——Analysis of the Supreme Court’s Trial Pattern in the First Antitrust Litigation of Rare Earth Sector

Introduction

Recently, the Supreme People’s Court of China (“the Supreme Court”) has rendered its second instance judgment on the first antitrust case in China’s rare earth industry. The ruling overturned the first instance judgement by having dismissed all claims made by the plaintiff. AnJie Broad team represented Hitachi Metals in both the first instance and appellate proceedings and dedicated a span of nearly ten years to bring this case to its final conclusion. Given that this case marked the first instance of a Chinese court having applied the essential facilities doctrine in an antitrust litigation, this case garnered widespread attention and commentary from both domestic and international industry stakeholders, academic circles, and legal practitioners, rendering it extremely high-profile.

The complex issues involved in this case, such as the approach of defining the relevant technology market, whether the owner of non-SEP might be deemed to have a dominant position simply based on the patent ownership, the conditions for application of essential facilities doctrine and the approach of competitive analysis when it comes to exercising intellectual property rights. This case does not only bear academic significance within the antitrust domain but also wield a guiding influence on economic and innovative activities within the industry.

In addition, it is noteworthy that the Supreme Court’s ultimate ruling in this case not only thoroughly embodies the judicial spirit that “antitrust law protects competition, not specific competitors,” establishing judicial practice on the value and objectives of anti-monopoly law, but also showcases its stringent approach and commitment to impartial justice, especially facing the dispute between the Chinese party and foreign party.

I.       Case Overview

On December 11, 2014, four companies engaged in the production and sale of sintered neodymium-iron-boron (“NdFeB”) permanent magnet materials in Ningbo, China, namely Ningbo Ketian Magnet Co., Ltd., Ningbo Permanent Magnetic Industry Co., Ltd., Ningbo Tongchuang Strong Magnet Material Co., Ltd., and Ningbo Huahui Magnetic Industry Co., Ltd (“the four plaintiffs”), initiated civil antitrust lawsuits against Hitachi Metals, Ltd. (“Hitachi Metals”) with the Intermediate People’s Court of Ningbo, Zhejiang Province (“the Ningbo court”). The four plaintiffs contended that Hitachi Metals owned numerous essential patents related to sintered NdFeB. Hitachi Metals had a dominant position in the essential patent licensing market for sintered NdFeB. Hitachi Metals’ refusal to license without justifiable reasons was considered a “refusal to deal” under the framework of AML. Additionally, the bundling of essential and non-essential patents by Hitachi Metals constituted tie-in sales. Therefore, the four plaintiffs believed that these activities constituted abuse of market dominance and requested the court to order Hitachi Metals to cease infringement and compensate for their economic losses.

On April 23, 2021, the first instance judgment was rendered by the Ningbo court against Hitachi Metals. The Ningbo court defined two relevant markets in the dispute: one upstream market for licensing sintered NdFeB magnet patents held by Hitachi Metals, and one downstream market for producing sintered NdFeB magnets. The Ningbo court determined that Hitachi Metals held a dominant market position in the upstream market, thus its refusal to license was deemed an abuse of dominant market position, leading to the court ordering the cessation of infringement and compensation for economic losses.

Subsequently, Hitachi Metals appealed to the Supreme Court. Following a public trial, the Supreme Court handed down its second instance judgment on December 14, 2023, overturning the first instance ruling and dismissing all claims made by the four plaintiffs. That marked a complete reversal took place in the appeal procedure.

Indeed, a meticulous analysis is necessary to understand the substantial disparity between the judgments of the first instance and second instance courts. What accounts for the complete divergence in the opinions of the two courts on the pivotal issues?

II.    Does Licensing of Sintered NdFeB Patents Owned by Hitachi Metals Constitute A Separate Relevant Market?

1.      The Court’s Ruling

The Ningbo Court, in the first instance, found that from the perspective of demand-side substitution, licensing for sintered NdFeB patents owned by Hitachi Metals is essential. The primary evidence that Ningbo Court relied on includes Hitachi Metals’ public statement, the opinions of technical expert witnesses engaged by the four plaintiffs, and relevant statements of third-party reports. The Ningbo Court further explicitly clarified that since Hitachi Metals’ sintered NdFeB patents were not part of standard-setting, it did not qualify as a standard essential patent (SEP). To avoid ambiguities, the patents discussed in the instant case are referred to as sintered NdFeB “essential patents”.

