricts the citizens, legal persons or other organizations of China from engaging in normal economic, trade and related activities with a third State (or region) or its citizens, legal persons or other organizations.

These Rules require that where a citizen, legal person or other organization of China is prohibited or restricted by foreign legislation and other measures from engaging in normal economic, trade and related activities with a third State (or region) or its citizens, legal persons or other organizations, he/it shall truthfully report such matters to the competent department of commerce of the State Council within 30 days.

These Rules require that the State shall establish a working mechanism composed of relevant central departments (“Working Mechanism”), to take charge of counteracting unjustified extra-territorial application of foreign legislation and other measures. Where the Working Mechanism, upon assessment, confirms that there exists unjustified extra-territorial application of foreign legislation and other measures, it may decide that the competent department of commerce of the State Council shall issue a prohibition order to the effect that, the relevant foreign legislation and other measures are not accepted, executed, or observed (“prohibition order”). The prohibition order may be suspended or withdrawn by decision of the Working Mechanism based on actual circumstances.

A citizen, legal person or other organization of China may apply to the competent department of commerce of the State Council for exemption from compliance with a prohibition order. Meanwhile, these Rules follow that where a person complies with the foreign legislation and other measures within the scope of a prohibition order, and thus infringes upon the legitimate rights and interests of a citizen, legal person or other organization of China, the latter may, in accordance with law, institute legal proceedings in a people’s court, and claim for compensation by the person.

http://www.mofcom.gov.cn/article/zwgk/zcfb/202101/20210103029710.shtml\

 

PBOC issued the Administrative Measures for Credit Reporting Business (Draft for Comment)

On January 11, 2021, the People’s Bank of China (“PBOC”) issued the Administrative Measures for Credit Reporting Business (Draft for Comment) (the “Draft for Comment”) for public comments by February 10, 2021.

On credit information collection, the Draft for Comment stipulates that credit agencies should:

  • follow the principle of “minimum and necessary” and credit information collection should not be excessive;
  • examine the business legitimacy, information source, information quality, information security and authorization of information subject of the information provider to ensure the legality, accuracy and sustainability of credit information collection;
  • clarify with the information provider their respective rights and obligations in data correction, objection of handling, information security, etc.; and
  • obtain the information subject’s consent, and inform the information subject clearly of the purpose, source and scope of credit information collection, as well as the possible adverse consequences of not agreeing to the information collection.

http://www.pbc.gov.cn/tiaofasi/144941/144979/3941920/4160598/index.html

 

MIIT launches pilot program on classified and graded management of cybersecurity of industrial Internet enterprises

On January 13, 2021, the Ministry of Industry and Information Technology (“MIIT”) issued the Circular on Launching the Pilot Program on Classified and Graded Management of Cybersecurity of Industrial Internet Enterprises (the “Circular”).

The Circular provides that, in light of the actual development of the industrial Internet in various regions, and by taking into full consideration the willingness of various regions to participate in the program, 15 provinces (autonomous regions and municipalities directly under the Central Government) including Tianjin, Jilin, Shanghai, Jiangsu, Zhejiang, Anhui, Fujian, Shandong, Henan, Hunan, Guangdong, Guangxi, Chongqing, Sichuan, Xinjiang are initially scheduled to launch the pilot program.

The Circular requires that, through the pilot program:

  • the rationality, effectiveness and operability of rules, standards and procedures of classification and grading for cybersecurity of industrial Internet enterprises, and security-series protection specifications for industrial Internet shall be perfected, and the construction of a classified and graded management system for cybersecurity of industrial Internet enterprises shall be accelerated;
  • the main responsibility of the cybersecurity of pilot enterprises shall be performed, to form a reproducible and popularized classified and graded management model of cybersecurity of industrial Internet enterprises; and
  • a batch of typical solutions for cybersecurity of industrial Internet shall be summarized, a batch of excellent demonstration enterprises shall be selected, and a batch of professional service organizations shall be cultivated.

https://www.miit.gov.cn/jgsj/waj/gzdt/art/2021/art_eb95e60794794fc29f768233e7d7739d.html

 

SPP issued the Provisions on the Handling of Cybercrime Cases by the People’s Procuratorates

On January 25, 2021, the Supreme People’s Procuratorate (“SPP”) issued the Provisions on the Handling of Cybercrime Cases by the People’s Procuratorates (the “Provisions”) for implementation as of the date of issuance.

The Provisions has a total of 65 articles in seven chapters, including general provisions, guided collection of evidence and case review, review of electronic data, and attendance in court in support of public prosecutions.

The Provisions require that the people’s procuratorate should strengthen the punishment in handling cybercrime cases in whole and pay attention to examining and discovering the clues of upstream and downstream related crimes. For a suspected crime, if the public security organ does not put it on file for investigation and should apply for approval of arrest but does not apply for approval of arrest, or if the case should be transferred for prosecution but does not be transferred for prosecution, supervision shall be carried out according to law.

https://www.spp.gov.cn/spp/xwfbh/wsfbh/202101/t20210125_507446.shtml

 

CONTACT US

If you would like to receive our legal update via email, please contact jianghongyu@anjielaw.com.

For more information, please contact:

Samuel Yang | Partner

AnJie Law Firm

P: +86 10 8567 2968

M: +86 1391 0677 369

E: yanghongquan@anjielaw.com

Hongquan (Samuel) Yang is a partner with AnJie Law Firm. He has worked as in-house counsel and external lawyer in the technology, media and telecoms (TMT) sectors for nearly 20 years and is regarded as a true expert in these areas. He advises clients on a wide range of regulatory, commercial and corporate matters, especially in telecommunications, cybersecurity, data protection, internet, social networking, hardware and software, technology procurement, transfer and outsourcing, distribution and licensing, and other technology-related matters. He also advises clients on compliance and investigation matters.

Samuel has been recognized as a Leading Individual in PRC TMT firms (Legal 500, 2020), a Band 1 Cyber Security & Data Protection Lawyer (LEGALBAND, 2019, 2020) and one of the Top 10 Cyber Security and Data Protection Lawyers in China (LEGALBAND, 2018). Legal 500 commented that Samuel and his team at AnJie have a particular strength in “telecom-related regulatory and general commercial legal services” and “issues such as cyber security and data protection areas” and have “built a real niche” in these areas.

Samuel mainly serves Fortune 500 companies, large state-owned enterprises and leading Chinese internet companies. Samuel is a regular contributor to many legal journals and his publications regarding Chinese data protection and cybersecurity laws are well-received and widely reproduced.

Before joining AnJie, Samuel worked for British Telecom, CMS and DLA Piper.

Let’s talk tech and Chinese money.

Since antiquity, China had led the world with its adoption of cutting-edge currency

Today, there is an immense amount of interest surrounding China’s new digital yuan (“DCEP” – Digital Currency Electronic Payment).

However, China’s history of currency innovation goes back to ancient times. Unlike Roman coins, ancient Chinese coins are marked by a square hole in the middle, allowing the bearer to efficiently string large amounts together for ease of transport.

A “开元通宝”, kāiyuán tōng bǎo; ‘Circulating treasure from the inauguration of a new epoch’. Attribution: Unknown.

Another innovation was the use of bolts of silk. In ancient times, silk was issued to garrisoned troops along the silk road as a form of payment, because it was lighter than coins and easier to transport overland from the then-imperial capital of Chang’An (present-day Xi’an).

A plain, basket-weave (one thread over, one thread under) bolt of silk from the 3rd or 4th century CE and currently housed at the British Museum. Before it snapped in half, this bolt was sent as payment to garrisoned Chinese troops in the silk road city of Krorän (also known as Loulan). Attribution: Valerie Henson, The Silk Road, Colour Plate 5A.

Promissory bank notes appeared a few hundred years after silk bolts were used, in Tang dynasty China. These promissory notes allowed merchants to conclude large transactions without needing to carry heavy loads of metal coins (Tiě qián, 贴钱) on their person. Another few hundred years later, real paper currency (Jiāo zi, 交子) appeared in Song dynasty China (although Chinese paper already existed when silk was used as payment, it was mostly for wrapping and it took some time for paper currency Jiāo zi to emerge).

China is starting a new chapter in its currency innovations

Fast forward to today: with the proliferation of Wechat Pay and Alipay during the 2010s, China has, more than a millennium after inventing paper bank notes, become the first major economy to transform into a cashless society. In this regard, China is already miles ahead of other developed markets.