The Supreme Court held in the second instance ruling that the evidence at hand is inadequate to establish the existence of an independent market for licensing of essential patents for sintered NdFeB, let alone the relevant market for licensing of essential patents for sintered NdFeB owned by Hitachi Metals. Specific reasons for this conclusion include:

Firstly, there are two inconsistent or contradictory claims in this case. On the one hand, the four plaintiffs argued that Hitachi Metals’ patents were essential or crucial technology for manufacturing sintered NdFeB. On the other hand, the four plaintiffs sought a patent exploitation license from Hitachi Metals while simultaneously asserting that their production of sintered NdFeB did not infringe Hitachi Metals’ patent.

Secondly, the fact regarding the development of sintered NdFeB’s production technology objectively demonstrated that the argument at the time of the allegation that “Hitachi Metals’ sintered NdFeB patents are essential patents” lacked evidence to support. The technologies of manufacturers included patents, technical secrets, and publicly known technologies. Meanwhile, in recent years, China has made rapid progress in patent applications, production, and exports of sintered NdFeB. Sintered NdFeB and its production technology are non-standardized products and non-standardized technologies, characterized by frequent updates and iterations of technology.

Thirdly, Hitachi Metals used to hold more than 600 patents of sintered NdFeB worldwide. In China, Hitachi Metals held 90 Chinese patents and granted licenses to eight Chinese companies, such as Zhong Ke San Huan, for implementation. Nevertheless, companies that did not obtain licenses from Hitachi Metals continued to manufacture and sell sintered NdFeB materials in China, exporting to Europe and other countries, except the United States and Japan.

Fourth, the four plaintiffs further contended that the essential nature of the patents concerned did not result from technology but rather stems from Hitachi Metals’ abusive tie-in sales, litigation threats, and exclusive arrangements. This further indicated that claims such as “Hitachi Metals’ patents concerned are essential patents that cannot be design around in the production of sintered NdFeB materials” and “Chinese rare earth permanent magnet companies without license from Hitachi Metals cannot export their products to designated countries such as the United States” lacked sufficient factual basis and were more likely a misjudgment or misconception about the facts.

Based on the afore-mentioned reasons and through comprehensive analysis, the Supreme Court held that the four plaintiffs’ claim – the sintered NdFeB patent of Hitachi Metals was irreplaceable and constituted an independent relevant market – was inconsistent with the reality. The four plaintiffs also failed to provide sufficient evidence to prove its claims, especially did not provide evidence to prove why and how Hitachi Metals’ sintered NdFeB patents were technically irreplaceable. In the Supreme Court’s view, the relevant product market in this case should be defined as the market for the production technology of sintered NdFeB materials, encompassing both patented technology and non-patented technology with close substitutability.

2.      Comments: “Patent Licensing Market” Is Different From “Technology Market”

Guidelines of the Anti-Monopoly Commission under the State Council on the Definition of  Relevant Market (“Guidelines on Relevant Market”)and Provisions on Prohibition of Abuse of Intellectual Property to Exclude or Restrict Competition (“Antitrust Provisions on Abuse of Intellectual Property”) respectively stipulate that “In the antitrust enforcement for technology trade, licensing agreement, etc. that involves intellectual property, it might be necessary to define the relevant technology market in consideration of such factors as intellectual property and innovation.” and “In the antitrust enforcement involving intellectual property licensing, the relevant commodity market may be a technology market or a product market containing specific intellectual property.” Antitrust Provisions on Abuse of Intellectual Property also provides that “The relevant technology market refers to the market formed by the competition between technologies involved in the exercise of intellectual property and the same type of technologies that are mutually substitutable.”

Based on the above rules, it can be inferred that, substitutable technologies of the same type are not limited to patents. In other words, non-patented technologies can also constitute substitutes to patented technologies and may belong to the same relevant technology market along with patented technologies. Therefore, when defining the relevant technology market, it is necessary to examine not only the existence of substitutable patented technologies, but also the existence of substitutable non-patented technologies to accurately define the scope of the relevant technology market under antitrust regime. We must avoid falling into the misconception that the “relevant technology market” is equivalent to the “patent licensing market”.

It should be recognized that the judicial pattern of the Supreme Court’s judgment in this case aligns with the legislative spirit of the Antitrust Provisions on Abuse of Intellectual Property.