In line with its history of currency innovation, China is again writing a new chapter. However this time, there is one major difference. Past Chinese improvements on money were usually incremental. Paper and silk are lighter than copper, and digital wallets weigh no more than the smartphone they’re carried. That latter also bring some additional record-keeping features, like a basic receipt for the parties’ reference.

Unlike these incremental evolutions, the DCEP is a revolutionary advance in currency. Allowing near-instant foreign exchange settlement and built on blockchain, the DCEP is perfectly traceable and allows the People’s Bank of China (“PBOC“, Chinese Central Bank) and state owned banks to collect data not only on transactions between users (the parties, the date, and the amount exchanged, among other details) but also on each subsequent transaction using DCEP. There is immense potential for using this ledger data to fuel the growth of fintech in China.

To better understand this, imagine for a moment if every transaction for every US Dollar in circulation — for the lifetime of each dollar — were recorded by the Federal Reserve on a ledger. These dollars are stored and exchanged in digital wallets, each of which has an “address” (like a bank account number) tied to a person or company.

Whether in New York, Paris, or Shanghai, the Federal Reserve now knows the name, timestamp, and amount exchanged for every transaction completed in USD. Now imagine that the Federal Reserve makes this data available to tech giants, either to help detect crime, encourage innovation, or even to help the government raise money. Imagine also that they share this information with law enforcement to help them identify and catch criminals, and fight money laundering and tax evasion.

Obviously, the Federal Reserve won’t be able to realize these scenarios for legal and political reasons. It is very limited in what it can do with a digital dollar. It would be illegal for it to sell user data without user consent and privacy concerns in the US would quickly lead to public backlash against sharing data with law enforcement programs. It should be noted that the US Federal Reserve is considering a Central Bank Digital Currency (CBDC), though this has yet to launch and its scope is set to be much narrower than in the scenarios described above.

The PBOC, on the other hand, is more than ready to push a digital currency to its fullest potential, from government departments to beyond China’s borders. As of January 2, 2020, the PBOC had already filed 84 patent applications for the DCEP, and the DCEP is scheduled to be in use in time for the 2022 Winter Olympics in Beijing. The plan is to first implement its use across government institutions, then large Chinese companies, and then finally to help forge a path along the new land, maritime, and “digital” silk roads as a settlement layer in the Belt and Road Initiative (“BRI“). Former PBOC Governor Zhou Xiaochuan recently spoke at length on the potential for the DCEP to transform cross-border trade.

There are plans to share DCEP data to fight crime. According to Yao Qian, founder of the PBOC’s Digital Currency Research Lab, the DCEP’s data will also be shared with law enforcement. Of course, as suggested in a report by the Bank of International Settlements, the benefits to law enforcement could be minimal because ordinary criminals will tend to avoid a fully traceable currency. That said, it could be used to great effect to fight white-collar crime and corruption. For example, after government treasuries convert all Yuan to the DCEP, their spending (and the spending of government contractors) could be tightly monitored. This may lead to much greater transparency in areas like government product procurement, construction, and other public tenders, which are particularly vulnerable to bad actors. Similarly, once large companies convert to DCEP, it follows that their staff payroll and a funds paid to suppliers will also be traceable.

Moreover, there are already plans in place for the mass-commoditization of data in China, which may enable marketing DCEP data. This year, it was revealed that Shenzhen will establish a “data trading market” and “take the lead” in exploring new mechanisms for data property rights protection and utilisation (see 2020 Implementation Plan for the Pilot Comprehensive Reform of Building a Pilot Demonstration Zone of Socialism with Chinese Characteristics in Shenzhen). To be clear so far, there is no indication this this is intended to market DCEP data, but it does open very interesting opportunities should the government decide to do so.

Implications of China’s DCEP for Insurtech & Insurers

In terms of creating Insurtech products for end-users, the DCEP’s implications for Insurtech depend in part on whether and to what extent the DCEP will enable or support smart contracts. Smart contracts are already featured on other crypto tokens, most notably the Ethereum Virtual Machine (“ERC-20“) which supports developing smart contracts by using the Solidity programming language, a combination of Javascript and C++.

While initially a cause for alarm in some jurisdictions, blockchain smart contracts hold great potential that is increasingly well-understood by regulators. In addition to powering the telematics behind Insurtech products (for more on the potential for telematics in China see our past article, “Can Foreign Investors Capitalize on Insurtech’s Growth in China?”), smart contracts enable automating transfers of rights in exchange for funds and lowering transaction costs (especially for multi-party agreements).

This technology forms the basis of Initial Coin Offerings (“ICO“). Through ICOs, smart contracts allow a fundraising venture to execute only after sufficient investors have agreed to the financing terms. In exchange for funding the venture, the investors receive a token, a kind of digital share certificate recorded on blockchain.

Although ICOs provide an innovative and potentially important vehicle to support fundraising for new ventures and ideas, lack of regulation and rampant fraud raised serious regulatory concerns when they became popular a few years ago. For more on this, see Zetzsche et al., “The ICO gold rush: It’s a scam, it’s a bubble, it’s a super challenge for regulators”, Harvard International Law Journal, vol. 60, no. 2, 2019. ICOs have been banned in the PRC Mainland since September 2017 (PBOC, CAC, MIIT, SAIC, CBRC, CSRC, and CIRC Announcement on Preventing Financial Risks from Initial Coin Offerings).

While ICOs remain restricted in the PRC, they are now legally regulated in Hong Kong and Taiwan as Security Token Offerings (“STO“). STOs combine the power of an ICO with the stringent regulations of the securities market.

Integrating the digital Yuan with an eventual STO regime would be revolutionary in a couple of different ways. First, allowing STOs — whether in Hong Kong or in the PRC assuming they are legalized — to be denominated in DCEP would greatly benefit fundraising for this innovative space. This would be a win for both private investors and the government: investors gain access to a powerful new fundraising tool, while the government can monitor and regulate STOs under its financial exchanges by bringing them within the fold of Chinese securities laws. This would allow regulators to implement mandatory disclosure rules to protect investors from the risks of fraud associated with ICOs, and further displace unofficial cryptocurrencies by channeling existing ICO action into the legitimate STO system. Together, these changes would make institutional investors more likely to treat STOs as serious investment opportunities. As a result, enabling the DCEP to support STOs would cement the DCEP’s appeal for fundraisers and institutional investors while helping the government keep tabs on this new activity in public exchanges.

Legalizing STOs and allowing them to be denominated in DCEP also opens up major new underwriting opportunities for property insurers. Say, for example, that an opportunity presents itself for a new insurance line of business — a new Chinese rocket company wants to launch missions into space to replenish the International Space Station, or launch a new satellite. Given the risks, it cannot find an insurer willing to underwrite and sell such an insurance policy.

With a DCEP-denominated STO, an insurer could decide to underwrite such a policy on the condition that an STO attracts an adequate number of co-insurers and reinsurers, and then exchange the tokens as financial assets. If there’s adequate market interest after the STO is listed, then the policy would launch (as would the rocket ship!), be divided into token shares, and then be distributed into each insurer and reinsurer’s book of business in exchange for their DCEP payments. After the STO is written, all of these subsequent steps would happen automatically and significantly reduce transaction costs. Innovations like this are already occurring, for example Nexus Mutual, a blockchain company providing a decentralized financial alternative to insurance cover. Depending on how innovative the regulators wish to be, such “policy tokens” could then be resold as securities to investors on the Shanghai, Shenzhen, or Hong Kong stock exchange. In an interview with Sergey Nazarov, co-founder of Chainlink (a company developing “oracles” for smart contracts), one possibility under discussion is for the revenue from such policies to  even become tokenized, and then bought and sold as a fixed-income investment asset.

Due to its instant settlement capability, denominating these investments in DCEP would also open the door for participation from foreign insurers provided that they satisfy market access requirements (for more on this, see our past articles, WFOE Shopping — How Do Beijing, Shanghai, And Shenzhen Compare For Establishing An Insurance WFOE In China?; and China, GATS, Trump: Do Non-US Insurers Get A Piece Of The China-US Trade Deal?).

Second, integrating the DCEP with an STO regime would be particularly welcome for insurance investors, for whom restrictions on equity investments were recently relaxed in November 2020. Coming into effect on November 12, the Notice on Matters Related to Insurance Fund Financial Equity Investment (the “Notice“) lifts a significant number of prohibitions on equity investments by insurers. In particular, it divides permissible investments into a positive and a negative list. Generally, as long as an equity investment prospect is safe, liquid (stable cash flow and a track record of dividends), profitable, legally registered and not engaged in serious legal disputes, is led by an honest team, presents no risk of related-party transactions, is not involved in real estate, is not a serious environmental polluter, and is not on the NDRC’s negative list, then an insurer is free to invest in it. Although in practice a significant number of ICOs were risky, failed, and would not meet these criteria for investment, in theory this opens the door for lucrative new investment opportunities if the government opens the door to PRC STOs with sufficient securities regulations in place.