III.  The Application of Essential Facilities Doctrine in the Field of Intellectual Property should Be Strictly Limited

1.       The Court’s Ruling

The Ningbo Court held in the first instance that, Hitachi Metals’ concerned patents enjoys a strong market dominance due to their technological irreplaceability, which was then further strengthened by the solidification of market awareness. The Ningbo Court believed that the “essential facilities” doctrine could be applied as an analytical tool in this case and determined that Hitachi Metals’ patents concerned had already constituted essential facilities. The rationale behind this decision is as follows: such a “facility” was indispensable for sintered NdFeB enterprises to participate in competition; Hitachi Metals, as the intellectual property rights holder, monopolistically controlled the essential facility; competitors cannot duplicate the facility exerting reasonable efforts; Hitachi Metals denied the use of the facility by competitors when the four plaintiffs having explicitly made licensing requests and being willing to pay reasonable consideration; the refusal to license is not justified.

Although the Supreme Court did not explicitly evaluate the application of essential facilities doctrine in the second instance ruling, the decision to overturn the determination of Hitachi Metals’ market dominance in the relevant market essentially negated the first instance finding of essential facilities. In reality, Hitachi Metals owns some important patents in the relevant product market, and it does not mean that Hitachi Metals has a dominant position under the AML.

2.      Comments: the Application of Essential Facilities Doctrine shall be strictly restricted

Pursuant to Article 123 of the Civil Code, a civil person or entity enjoys an intellectual property right in accordance with the law. The intellectual property right is a “proprietary right” enjoyed by the right holder in respect of a specific object. Given that intellectual property rights belong to the category of private rights and its nature of civil rights, the application of essential facilities doctrine in the field of intellectual property requires especially careful precaution.

Noteworthy, the Antitrust Provisions on Abuse of Intellectual Property released in 2023, compared to its old version in 2015, deleted the provision on essential facilities doctrine. Such a subtle legislative change further evidences the cautious attitude toward application of essential facilities doctrine in the Intellectual Property.

As a matter of fact, the application of essential facilities doctrine is also rare and controversial in other jurisdictions, such as Europe and the United States.

The essential facilities doctrine was first introduced in the case United States. v Terminal Railroad Association of St. Louis (1912). However, the Supreme Court of the United States remained conservative on the application of this doctrine in cases involving intellectual property. It has noted that compulsory licensing is in conflict with the legislative purpose of antitrust laws, as it would weaken the innovation incentives of competitors. In the case Verizon Communications Inc. v. Law Offices of Curtis v Trinko, LLP (2004), the Supreme Court of the United States elaborated on the potential conflict between compulsory licensing of intellectual property and the legislative purpose of antitrust laws as follows:

Compelling firms to share the source of their advantage is in some tension with the underlying purpose of antitrust law, since it may lessen the incentive for the monopolist, the rival, or both to invest in those economically beneficial facilities. Enforced sharing also requires antitrust courts to act as central planners, identifying the proper price, quantity, and other terms of dealing-a role for which they are ill suited. Moreover, compelling negotiation between competitors may facilitate the supreme evil of antitrust: collusion.

Similarly, there have been very strict requirements for the application of essential facilities doctrine in Europe as well. Relevant EU rules explicitly stipulate the requirements for applying the essential facilities doctrine, including: first, the refusal of the relevant product or service is objectively essential for effective competition in the downstream market; second, the refusal is likely to eliminate effective competition in the downstream market; third, the refusal is likely to cause harms to consumers; fourth, licensing will not have a negative impact on the innovation.

It’s critical to highlight that the EU has introduced an additional criterion for applying the essential facilities doctrine to intellectual property in practice, known as the “new product” standard. This means that it must be demonstrated that, after compulsory licensing, the result will be the creation of a new product that meets consumers’ new demand. For instance, in the Magill v Radio Telefis Eireann case, the plaintiff Magill intended to introduce a new business involving a comprehensive “television program guide” that met consumer demand. Similarly, in the IMS Health GmbH & Co. OHG v NDC Health GmbH & Co. KG case, IMS provided innovative regional sales data for pharmaceutical products in Germany, addressing consumer demand.

The “new demand” standard of the EU is reasonably justified. This is because intellectual property essentially grants intellectual property holders the legitimate right to restrict competitors from producing, selling, and offering products identical to their own. If, after licensing, the result is merely that other licensees produce products identical to those of the intellectual property holder, it would have no effect in promoting innovation. On the contrary, it could significantly dampen the enthusiasm of operators to innovate.

The first instance judgment of this case marks the first-time application of essential facilities doctrine in China, representing a bold attempt. However, this attempt is evidently flawed. The Supreme Court’s second instance judgment provides insights into the future application approach of essential facilities doctrine in China.

IV.  Is the Key to Conduct Competitive Analysis on the Upstream Technology Market or Downstream Product Market?

1.       The Court’s Ruling

In the first instance judgment, the Ningbo Court directly concluded that Hitachi Metals’ activities excluded and restricted competition. Nevertheless, the Ningbo Court did not examine the fundamental facts needed for the “competitive effects analysis” nor elaborated on the “competition analysis process”.

In the second instance judgment, the Supreme Court held that it was difficult to establish Hitachi Metals’ dominant market position, and consequently, the plaintiff’s claims of dominant market position and bearing civil liability were difficult to substantiate. As a result, the Supreme Court decided not to further examine the case. That said, it is noteworthy that when discussing whether Hitachi Metals had market dominance, the Supreme Court had, in fact, carried out examinations and analysis of the competition in the downstream product market. Specifically, the Supreme Court maintained that in a situation where multiple competitive technologies exist in the relevant technology market, the market share of downstream products implementing that technology could more accurately and conveniently reflect the conditions of the relevant technology market. It could also more accurately reflect the market position of the operator owning that technology. The combined market share of sintered NdFeB produced by Hitachi Metals and eight Chinese enterprises licensed under its patents did not exceed 20% of the Chinese sintered NdFeB product market. Furthermore, the market share of Hitachi Metals and the eight Chinese licensees, along with foreign licensees, in foreign markets was even lower. In addition, despite not licensing other Chinese enterprises after 2013, the production of NdFeB magnets in China had increased significantly since 2014. This further supported the finding that Hitachi Metals did not have a dominant market position, either in the upstream NdFeB technology market or the downstream materials market.

2.      Comments: The Key to Antitrust Evaluations of the Exercise of Intellectual Property is the Competitive Analysis of Downstream Product Market

Pursuant to Article 68 of the Anti-Monopoly Law (AML) 2022, the AML does not apply to the exercise of intellectual property rights by undertakings according to relevant laws and administrative regulations governing intellectual property rights; however, undertakings’ abuse of intellectual property rights to eliminate or restrict competition shall be governed by the AML. Consequently, justifiable exercise of a patent right is a legitimate and free activity of the party involved and does not constitute an abuse of intellectual property rights under the AML.

As mentioned above, the application of essential facilities doctrine to regulate refusal to license activities is uncommon in global judicial practices. As emphasized by the Supreme Court of the United States in the case United States v. Colgate, every operator should have the right to freely choose its trading partners, and antitrust laws do not prevent operators from exercising their inherent autonomy in business. Compulsory transactions contradict the fundamental legal principle of freedom of contract. Therefore, the prerequisite for compulsory transactions must be that the refusal to deal would have a serious anticompetitive impact on the relevant market.

Moreover, although the Antitrust Provisions on Abuse of Intellectual Property only mentions that “refusal to license the intellectual property will have adverse impact on the competition or innovation in the relevant market, thus harming the interests of consumers or the public” without specifying which market it is, according to the domestic and overseas judicial practices, the primary consideration for the impact on competition should be the downstream product market. For instance, section 3.2 of the U.S. Antitrust Guidelines for the Licensing of Intellectual Property explicitly states that if the patent licensing appears likely to have anticompetitive effects, the Agencies normally will identify one or more relevant market in which the effects are likely to occur. Usually, enforcement agencies evaluate the downstream product market, and in other circumstances, they may consider the impact on technology or research and development markets.

Hence, when evaluating conduct that seems to be the lawful exercise of intellectual property rights, the primary emphasis in antitrust law assessment should be on examining whether it exerts substantial exclusionary or anticompetitive effects on the downstream product market, rather than the upstream technology market. This is crucial because obtaining a patent license is specifically for the production and sale of downstream products. If the upstream technology lacks application value, scrutinizing the market position in the upstream market becomes meaningless.