While this DCEP/STO revolution is far from a reality, the government is already moving towards an “internet of blockchains” that would allow the DCEP to work far better with existing smart contract ecosystems. One government initiative, the Blockchain Services Network (“BSN“, 区块链服务网络, qū kuài liàn fúwù wǎngluò) is designed to allow cross-platform compatibility and support popular Western frameworks such as “Hyperledger Fabric (already supported), Ethereum, EOS and Digital Asset’s DAML” (Forbes). The BSN is aimed at “providing a robust, low-cost, high-availability, multi-cloud, internet-of-blockchains infrastructure”, and was launched in collaboration with large Chinese enterprises including UnionPay, China Mobile Communications Corporation, Design Institute, and China Mobile Communications Corporation Government (ibid).

As for personal insurance, this would depend in large part whether and to what extent DCEP data will be turned over to the private sector. Realistically, most personal data would be off-limits — absent user consent, we most likely will not enter a dystopian future where central banks sell data on personal lifestyle habits to insurers in order to adjust health policy rates. However, as discussed above, it would be feasible for the PBOC to make some personal data available to some financial institutions in order to help fight financial crimes, and this may including combating risks such as insurance fraud. It would also be feasible for new insurance contracts to stipulate that some benefits will only be paid out in DCEP. While insurers would not collect DCEP data, they may thereafter be able to request production of such data in the event of a lawsuit disputing the claim, and detect suspicious activity after the benefits are paid with the help of forensic experts.

Besides fraud prevention, one form of data that would be particularly helpful is data on insurance disputes. Insurtech smart-contracts could feasibly house not only insurance policies, but also dispute resolution provisions which connect to mediation, arbitration, or even Chinese internet courts. One example, SageWise, already provides a dispute resolution clause to be integrated within smart contracts. The data generated from disputes, i.e. the nature of the disputed claim, the amount, and the party which prevails, could help regulators identify and take action against standard clauses showing a high-frequency of disputes, while allowing insurance companies to better allocate resources in drafting and communicating sensitive policies to their clients. This would allow not only resolution of disputes, but also prevention of future disputes.

If allowed to be used by the private sector, we can expect there to be strict guardrails in place for how DCEP data is used, which would make it especially difficult for foreign insurers seeking to enter China’s Insurtech market to satisfy local requirements. Under Article 37 of China’s Cybersecurity Law (2017) (“CSL“), Chinese citizens’ personal data, together with critical business data collected in China, must be stored within mainland China, and companies must undergo a security assessment before exporting such data across the border. Thus although possible to make visible from an insurer’s headquarters in London or New York, this would almost certainly require a local Chinese partner or subsidiary that can pass the CSL’s security assessment prior to sending such data to a foreign server.

Conclusion

From bolts of silk to blockchain bits and bytes, China has a rich history of currency innovation that continues to the present day.

This time, China is implementing a currency innovation so revolutionary that it will take years to fully grasp its potential. The DCEP allows near-instant settlement and will play a significant role in the land, maritime, and digital silk roads, with the potential to transform cross-border trade.

Legalizing STOs and allowing them to be denominated in DCEP would unleash a wide range of new investment and underwriting opportunities for insurers. The DCEP would be especially powerful if it can support smart contracts. As for data, the DCEP may present great advantages to insurers in terms of risk and fraud detection, though this depends in large part on the extent to which PBOC data is shared with other financial institutions.

In light of the DCEP’s untapped potential, the 2022 Winter Olympics in Beijing will — just like the 2008 Beijing Summer Olympics — display to the world a modern, dynamic China with its sight set on even further horizons.

REGULATIONS

CAC seeks comments on scope of necessary personal information required for 38 types of Apps

On December 1, 2020, the Cyberspace Administration of China (“CAC”) issued the Scope of Necessary Personal Information Required for Common Types of Mobile Internet Applications (Draft for Comment) (the “Draft for Comment”) for public comments by December 16, 2020.

The Draft for Comment stipulates the scope of necessary personal information required for 38 common types of Apps such as map navigation App, online car-hailing App, and instant messaging App. In particular, the Draft for Comment provides that as long as a user gives consent to the collection of its necessary personal information required for an App, such App shall not refuse the user’s installation and use. Meanwhile, a total of 12 types of Apps, including online live streaming App, online audio and video App, short video App, and browser App, shall provide basic functional services without asking personal information of users.

http://www.cac.gov.cn/2020-12/01/c_1608389002456595.htm

 

Three departments released the Announcement on Issuing the Import Licensing List and Export Control List of Commercial Cryptography and Relevant Administrative Measures

On December 2, 2020, the Ministry of Commerce (the “MOC”), the State Cryptography Administration (the “SAC”) and the General Administration of Customs (the “GAC”) jointly released the Announcement on Issuing the Import Licensing List and Export Control List of Commercial Cryptography and Relevant Administrative Measures (the “Announcement”).

Main contents of the Announcement are as below:

  1. In order to safeguard national security and public interests, it is hereby decided to carry out import licensing and export control for relevant commercial cryptography.
  2. Regarding the import of items and techniques set out in the Import Licensing List of Commercial Cryptography, i.e., encrypted telephone sets, encrypted fax machines, cryptographic machines (cards) and encrypted VPN equipment, the import license of dual-use items and techniques shall be applied for with the MOC.
  3. Regarding the export of items and techniques specified in the Export Control List of Commercial Cryptography, including security chips, key management products, special cryptographic equipment and cipher development and production equipment, the export license of dual-use items and techniques shall be applied for with the MOC.

This Announcement shall enter into force on January 1, 2021, and the Announcement No. 18 of the State Cryptography Administration and the General Administration of Customs, the Announcement [2012] No. 64 of the General Administration of Customs and the State Cryptography Administration, the Announcement No. 27 of the State Cryptography Administration and the General Administration of Customs, and the Announcement No. 38 of the State Cryptography Administration, the Ministry of Commerce and the General Administration of Customs are to be repealed simultaneously.

http://www.mofcom.gov.cn/article/zwgk/zcfb/202012/20201203019733.shtml

 

MIIT announced the seventh batch of Apps for infringement on users’ rights and interests

On December 21, 2020, the Ministry of Industry and Information Technology (“MIIT”) announced the seventh batch of apps for infringement on users’ rights and interests. The main problems involved are as follows:

  1. collecting and using personal information in violation of laws and regulations;
  2. asking for permission mandatorily and in an excessively frequent way;
  3. deceiving and misleading users to download Apps; and
  4. App information on the App distribution platform is not clear.

https://www.miit.gov.cn/jgsj/xgj/gzdt/art/2020/art_13136b980ab444519feac1c3b3c48086.html

 

MHRSS: A human resource service agency shall ensure personal information security

On December 23, 2020, the Ministry of Human Resource and Social Security (“MHRSS”) issued the Administrative Provisions on Online Recruitment Services (the “Provisions”), which will take effect from March 1, 2021.

On personal information protection, the Provisions provide:

  • A human resource service agency engaged in online recruitment services shall strengthen cybersecurity management, fulfill cybersecurity protection obligations, and take technical or other necessary measures in accordance with the requirements of national cybersecurity laws, administrative regulations and multi-level protection system of cyber security, to ensure the security of the recruitment service network, information system and user information.
  • A human resource service agencyshall establish and improve the information protection system for online recruitment service users, and shall not disclose, tamper with, damage or illegally sell, or illegally provide other people with the ID card number, age, gender, address, contact information and business status of the employer.
  • Ahuman resource service agency shall conduct self-examination on the information protection of online recruitment service users at least once a year, record the self-examination situation, and timely eliminate the security risks found in the self-examination.
  • Where a human resource service agency engaged in online recruitment services does need to provide an overseas institution with the personal information and important data collected and generated in its operations within the territory of China due to business needs, it shall comply with relevant laws and administrative regulations of the State.

http://www.mohrss.gov.cn//xxgk2020/fdzdgknr/zcfg/bmgz/202012/t20201223_406512.html

 

MIIT issued the Construction Guidelines of Data Security Standard System in Telecom and Internet Industry

On December 25, 2020, the Ministry of Industry and Information Technology (“MIIT”) issued the Construction Guidelines of Data Security Standard System in Telecom and Internet Industry (the “Guidelines”)

The Guidelines include standards of basic generality, critical technology, safety management and critical areas. The standards of basic generality include the definition of terms, data security framework, data classification and grading, etc., which provide basic support for various standards. The critical technology standards regulate the critical technology of data security from a whole life cycle dimensions of data collection, transmission, storage, processing, exchange, destruction, etc. Security management standards include data security specification, data security assessment, monitoring, early warning and disposal, emergency response and disaster backup, security capability certification, etc. Critical areas standards include 5G, mobile Internet, Internet of vehicles, Internet of things, industrial Internet, cloud computing, big data, artificial intelligence, blockchain and other critical areas.