Conclusion

The refusal to license a patent presents distinctive features compared to a typical refusal to deal. When regulating the refusal to license, considerations should extend not only to protecting the licensor’s contractual rights, it is also essential to take into account the incentives for innovation and the strike on the proprietary nature of patent rights. In the case of refusal to license non-SEP, antitrust law should use intervention more cautiously to avoid inappropriate interference. Forcing patent owners into licensing may impede innovation and diminish incentives in alternative technologies, ultimately harming technological innovation in the market as a whole. From a technical standpoint, defining the relevant technology market should consider both patented and non-patented technologies. The application of essential facilities doctrine, given its controversial nature, should be cautious in the realm of intellectual property. When assessing antitrust implications of the normal exercise of intellectual property rights, careful attention should be directed towards analyzing the competitive effects on downstream product markets.

The nearly-ten-year legal dispute in the Hitachi Metals case has ultimately come to an end. The judicial pattern of the Supreme People’s Court of China in the first antitrust litigation of rare earth sector deserves careful study.

On December 14, 2023, China Supreme People’s Court (“the Supreme Court”) rendered a second-instance judgment on the case of four Ningbo rare earth enterprises suing Hitachi Metals for abusing its dominant market position, overturning the first-instance judgment by the Ningbo Intermediate People’s Court (“Ningbo Intermediate Court”) and dismissing all claims of the plaintiffs in the first instance. Scan the QR code below for an English translation of the second-instance judgment.

On April 23, 2021, the Ningbo Intermediate Court, in its first-instance judgment, held that the relevant product market in this case should be defined as the market for “licensing sintered NdFeB essential patents owned by Hitachi Metals”. Therefore, Hitachi Metals, Ltd (“Hitachi Metals”), as the sole patent holder in this assumed market, was deemed to possess a 100% market share, and its refusal to grant patent licenses to potential licensees was considered an abuse of its dominant market position by refusing to deal. The Ningbo Intermediate Court’s aforementioned reasoning made this case the first antitrust case involving refusal to license non-standard essential patents “non-SEPs” in China.

In the second-instance judgment, the Supreme Court pointed out that the relevant product market in this case should be defined as the market for the production technology of sintered NdFeB materials. The market definition in the first-instance judgment lacked factual and legal basis. Additionally, since the plaintiffs in the first instance failed to provide evidence demonstrating Hitachi Metals’ market dominance in the relevant market, their claims regarding Hitachi Metals’ abuse of its dominant market position and the corresponding civil liability were naturally untenable.

AnJie Broad Antitrust Team has been representing Hitachi Metals since 2014 against the lawsuits filed by the four plaintiffs and finally achieved a total victory after nearly a decade of litigation. This case, as the first antitrust case involving refusal to license non-SEPs in China, has garnered significant attention worldwide. The Supreme Court’s approach to the adjudication of key issues in this case, including the definition of relevant markets, the boundaries of antitrust intervention in the exercise of intellectual property rights, and the prudent application of essential facilities doctrine in the field of intellectual property, holds significant milestone value in both the judicial and administrative enforcement practices of antitrust law in China.

Legislative Practice of Trade Sanctions in China

China’s trade sanctions system has counter and defensive characteristics and is established and continuously improved to address discriminatory and restrictive measures taken by foreign countries against Chinese citizens, enterprises, or other organizations, which deviate from international law and basic norms of international relations, as well as measures that harm the legitimate rights and interests of China, other organizations, or individuals.

1. Provisions on Blocking the Improper Extraterritorial Application of Foreign Laws, Measures, and Judgments

On January 9, 2021, the Ministry of Commerce of China issued the “Measures for Blocking the Inappropriate Extraterritorial Application of Foreign Laws and Measures” (hereinafter referred to as the “Blocking Measures”), in order to block the extraterritorial application of foreign laws and measures that violate international law and basic norms of international relations, and improperly prohibit or restrict Chinese citizens, legal persons, or other organizations from engaging in normal economic, trade, and related activities with third countries (regions) and their citizens, legal persons, or other organizations.

The “Blocking Measures” requires Chinese citizens, legal persons, or other organizations to truthfully report the relevant situation to the competent commerce department of the State Council within 30 days when encountering situations where foreign laws and measures prohibit or restrict their normal economic and trade activities with third countries (regions) and their citizens, legal persons, or other organizations.[1] For foreign laws and measures which have been assessed and confirmed to have improper extraterritorial application, the competent commerce department of the State Council may decide to issue an injunction prohibiting recognition, enforcement, and compliance with relevant foreign laws and measures.[2] If a party complies with foreign laws and measures within the scope of the prohibition, which infringes on the legitimate rights and interests of Chinese citizens, legal persons, or other organizations and causes losses, Chinese citizens, legal persons, or other organizations may bring a lawsuit to the court in accordance with the law, requiring the party to compensate for the losses. If the aforementioned parties refuse to fulfill the effective judgment or ruling of the court, Chinese citizens, legal persons, or other organizations may apply to the court for compulsory execution in accordance with the law.[3]

On June 10, 2021, the Anti Foreign Sanctions Law of the People’s Republic of China (hereinafter referred to as the “Anti Foreign Sanctions Law”) officially came into effect. Article 12, Paragraph 1 of the Anti Foreign Sanctions Law requires that no organization or individual shall enforce or assist in enforcing discriminatory restrictive measures taken by foreign countries against Chinese citizens and organizations.[4]

In addition, for the recognition and enforcement of effective judgments made by foreign courts, Article 300 of the new Civil Procedure Law of the People’s Republic of China, which comes into effect on January 1, 2024, stipulates that if a court determines that an effective judgment made by a foreign court violates the basic principles of the laws of the People’s Republic of China or national sovereignty, security, or social public interests, it shall rule not to recognize and enforce it.[5]

2. Principle Provisions on Sanctions and Countermeasures

The Cybersecurity Law of the People’s Republic of China (hereinafter referred to as the “Cybersecurity Law”), which came into effect on June 1, 2017, is a law formulated by China to ensure cybersecurity, safeguard cyberspace sovereignty, and national security. Article 75 of the Cybersecurity Law provides for sanctions against overseas institutions, organizations, and individuals who attack critical information infrastructure. It stipulates that if overseas institutions, organizations, or individuals engage in activities that endanger the critical information infrastructure of the People’s Republic of China, such as attacks, intrusion, interference, or destruction, and cause serious consequences, China has the right to hold them legally responsible in accordance with the law. The public security department and relevant departments of the State Council may also decide to take measures to freeze property or other necessary sanctions against the institution, organization, or individual.[6] This is an earlier legal provision that explicitly regards the adoption of sanctions against overseas illegal entities as legal responsibility.

On December 1, 2020, the Export Control Law of the People’s Republic of China (hereinafter referred to as the “Export Control Law”) was officially implemented. Article 48 of the Export Control Law stipulates that if any country or region abuses export control measures to endanger the national security and interests of the People’s Republic of China, China may take corresponding measures against that country or region based on the actual situation.[7]

Article 12 of the “Blocking Measures” issued by the Chinese Ministry of Commerce in January 2021 clearly stipulates that the Chinese government can also take necessary countermeasures against the inappropriate extraterritorial application of foreign laws and measures based on actual circumstances and needs.[8]

On July 1, 2023, the Foreign Relations Law of the People’s Republic of China (hereinafter referred to as the “Foreign Relations Law”) began to be implemented officially. The Foreign Relations Law clarifies the powers of state organs in foreign relations affairs, the goals of developing foreign relations, the system of foreign relations, and the guarantees for developing foreign relations. According to Article 33, China has the right to take corresponding countermeasures and restrictive measures against actions that violate international law and basic norms of international relations and endanger China’s sovereignty, security, and development interests. The Foreign Relations Law further stipulates that decisions made by relevant state organs in accordance with the aforementioned provisions shall be final.[9]

In addition, the Foreign Relations Law also provides a legal basis for the implementation and compliance of United Nations Security Council sanctions and related measures within China. Article 35 clearly stipulates that the state shall take measures to implement binding sanctions resolutions and related measures made by the United Nations Security Council under Chapter VII of the United Nations Charter. The Ministry of Foreign Affairs is responsible for issuing notices and announcing the implementation of the aforementioned sanctions resolutions and measures. Relevant national departments and regional governments shall take measures to implement them within their respective powers. Organizations and individuals within China shall comply with the contents of the Ministry of Foreign Affairs announcement and relevant measures of various departments and regions, and shall not engage in any behaviour that violates the aforementioned sanctions resolutions and measures.[10]