Data security standards in the field of the Internet of vehicles mainly include the data security of the cloud platform of the Internet of vehicles, the data security of V2X communication, the data security of the intelligent connected vehicle, and the data security of the mobile App of the Internet of vehicles, etc.

Data security standards in the field of mobile Internet mainly include personal information protection of mobile applications, SDK security of mobile applications, etc.

Data security standards in the field of artificial intelligence mainly include data security of artificial intelligence platform, personal information protection of artificial intelligence terminal, etc.

https://www.miit.gov.cn/zwgk/zcwj/wjfb/txy/art/2020/art_4a6aca0048b742ea97cfb280e981125e.html

 

CONTACT US

If you would like to receive our legal update via email, please contact jianghongyu@anjielaw.com.

For more information, please contact:

Samuel Yang | Partner

AnJie Law Firm

P: +86 10 8567 2968

M: +86 1391 0677 369

E: yanghongquan@anjielaw.com

Hongquan (Samuel) Yang is a partner with AnJie Law Firm. He has worked as in-house counsel and external lawyer in the technology, media and telecoms (TMT) sectors for nearly 20 years and is regarded as a true expert in these areas. He advises clients on a wide range of regulatory, commercial and corporate matters, especially in telecommunications, cybersecurity, data protection, internet, social networking, hardware and software, technology procurement, transfer and outsourcing, distribution and licensing, and other technology-related matters. He also advises clients on compliance and investigation matters.

Samuel has been recognized as a Leading Individual in PRC TMT firms (Legal 500, 2020), a Band 1 Cyber Security & Data Protection Lawyer (LEGALBAND, 2019, 2020) and one of the Top 10 Cyber Security and Data Protection Lawyers in China (LEGALBAND, 2018). Legal 500 commented that Samuel and his team at AnJie have a particular strength in “telecom-related regulatory and general commercial legal services” and “issues such as cyber security and data protection areas” and have “built a real niche” in these areas.

Samuel mainly serves Fortune 500 companies, large state-owned enterprises and leading Chinese internet companies. Samuel is a regular contributor to many legal journals and his publications regarding Chinese data protection and cybersecurity laws are well-received and widely reproduced.

Before joining AnJie, Samuel worked for British Telecom, CMS and DLA Piper.

REGULATIONS

NISSTC issued the Guidelines for Data Security of Online Car-booking Services (Draft for Comment)

On November 10, 2020, the Secretariat of the National Information Security Standardization Technical Committee (“NISSTC”) issued the Information Security Technology – Guidelines for Data Security of Online Car-booking Services (Draft for Comment) (the “Draft”) for public comments by January 8, 2021.

The Draft specifies the types, scope, methods and conditions of collection, storage, use, sharing, public disclosure and deletion of data, as well as data security management requirements.

The requirements of data collection are as follows:

  • before collecting the personal information of users, online car-booking service operators shall inform users and obtain the consent of users;
  • When users refuse to provide personal information other than the minimum necessary personal information, online car-booking service operators shall not refuse to provide the online car-booking service; and
  • When users refuse to provide the minimum necessary personal information corresponding to the optional business function of online car-booking service, online car-booking service operators can refuse to provide the corresponding optional business function service but should not refuse to provide online car-booking service.

The requirements of data transmission and storage are as follows:

  • When online car-booking service operators transmit personal information through the Internet, they should adopt security measures such as encryption;
  • Online car-booking service operators shall store the personal identification information, facial recognition features and audio and video trip recordings data of passengers and drivers separately;
  • It is not suitable for online car-booking service operators to store the travel track and audio and video trip recordings data in the office terminal, but in the server with security measures.

The Draft also stipulates that online car-booking service operators should not abuse big data analysis and other technical means to set unfair trading conditions based on user consumption records and consumption preferences, thus infringing on users’ legitimate rights and interests.

https://www.tc260.org.cn/front/bzzqyjDetail.html?id=20201110160208&norm_id=20201030200001&recode_id=40116

 

NISSTC issued the Guidelines on the Code of Ethics for Artificial Intelligence (Draft for Comment)

On November 9, 2020, the Secretariat of the National Information Security Standardization Technical Committee (the “NISSTC”) issued the Practice Guide to Cybersecurity Standards – Guidelines on the Code of Ethics for Artificial Intelligence (Draft for Comment) (the “Draft”) for public comments by November 23, 2020.

The Draft gives safety risk warnings regarding potential ethical issues associated with artificial intelligence (“AI”), and provides guidelines for AI research and development, design and manufacturing, deployment and application, consumer use and other related activities.

On deployment and application, the Draft stipulates that the deployer should explain the functions, limitations, risks and impacts of systems, products or services related to AI to users in a timely, accurate, complete, clear and unambiguous manner, and explain the relevant application process and application results. The deployer should also provide users with a clear and easy way to operate mechanism to refuse or stop using systems, products or services related to AI. After users refuse or stop using systems, products or services related to AI, the deployer should provide users with alternative non-AI options as far as possible.

https://www.tc260.org.cn/front/postDetail.html?id=20201109163419

 

RCEP: To protect the personal information of electronic commerce users

On November 15, 2020, the Regional Comprehensive Economic Partnership Agreement (“RCEP”) was concluded. The RCEP consists of 20 chapters, covering comprehensive market access commitments on goods, services, investment and other areas.

The Chapter “Electronic Commerce” of RCEP stipulates that the party to the RCEP is:

  • encouraged to improve trade management and procedures through electronic means;
  • required to create a favorable environment for electronic commerce, to protect the personal information of electronic commerce users, provide protection for online consumers, and strengthen supervision and cooperation on unsolicited commercial electronic information.

On cross-border transfer of information by electronic means, RCEP also provides the party shall not prevent cross-border transfer of information by electronic means where such activity is for the conduct of the business of a covered person.

http://fta.mofcom.gov.cn/rcep/rceppdf/d12z_en.pdf

 

Announcement on 35 App for non-compliance with collecting and using personal information

On November 13, 2020, Task Force on Apps for Illegal Collection and Use of Personal Information (“Force”) finds that there are problems in the collection and use of personal information of 35 Apps. It is suggested that the relevant App operators should rectify the existing problems in time and feedback the rectification situation to the Force within 30 days from now on. After the 30 days, the Force will verify the rectification situation, submit the review results to the relevant departments, and handle those that cannot be effectively rectified according to laws.

https://mp.weixin.qq.com/s/KGFSSM9yuIxs9Wrv2tR24w

 

Live streaming platforms shall establish a mechanism for personal information protection 

On November 13, 2020, the Cyberspace Administration of China (“CAC”) issued the Administrative Provisions on Live Streaming Marketing Information Content Services (Draft for Comment) (the “Draft”) to solicit public comments by November 28, 2020.

The Draft stipulates that live streaming platforms shall establish a sound mechanism for registration and cancellation of accounts and live streaming marketing business, information security management, codes of conduct for marketing, minors’ protection, users’ rights protection, personal information protection, credit evaluation and data security. At the same time, the Draft provides live streaming platforms shall strengthen the service management of live streaming information on the Internet. If illegal and bad information is found, it shall immediately take measures to deal with it, keep relevant records and report to the relevant competent authorities. Live streaming platform shall prevent and stop illegal advertising, price fraud and other violations of users’ rights and interests and warn users of the risks of private transactions outside the platform in a prominent way.

http://www.cac.gov.cn/2020-11/13/c_1606832591123790.htm

 

PBOC issued the Testing and Evaluation Guidelines for Classified Protection of Cybersecurity of Financial Industry and the Implementation Guidelines for Classified Protection of Cybersecurity of Financial Industry

On November 11, 2020, the People’s Bank of China(“PBOC”) formally issued two standards in financial industry, namely the Testing and Evaluation Guidelines for Classified Protection of Cybersecurity of Financial Industry (“Testing and Evaluation Guidelines”) and the Implementation Guidelines for Classified Protection of Cybersecurity of Financial Industry (“Implementation Guidelines”).