3. Provisions on Specific Measures for Sanctions and Countermeasures

On September 19, 2020, the Ministry of Commerce of China issued the “Regulations on the List of Unreliable Entities”, establishing a working mechanism for the list of unreliable entities. It clearly states that foreign entities (foreign enterprises, other organizations or individuals) (1) which endanger China’s national sovereignty, security, and development interests, or (2) which violate normal market trading principles, interrupt normal transactions with Chinese enterprises, other organizations, or individuals, or take discriminatory measures against Chinese enterprises, other organizations, or individuals, seriously damaging legitimate rights and interests of Chinese enterprises, other organizations or individuals in international economic and trade activities, will be included in the list of unreliable entities.[11]

The working mechanism of the list of unreliable entities can determine to take one or several of the following measures against the relevant foreign entities: 

(1) restrict or prohibit engagement in import and export activities related to China; 

(2) restrict or prohibit investment within China; 

(3) restrict or prohibit the entry of its related personnel, transportation vehicles, etc.; 

(4) restrict or cancel the work permit, stay or residence qualification of its related personnel within China; 

(5) impose a corresponding amount of fine based on the severity of the situation;

(6)  other necessary measures.[12]

On the other hand. The working mechanism also has a certain degree of flexibility. 

(1) a correction deadline can be set for foreign entities, and no measures will be taken within the deadline.[13]

(2) if a foreign entity corrects its behavior and takes measures to eliminate the consequences of the behaviour within the correction period, the working mechanism shall remove it from the list of unreliable entities.[14]

(3) if a foreign entity is restricted or prohibited from engaging in import and export activities related to China, and Chinese enterprises, other organizations or individuals need to engage in transactions with the foreign entity under special circumstances, they should apply to the Office of the Working Mechanism, and with consent, they can engage in corresponding transactions with the foreign entity.[15]

In addition to the working mechanism for the list of unreliable entities, the Anti Foreign Sanctions Law, which officially came into effect on June 10, 2021, specifies the situations in which China has the right to take countermeasures, including: 

(1) foreign countries violate international law and basic norms of international relations, use various excuses or based on their own laws to contain and suppress China, adopt discriminatory restrictive measures against Chinese citizens and organizations, and interfere in China’s internal affairs;[16] or 

(2) foreign countries, organizations, or individuals commit, assist, or support actions that endanger China’s sovereignty, security, and development interests.[17]

The objects of taking countermeasures include: 

(1) individuals and organizations who directly or indirectly participate in the formulation, decision, and implementation of discriminatory restrictive measures;[18]

(2) spouses and immediate family members of individuals included in the counter list; 

(3) senior management personnel or actual controllers of organizations included in the counter list; 

(4) organizations where individuals listed on the counter list serve as senior management personnel; 

(5) organizations that are actually controlled or involved in the establishment and operation by individuals and organizations included in the counter list.[19]

The relevant departments of the State Council may decide to take one or several of the following countermeasures based on the actual situation:

(1) not issue visas, not allow entry, cancel visas, or expel; 

(2) seizure and freezing of movable, immovable, and other types of property within the territory of China;

(3) prohibit or restrict organizations or individuals within China from engaging in related transactions, cooperation, and other activities with them; 

(4) other necessary measures.[20]

 In addition, if any organization or individual implements or assists in implementing discriminatory restrictive measures taken by foreign countries against Chinese citizens or organizations, which infringes on the legitimate rights and interests of Chinese citizens or organizations, Chinese citizens or organizations may bring a lawsuit to the court in accordance with the law.[21]

Judicial Practice of Trade Sanctions in China

1. Case of Sales Contract Dispute between Company A and Company B [22]

In this case, the seller Company A signed a methanol procurement contract with the buyer Company B, and Company A promised in Annex 3 of the procurement contract “Declaration and Guarantee on Trade Sanctions” that the goods it provided did not come from Iran. Otherwise, Company B has the right to terminate the contract and refuse payment. Afterwards, Company B suspected that the methanol provided by Company A may originate from Iran and requested Company A to provide a certificate of origin, but Company A was unable to provide such proof. Company B refused to make payment, while Company A filed a lawsuit claiming that Annex 3 of the contract in question violated the Anti Foreign Sanctions Law and the Blocking Measures, violated mandatory provisions of laws and administrative regulations, and should be deemed invalid. At the same time, Company A requested the court to judge Company B for breach of contract and pay liquidated damages and compensation for losses.