The Testing and Evaluation Guidelines stipulate the general requirements and extended requirements of security evaluation for Level-2, Level-3 and Level-4 protected objects in the financial industry. The Testing and Evaluation Guidelines are applicable to guide financial institutions, evaluation institutions and the competent departments of cybersecurity classified protection in the financial industry to conduct security evaluation on the security status of the classified protection objects.

The Implementation Guidelines include six parts, which regulate:

  • the cybersecurity framework of the financial industry and the security requirements corresponding to different security levels,
  • the basic framework and terminology definition of the cybersecurity level protection work in the financial industry,
  • the cybersecurity post setting requirements of financial institutions,
  • the cybersecurity post ability requirements,
  • the cybersecurity personnel ability evaluation requirements,
  • the cybersecurity training related requirements, and
  • the financial institutions cybersecurity level protection audit implementation requirements, etc.

The Implementation Guidelines are applicable to guide financial institutions, evaluation institutions and competent departments of financial industry to implement classified cybersecurity protection.

https://www.cfstc.org/bzgk/gk/view/bzxq.jsp?i_id=1891

https://www.cfstc.org/bzgk/gk/view/bzxq.jsp?i_id=1885

 

NISSTC issued the Practice Guide to Cybersecurity Standards – Security Guidelines for Using Software Development Kit (SDK) for Mobile Internet Applications

On November 27, 2020, the Secretariat of the National Information Security Standardization Technical Committee (“NISSTC”) issued the Practice Guide to Cybersecurity Standards – Security Guidelines for Using Software Development Kit (SDK) for Mobile Internet Applications (“Guidelines”).

The Guidelines provide the responsibilities of the parties involved in the use of the SDK and the common security issues, as well as the security principles and measures of App providers and SDK providers for common problems. The Guidelines are applicable to preventing SDK security and compliance risks when App providers use the SDK, and also provide reference for SDK providers in protecting SDK security and user personal information.

According to the Guidelines, App providers should take adequate security measures to ensure that there is no security risk when using SDKs, such as conducting security assessment on the SDK before integrating SDKs, conducting continuous dynamic monitoring or regular security assessment on the integrated SDK, signing a cooperation agreement with SDK providers or further improving the cooperation agreement with the SDK providers.

Besides, SDK providers should collect personal information at the lowest frequency necessary to realize its own business functions, and enhance its own security by means of code audit and code obfuscation.

https://www.tc260.org.cn/upload/2020-11-27/1606438309423027911.pdf

 

CONTACT US

If you would like to receive our legal update via email, please contact jianghongyu@anjielaw.com.

For more information, please contact:

Samuel Yang | Partner

AnJie Law Firm

P: +86 10 8567 2968

M: +86 1391 0677 369

E: yanghongquan@anjielaw.com

Hongquan (Samuel) Yang is a partner with AnJie Law Firm. He has worked as in-house counsel and external lawyer in the technology, media and telecoms (TMT) sectors for nearly 20 years and is regarded as a true expert in these areas. He advises clients on a wide range of regulatory, commercial and corporate matters, especially in telecommunications, cybersecurity, data protection, internet, social networking, hardware and software, technology procurement, transfer and outsourcing, distribution and licensing, and other technology-related matters. He also advises clients on compliance and investigation matters.

Samuel has been recognized as a Leading Individual in PRC TMT firms (Legal 500, 2020), a Band 1 Cyber Security & Data Protection Lawyer (LEGALBAND, 2019, 2020) and one of the Top 10 Cyber Security and Data Protection Lawyers in China (LEGALBAND, 2018). Legal 500 commented that Samuel and his team at AnJie have a particular strength in “telecom-related regulatory and general commercial legal services” and “issues such as cyber security and data protection areas” and have “built a real niche” in these areas.

Samuel mainly serves Fortune 500 companies, large state-owned enterprises and leading Chinese internet companies. Samuel is a regular contributor to many legal journals and his publications regarding Chinese data protection and cybersecurity laws are well-received and widely reproduced.

Before joining AnJie, Samuel worked for British Telecom, CMS and DLA Piper.

REGULATIONS

MIIT launches 2020 program of checking cyber security in telecommunications and internet industries

On October 9, 2020, the Ministry of Industry and Information Technology (“MIIT”) issued the Circular on Working Effectively on the 2020 Program of Checking the Cyber Security in the Telecommunications and Internet Industries (the “Circular”).

The Circular provides that the checking object includes networks and systems constructed and operated by basic telecommunication enterprises, Internet enterprises, domain name registration management and service institutions that have obtained the permission of competent telecommunication authorities according to the law. In addition, the checking will focus on the critical information infrastructure as well as important network units and their carrying information systems of the telecommunications and Internet industries, including but not limited to 5G network infrastructure, Mobile App Store, Internet of Things platforms, Industrial Internet platform, Internet of Vehicles application service platform and online car-hailing information service platforms.

Three main contents of the checking are the implementation of cyber security management, technical measures for cyber security protection, and hidden dangers of major cyber security risks.

http://www.miit.gov.cn/n1146285/n1146352/n3054355/n3057724/n3057729/c8112434/content.html

CAC seeks opinions on revising Administrative Provisions on Information Services Provided through Official Accounts to Internet Users

On October 15,2020, the Cyberspace Administration of China (“CAC”) issued the Administrative Provisions on the Information Services Provided through Official Accounts to Internet Users (Draft for Comments) (the “Draft”) for public comments by October 30, 2020.

The Draft stipulates that a platform for the information services provided through official accounts should: prohibit those official accounts that have been closed in accordance with the law and agreement from re-registering with the same account names; review the application for the registration of official accounts engaged in producing the information on the economic, education, health, justice and other fields, and require users to provide the evidentiary materials related to their professional background and professional qualifications when registering; official account information service platform can suspend or terminate the provision of services according to the service agreement for those official accounts that are not logged in or used for more than six months after Internet users have registered; prohibit the compulsory subscription to or following of official accounts of other users without the informed consent of Internet users; and ten kinds of behaviors are prohibited, among which it is required not to “manipulate and utilize multiple platform accounts, release homogeneous information in batch, generate false traffic data, and create false public opinion hot spots”.

http://www.cac.gov.cn/2020-10/15/c_1604325530663495.htm

Standing Committee of the National People’s Congress adopts the Export Control Law

 The Export Control Law of the People’s Republic of China (the “Export Control Law”), adopted at the 22nd Session of the Standing Committee of the 13th National People’s Congress on October 17, 2020, is promulgated, effective on December 1, 2020.

According to the Export Control Law, the term “export control” refers to prohibitive or restrictive measures taken by the State against the transfer of controlled items from the territory of the People’s Republic of China to overseas, and the provision of controlled items by citizens, legal persons and other non-incorporated organizations of the People’s Republic of China to foreign organizations and individuals.

The Export Control Law provides reciprocal measures: where any country or region harms the national security and interests of the People’s Republic of China by abusing the export control measures, the People’s Republic of China may take reciprocal measures against such country or region in light of the actual situations.

The Export Control Law also stipulates that where an exporter has established an internal compliance system for export control and is in good operation, the State’s export control authorities may grant it a general license or take other facilitation measures for relevant controlled items exported by it. Specific measures shall be formulated by the State’s export control authorities.

http://www.npc.gov.cn/npc/c30834/202010/cf4e0455f6424a38b5aecf8001712c43.shtml

China will establish a biosafety information sharing system and biosafety information release system

The Biosecurity Law of the People’s Republic of China (the “Biosecurity Law”) is adopted at the 22nd Session of the Standing Committee of the Thirteenth National People’s Congress of the People’s Republic of China on October 17, 2020, effective April 15, 2021.

The Biosecurity Law provides that the State will establishes a biosafety information sharing system. The national biosafety work coordination mechanism shall organize to establish a unified national biosafety information platform, and the relevant authorities shall collect and deliver the biosafety data and materials and other information to the national biosafety information platform to achieve information sharing.

In addition, the Biosecurity Law provides that the State will establishes a biosafety information release system. Major biosafety information such as the overall situation of the national biosecurity, major biosecurity risk warnings, major biosecurity incidents and their investigation and handling information shall be released by the members of the national biosafety work coordination mechanism according to the division of their responsibilities; other biosafety information shall be released by the relevant departments under the State Council, the local people’s governments at or above the county level and the relevant departments thereof according to their responsibilities and authority. No organization or individual may fabricate or spread false biosafety information.

The Biosecurity Law also requires that where the information on human genetic resources of China is to be provided or made available for use to any overseas organization or individual or the institution established or actually controlled thereby, a report shall be submitted in advance to the department in charge of science and technology under the State Council and information backup shall be submitted.

http://www.npc.gov.cn/npc/c30834/202010/85c189382f6641f8aac2fa1994809df7.shtml

The Chapter Network Protection has been added to the Law on the Protection of Minors

The 22nd Session of the Standing Committee of the 13th National People’s Congress adopted the Law of the People’s Republic of China on the Protection of Minors (Revised in 2020) (the “Law “) on October 17, 2020, which shall take effect from June 1, 2021.

The Chapter Network Protection has been added to the revised Law and the provisions on the protection of minors’ personal information are as follows:

  • Information processors who process personal information of minors through the Internet shall follow the principles of legality, legitimacy and necessity. On processing the personal information of minors under the age of 14, the consent of their parents or other guardians shall be obtained, except as otherwise provided by laws and administrative regulations.
  • If minors, theirparents or other guardians require the information processor to correct or delete the personal information of minors, the information processor shall take timely measures to correct or delete the personal information, unless otherwise provided by laws and administrative regulations.
  • If the Internet service provider discovers that minors release private information through the Internet, they shall prompt them in time and take necessary protection measures.
  • If the Internet service provider discovers that the user publishes or disseminates information that may affect the physical and mental health of minors without making a noticeable reminder, it shall make a reminder or notify the user to be reminded; if no reminder is given, the relevant information shall not be transmitted.
  • If the Internet service provider finds that the user publishes and disseminates the information that endangers the physical and mental health of minors, it shall immediately stop transmitting the relevant information, take measures such as deleting, shielding and disconnecting links, keep relevant records, and report to the cyberspace administration, public security and other departments.
  • If the Internet service provider discovers that a user has committed an illegal or criminal act against a minor by using its Internet service, it shall immediately stop providing Internet service to the user, keep relevant records and report to the public security organ.

http://www.npc.gov.cn/npc/c30834/202010/82a8f1b84350432cac03b1e382ee1744.shtml

Network transaction operators shall keep the personal information collected strictly confidential 

On October 20, 2020, the State Administration for Market Regulation issued the Measures for the Supervision and Administration of Online Transactions (the “Draft”) for public comments by November 2, 2020.

On the protection of personal information, the Draft stipulate that network transaction operators shall obtain the authorization and consent of the collector when collecting and using the personal information of users, and clearly state the purpose, necessity, scope and method of collection and use based on the principle of legality, legitimacy and necessity. It is not allowed to adopt a one-off general authorization method, or to force or disguisedly force the collector to agree to the collection and use of information that is not directly related to business activities by default authorization, binding with other authorizations, or stopping installation and use. When collecting and using sensitive information such as biometric information, health information, property information, social information, etc., authorization and consent of the collector shall be obtained one by one. Network transaction operators and their staff shall keep the personal information collected strictly confidential and shall not provide it to any third party, including related parties, without the authorization and consent of the collector.

http://www.samr.gov.cn/hd/zjdc/202010/t20201020_322434.html

MIIT strengthens in-process and ex-post regulation of foreign-funded telecommunications enterprises

On October 20,2020, the Ministry of Industry and Information Technology (“MIIT”) issued the Circular on Strengthening the In-process and Ex-post Regulation of Foreign-invested Telecommunications Enterprises (the “Circular”).

The Circular provides that the MIIT will cease to approve and issue the Examination Decision on Foreign Investment in Telecommunications (the “Decision”) from the date of issuance of the Decision of the State Council on Cancelling and Decentralizing a Number of Administrative Licensing Items, and the examination of foreign investments will be included in the process of approval of business licensing for telecommunications accordingly. The Circular further clarifies that foreign-invested enterprises that have been approved with the Decision issued previously may continue to apply for the business licensing for telecommunications in accordance with legal procedures. When directly applying for the business licensing for telecommunications or for changes in the telecommunications business, subsequent foreign-invested enterprises are required to concurrently submit relevant application materials on foreign investments, and the MIIT will handle the applications in accordance with laws and regulations.

The Circular also stipulates that restrictions on shareholding ratio held by foreign investors and other access policies and requirements shall be still subject to the Administrative Provisions on Foreign-funded Telecommunications Enterprises, the Telecommunications Regulations of the People’s Republic of China, the Special Administrative Measures (Negative List) for Foreign Investment Access, and other legal documents.

http://www.miit.gov.cn/n1146295/n1652858/n1652930/n3757020/c8126050/content.html

The Law of the People’s Republic of China on Personal Information Protection (Draft) is released

On October 21, 2020, the 22nd Session of the Standing Committee of the 13th National People’s Congress released the Law of the People’s Republic of China on Personal Information Protection (Draft) (the “Draft”) for public comments by November 19, 2020.

The Draft provides it shall apply to activities conducted by organizations and individuals to process the personal information of natural persons within the territory of the People’s Republic of China. And it shall also apply to activities outside territory of the People’s Republic of China to process the personal information of natural persons within the territory of the People’s Republic of China under any of the following circumstances:

  • personal information processing is to serve the purpose of providing products or services for natural persons within the territory of the People’s Republic of China;
  • personal information processing is to serve the purpose of analyzing and evaluating the behaviors of natural persons within the territory of the People’s Republic of China; or
  • having other circumstances as stipulated by laws and administrative regulations.

On the cross-border transfer, the Draft requires that critical information infrastructure operators and personal information processors who process personal information up to the amount as specified by the State cyberspace authorities shall store within the territory of the People’s Republic of China the personal information which they collect and generate within the territory of the People’s Republic of China. If it is really necessary to provide such information overseas, critical information infrastructure operators and personal information handlers shall pass security assessment organized by the State cyberspace authorities; if any law, administrative regulation or the State cyberspace authorities stipulate that security assessment may not be conducted, such provision shall prevail.

The Draft also provides that where personal information is processed in violation of this Law or personal information is processed without any necessary security protection measure in compliance with regulations, authorities performing personal information protection duties shall order a correction, confiscate any unlawful income, and issue a warning; and, if correction is not made, a fine of up to CNY1 million shall be imposed on the personal information processor if it is an organization; and any directly liable person-in-charge or any other directly liable individual shall be fined between CNY10,000 and CNY100,000. If the unlawful act mentioned in the preceding paragraph is grave, authorities performing personal information protection duties shall order a correction, confiscate any unlawful income, and impose a fine of up to CNY50 million, or 5% of last year’s annual revenue, and may also order the suspension of related business operations or suspension of business for rectification, and/or report to relevant competent authorities for the cancellation of the related business permit or cancellation of the business license; and any directly liable person-in-charge or any other directly liable individual shall be fined between CNY100,000 and CNY1 million.

http://www.npc.gov.cn/flcaw/userIndex.html?lid=ff80808175265dd401754405c03f154c

The Ministry of Industry and Information Technology announced the fifth batch of Apps on infringement of users’ rights and interests

The Ministry of Industry and Information Technology recently organized a third-party testing agency to inspect the mobile phone application software and urge enterprises which do not meet relevant requirements to rectify. As of October 26, there are 131 Apps that have not been rectified, and these Apps should be rectified before November 2. In this test, many problems were found in input method Apps, travelling Apps, e-commerce Apps, audio and video Apps. Some App stores and mobile application distribution platform management entities have not fulfilled their responsibilities, and SDK enterprises illegally collected user personal information.

http://www.miit.gov.cn/n1146290/n1146402/c8136537/content.html

 

CONTACT US

If you would like to receive our legal update via email, please contact jianghongyu@anjielaw.com.

For more information, please contact:

Samuel Yang | Partner

AnJie Law Firm

P: +86 10 8567 2968

M: +86 1391 0677 369

E: yanghongquan@anjielaw.com

Hongquan (Samuel) Yang is a partner with AnJie Law Firm. He has worked as in-house counsel and external lawyer in the technology, media and telecoms (TMT) sectors for nearly 20 years and is regarded as a true expert in these areas. He advises clients on a wide range of regulatory, commercial and corporate matters, especially in telecommunications, cybersecurity, data protection, internet, social networking, hardware and software, technology procurement, transfer and outsourcing, distribution and licensing, and other technology-related matters. He also advises clients on compliance and investigation matters.

Samuel has been recognized as a Leading Individual in PRC TMT firms (Legal 500, 2020), a Band 1 Cyber Security & Data Protection Lawyer (LEGALBAND, 2019, 2020) and one of the Top 10 Cyber Security and Data Protection Lawyers in China (LEGALBAND, 2018). Legal 500 commented that Samuel and his team at AnJie have a particular strength in “telecom-related regulatory and general commercial legal services” and “issues such as cyber security and data protection areas” and have “built a real niche” in these areas.

Samuel mainly serves Fortune 500 companies, large state-owned enterprises and leading Chinese internet companies. Samuel is a regular contributor to many legal journals and his publications regarding Chinese data protection and cybersecurity laws are well-received and widely reproduced.

Before joining AnJie, Samuel worked for British Telecom, CMS and DLA Piper.

REGULATIONS

The Chinese side proposes a Global Initiative on Data Security

On September 8, 2020, Foreign Minister Wang Yi delivered a keynote speech at a high-level meeting of an international seminar themed with “Seizing Digital Opportunities for Cooperation and Development” and proposed a Global Initiative on Data Security (“Initiative”). The Initiative mainly includes the following.:

First, approach data security with an objective and rational attitude, and maintain an open, secure and stable global supply chain.

Second, oppose using information and communications technology (ICT) activities to impair other States’ critical infrastructure or steal important data.

Third, take actions to prevent and put an end to activities that infringe upon personal information, oppose abusing ICT to conduct mass surveillance against other States or engage in unauthorized collection of personal information of other States.

Fourth, ask companies to respect the laws of host countries, desist from coercing domestic companies into storing data generated and obtained overseas in one’s own territory.

Fifth, respect the sovereignty, jurisdiction and governance of data of other States, avoid asking companies or individuals to provide data located in other States without the latter’s permission.

Sixth, meet law enforcement needs for overseas data through judicial assistance or other appropriate channels.

Seventh, ICT products and services providers should not install backdoors in their products and services to illegally obtain user data.

Eighth, ICT companies should not seek illegitimate interests by taking advantage of users’ dependence on their products.

https://www.fmprc.gov.cn/web/ziliao_674904/1179_674909/t1812949.shtml

  

The Ministry of Public Security issued the Guiding Opinions on the Implementation of Multi-Level Protection System of Cybersecurity and Critical Information Infrastructure Security Protection System

Recently, the Ministry of Public Security issued the Guiding Opinions on the Implementation of Multi-Level Protection System of Cybersecurity and Critical Information Infrastructure Security Protection System (“Opinions”), the Opinions mainly include the following:

  1. Implementing the multi-level protection system of national cybersecurity
  • Deepening the work of network classification filing

Network operators which are classified as Level 2 or above shall file with the public security organ and the competent department of the industry.

  • Carrying out cybersecurity classification assessment regularly

Network operators which are classified as Level 3 or above shall entrust a classification assessment institution in line with the relevant provisions of the state to carry out cybersecurity classification assessment once a year, and timely submit the assessment report to the public security organ and the competent department of the industry. The new network above Level 3 should be put into operation after passing the classification assessment.

  • Implementing cryptography security protection requirements

Network operators which are classified as Level 3 or above shall correctly and effectively adopt cryptography technology for protection and use cryptography products and services meeting relevant requirements.

  1. Establishing and implementing the critical information infrastructure security protection system
  • Organizing to identify critical information infrastructure

The competent departments (hereinafter referred to as the “ Protection Departments”) of important industries and fields, such as public communication and information services, energy, transportation, water conservancy, finance, public services, e-government, national defense science and technology industry, shall formulate rules for the recognition of critical information infrastructure in their respective industries and fields and report them to the Ministry of Public Security for the record.

  • Strengthening the protection of important data and personal information.

Establishing and implementing the important data and personal information protection system. Operators shall store within the territory of the People’s Republic of China the personal information and important data collected and generated during its operation within the territory of the People’s Republic of China. Where such information and data have to be provided abroad for business purposes, security assessment shall be conducted pursuant to relevant provisions.

http://www.nanning.gov.cn/zt/rdzt/2020wsxcz/zcfg_0910/t4461545.html

Beijing: allow foreign companies to invest in virtual private networks 

The State Council recently approved the Work plan for Deepening a New Round of Comprehensive Pilot Projects for the Opening up of Beijing’s Service Industry and the Construction of a Comprehensive Demonstration Area for the Expansion of National Service Industry (“Plan”), the Plan will:

  1. Allow foreign companies to invest in domestic internet virtual private networks (VPN), with a proportion of foreign shares not exceeding 50 percent. Overseas telecommunications carriers can set up joint ventures to provide such services for foreign enterprises in Beijing.
  2. Support the application of Internet of vehicles (intelligent connected-cars) and automatic driving map and build the Beijing–Shanghai Internet of vehicles highway.
  3. Standardize the safe and orderly cross-border flow of data, explore the establishment of data security management mechanisms such as data protection capability certification and promote the pilot project of security management and assessment on data cross-border transfer.

http://www.gov.cn/zhengce/content/2020-09/07/content_5541291.htm

 

The China Banking and Insurance Regulatory CommissionTo standardize health management services of insurance companies to ensure the safety of relevant data and information

The China Banking and Insurance Regulatory Commission (“CBIRC”) has issued the Circular on Standardizing Health Management Services of Insurance Companies (the “Circular”) on September 6, 2020.

The Circular emphasizes the following personal information protection work:

  1. informing customers of the content, process, standard, term, precautions and possible risks of health management services in advance and obtain the informed consent of customers.Participation by any third-party service cooperation organization shall be informed at the same time;
  2. obtaining the consent of customer when obtaining the customer’s health data; and
  3. not providing the customer’s personal information or any health data without the authorization of the customer to ensure data security and protect personal privacy according to law.

http://www.cbirc.gov.cn/cn/view/pages/ItemDetail.html?docId=927766

 

The People’s Bank of China: To obtain the consent of financial consumers when collecting their financial information

 On September 15, 2020, the People’s Bank of China (“PBOC”) issued the Implementing Measures of the People’s Bank of China for Protection of Financial Consumers’ Rights and Interests (“Measures”), which will take effect on November 1, 2020.

On protection of financial information of consumers, the Measures provide that banks and payment institutions shall:

  • adhere to the principles of legitimacy, bona fide and necessity, and obtain the explicit consent of financial consumers or their guardians, unless otherwise stipulated by laws and administrative regulations;
  • not collect consumers’ financial information unrelated to their business, nor adopt improper means to collect consumers’ financial information, and nor force consumers to collect their financial information in disguise;
  • not refuse to provide financial products or services on the ground that financial consumers do not agree to have their financial information processed, except that processing their financial information is necessary for providing financial products or services;
  • use appropriate means to enable financial consumers to independently choose whether or not to consent to the use of their financial information by banks and payment institutions for the purposes of marketing, user experience improvement or market investigation. Where the financial consumers do not agree, banks and payment institutions shall not refuse to provide financial products or services.If banks and payment institutions send financial marketing information to financial consumers, they shall provide them with ways to refuse to continue receiving the financial marketing information;
  • specify in the terms the purpose, method and content of collection and scope of use, and remind financial consumers of the possible consequences of such consent in an obvious and easy-to-understand way where banks and payment institutions have obtained the consent to the collection and use of financial information from consumers under standard terms; and
  • use consumers’ financial information pursuant to the provisions of laws and regulations and for the purpose agreed between both parties and shall not use such information beyond the agreed scope.

http://www.pbc.gov.cn/tiaofasi/144941/144957/4099060/index.html

 

The Ministry of Commerce promulgated the Provisions on the Unreliable Entity List

 On September 19, 2020,the Ministry of Commerce promulgated the Provisions on the Unreliable Entity List (“Provisions”) which shall take effect from the same date of the promulgation.

The State shall establish the Unreliable Entity List System (“System”) and a working mechanism participated by relevant central departments (hereinafter referred to as “the Working Mechanism”) to take charge of organization and implementation of the System. The Office of the Working Mechanism is located at the competent department of commerce of the State Council.

The Working Mechanism shall, based on the results of the investigation and by taking into overall consideration the following factors, make a decision on whether to include the relevant foreign entity in the Unreliable Entity List (“List”), and make an announcement of the decision:

  • the degree of danger to national sovereignty, security or development interests of China;
  • the degree of damage to the legitimate rights and interests of enterprises, other organizations, or individuals of China;
  • whether being in compliance with internationally accepted economic and trade rules; and
  • other factors that shall be considered.

The Working Mechanism may, based on actual circumstances, decide to take one or several of the following measures (hereinafter referred to as the “Measures”) against the foreign entity which is included in the List, and make an announcement of the decision:

  • restricting or prohibiting the foreign entity from engaging in China-related import or export activities;
  • restricting or prohibiting the foreign entity from investing in China;
  • restricting or prohibiting the foreign entity’s relevant personnel or means of transportation from entering into China;
  • restricting or revoking the relevant personnel’s work permit, status of stay or residence in China;
  • imposing a fine of the corresponding amount according to the severity of the circumstances; and
  • other necessary measures.

http://www.mofcom.gov.cn/article/b/fwzl/202009/20200903002593.shtml

 

BeijingTo explore the establishment of international information industry and digital trade port

On September 21, 2020, the State Council announced the Overall Plan of China (Beijing) Pilot Free Trade Zone (the “Plan“).

The Plan points out that Beijing will explore the establishment of international information industry and digital trade port. The specific measures are as follows:

  • having priority to explore software real name certification, data origin label identification, import and export of data product, etc. on the premise of controllable risks;
  • building the digital copyright trading platform to promote the development of intellectual property protection and intellectual property financing business;
  • conducting efficient and convenient digital import and export inspection on software and Internet service trade;
  • actively exploring the third-party authentication mechanism for the data protection capability of enterprises; and
  • exploring the establishment of a website filing system to meet the needs of overseas customers.

http://www.gov.cn/zhengce/content/2020-09/21/content_5544926.htm?_zbs_baidu_bk

 

Task Force on Personal Information Protection by Apps: 81 Apps have personal information collection and use problems

On September 17, 2020, the Task Force on the Personal Information Protection by Apps (“Task Force”) found that there were problems in the collection and use of personal information in 81 Apps after the assessment and suggested that the relevant App operators should rectify the existing problems in a timely manner, and feedback the rectification situation to the Task Force within 30 days from the date of the announcement. After the 30 days, the Task Force will verify the rectification situation and submit the review results to the relevant departments; App operators who fail to effectively rectify relevant problems will be punished according to the law.

https://mp.weixin.qq.com/s/hLK2EziD8NSF3G1_0VR_Hg

 

FAQ and Handling Guide for Personal Information Protection by Mobile Internet Application (App) and other two standards released

In the recent 2020 National Cyber Security Promotion Week, the Task Force on the Illegal Collection and Use of Personal Information by Apps (“Task Force”) held a “App Personal Information Protection” theme release event in Beijing (“Event”). At the Event, three standards related to personal information protection by Apps, the FAQ and Handling Guide for Personal Information Protection by Mobile Internet Application (App) (“FAQ and Handling Guide”), Mobile Internet Application (App) System Permission Application Guidelines (“System Permission Guidelines”) and Security Guidelines for Third-Party Software Development Kit (SDK) in Mobile Internet Applications (App) (Draft for Comment) (“Draft SDK Security Guidelines”), were released.

The FAQ and Handling Guide addresses the problems of excessive collection, mandatory claims for permission, frequent claims for permission, and unsynchronized notification of the purpose of collection by Apps. Based on statistics on the frequency of related problems, it gives the top ten frequently asked questions and handling guidelines in current App personal information protection, in order to help App operators prevent and deal with related problems.

The System Permission Guidelines address typical issues such as mandatory, frequent, and excessive claims for system permissions by Apps, bundling authorization, privately calling permissions to upload personal information, and sensitive permissions abuse. It also provides the basic principles and security requirements for system permissions by Apps, which can help App providers standardize App system permission applications and use behaviors and prevent personal information security risks caused by improper use of system permissions.

The Draft SDK Security Guidelines address the problems of third-party SDK’s own security vulnerabilities, malicious third-party SDKs, and unlawful collection and use of personal information by third-party SDKs in the current third-party SDK use practice. Combined with current mobile Internet technology and application status, the Draft SDK Security Guidelines provide practical guidelines for App providers and third-party SDK providers on third-party SDK security issues, aiming to reduce App security and personal information security issues caused by third-party SDKs.

In addition to the above guidelines, the Event also released the promotion video and the English version of the national standard Information Security Technology – Personal Information Security Specification (GB/T 35273-2020) for reader’s convenience; as well as other work results relating to such as App security certification, free evaluation tools, research reports and popular science areas.

https://www.tc260.org.cn/front/postDetail.html?id=20200920124356

 

The People’s Bank of China issued the Financial Data Security Guidelines for Data Security Classification 

On September 23,2020,the People’s Bank of China (“PBOC”) issued the Financial Data Security Guidelines for Data Security Classification (“Guidelines”). The Guidelines applies to financial institutions to carry out data security classification work, as well as third-party assessment institutions to carry out data security inspection and evaluation.

According to the Guidelines, the financial data involved in the security classification include but are not limited to:

  • data collected directly (or indirectly) in the process of providing financial products or services, including data signed or collected through the counter with paper agreement and transferred or saved in computer system after information processing, and electronic information signed or collected through information system;
  • data generated and stored in the information system of financial institutions, including business data, operation and management data, etc.;
  • electronic data generated, exchanged and filed in the internal office network and office equipment (terminal) of financial institutions. For example, daily business processing information, policies and regulations, business or business management data temporarily stored in business terminals, e-mail information, etc;
  • electronic data formed by scanning or other electronic means of the original paper documents of financial institutions;
  • other data that should be classified.

At the same time, the Guidelines provides that according to the influence objects and the degree of impact caused by the data security damage of financial institutions, the data security level is divided into Level 5 to Level 1 from high to low.

https://www.cfstc.org/bzgk/gk/view/bzxq.jsp?i_id=1873

 

Implementation Plan for the Establishment of Beijing International Big Data Exchange: establish and perfect the new data element management system of “separation of ownership and right of use”

On September 29,2020, Beijing Local Financial Supervision and Administration and Beijing Municipal Bureau of Economy and Information Technology issued the Implementation Plan for the Establishment of Beijing International Big Data Exchange (“Plan”).

The Plan will establish and improve the new data element management system of “separation of ownership and right of use”, explore a new mechanism for orderly circulation and efficient utilization of data elements, deeply implement the Beijing big data action plan, and strengthen the integration and application of cross regional, cross domain, cross department and cross level data resources.

The Plan points out that Beijing municipal state-owned enterprises with high-quality data resources will restructure the existing exchange and change its name to Beijing International Big Data Exchange. Strategic investors such as central enterprises and Internet enterprises will be introduced in time to increase registered capital, change business scope and change trading varieties. The service content of Beijing International Big Data Exchange will include data information registration service, data product trading service, data operation management service, data asset financial service and data asset financial technology service

http://jrj.beijing.gov.cn/tztg/202009/t20200929_2103035.html

 

CONTACT US

If you would like to receive our legal update via email, please contact jianghongyu@anjielaw.com.

For more information, please contact:

Samuel Yang | Partner

AnJie Law Firm

P: +86 10 8567 2968

M: +86 1391 0677 369

E: yanghongquan@anjielaw.com

Hongquan (Samuel) Yang is a partner with AnJie Law Firm. He has worked as in-house counsel and external lawyer in the technology, media and telecoms (TMT) sectors for nearly 20 years and is regarded as a true expert in these areas. He advises clients on a wide range of regulatory, commercial and corporate matters, especially in telecommunications, cybersecurity, data protection, internet, social networking, hardware and software, technology procurement, transfer and outsourcing, distribution and licensing, and other technology-related matters. He also advises clients on compliance and investigation matters.

Samuel has been recognized as a Leading Individual in PRC TMT firms (Legal 500, 2020), a Band 1 Cyber Security & Data Protection Lawyer (LEGALBAND, 2019, 2020) and one of the Top 10 Cyber Security and Data Protection Lawyers in China (LEGALBAND, 2018). Legal 500 commented that Samuel and his team at AnJie have a particular strength in “telecom-related regulatory and general commercial legal services” and “issues such as cyber security and data protection areas” and have “built a real niche” in these areas.

Samuel mainly serves Fortune 500 companies, large state-owned enterprises and leading Chinese internet companies. Samuel is a regular contributor to many legal journals and his publications regarding Chinese data protection and cybersecurity laws are well-received and widely reproduced.

Before joining AnJie, Samuel worked for British Telecom, CMS and DLA Piper.