After trial, the court found that the statement was a unilateral commitment issued by Company A to Company B when signing the procurement contract with Company B. The document bears the seal of Company A and should be considered as a true expression of Company A’s intention. Secondly, the main content of this document is that Company A promises that the goods it provides do not come from countries such as Iran, not falling within the scope of the Foreign Sanctions Act and the Blocking Measures. Therefore, Company A’s claim that this commitment should be invalid lacks basis, and will not be adopted. Company A’s inability to provide relevant supporting documents to prove to Company B that the source of the goods involved in the case constitutes a breach of contract.

2. Case of C Company and D Company Applying for Recognition and Enforcement of Foreign Arbitral Awards [23]

In this case, Company C applied to the court for recognition and enforcement of an arbitration award made by the Singapore International Arbitration Centre Arbitration Tribunal. The respondent Company D requests the court not to recognize and enforce the arbitration award, for the following reasons: 

(1) the law firm to which the chief arbitrator belongs has been sanctioned by the Chinese government, resulting in the arbitration award being unfair;

(2) According to the “Blocking Measures”, Company D is a Chinese enterprise engaged in liquefied gas pipeline business that affects social and livelihood projects. It complies with this regulation and hopes that the court will consider the central “six stability and six guarantees” policy and the spirit of protecting the development of private enterprises in the trial.

Regarding the issue of whether the sanctions imposed by the Chinese government on the law firm to which the arbitrator belongs will affect the hearing of this case, the court believes that the sanctions are aimed at the law firm to which the chief arbitrator belongs and not at its arbitrator’s identity. At the time of the sanctions being imposed, the arbitration award involved in this case had been completed. This sanction is not within the scope of non recognition as stipulated in Article 5 of the Convention on the Recognition and Enforcement of Foreign Arbitral Awards, and is not related to the trial of this case; During the process of selecting arbitrators, both the Singapore International Arbitration Center and the applicant fulfilled their obligation of disclosure to the respondent, and there was no improper procedure.

Regarding the issue of whether the recognition and enforcement of arbitration awards comply with the “Blocking Measures”, the improper extraterritorial application of foreign laws stipulated in the “Blocking Measures” is not related to this case, and the choice of arbitration is the result of the autonomy of the parties in this case. The special protection of a certain type of private enterprise during special periods is a policy consideration and should not affect the recognition of the arbitration results in this case. The rule of law is the best business environment. If the results of legal implementation cannot be guaranteed, it may be beneficial to protect individual enterprises, but in the long run, it will harm more enterprises. Therefore, the court shall handle the disputes involved in this case fairly and impartially in accordance with the law.

The court ultimately held that the award made by the Singapore International Arbitration Centre in question did not fall under the circumstances of non-recognition and enforcement under Article 5 of the Convention on the Recognition and Enforcement of Foreign Arbitral Awards and shall be recognized and enforced.

Summary

At present, China’s regulations on trade sanctions are relatively general and principled, and relevant details still depend on further provisions of supporting regulations and rules. Thus, Article 33 of the Foreign Relations Law requires the State Council and its departments shall formulate necessary administrative regulations and departmental rules, establish corresponding work systems and mechanisms, strengthen departmental coordination, and determine and implement relevant countermeasures and restrictive measures. 

Article 13 of the Anti Foreign Sanctions Law also stipulates that relevant laws, administrative regulations, and departmental rules can further regulate countermeasures against actions that endanger China’s sovereignty, security, and development interests. On the other hand, there are currently few precedents that cite laws and regulations related to sanctions. In the aforementioned precedents citing the Anti Foreign Sanctions Law or the Blocking Measures, the court held that the relevant cases did not fall within the scope of application of the Anti Foreign Sanctions Law or the Blocking Measures and did not further discuss them. Against the backdrop of foreign countries continuing to impose sanctions on China, it is expected that China will continue to take countermeasures. In the future, with the enactment of relevant supporting documents, the responsibilities and obligations of all parties involved will be further clarified, and the application of trade sanctions laws and regulations by courts will also be more frequent.

Note: 

[1] Article 5 of the Measures for Blocking the Improper Extraterritorial Application of Foreign Laws and Measures.

[2] Article 7 of the Measures for Blocking the Improper Extraterritorial Application of Foreign Laws and Measures.

[3] Article 9 of the Measures for Blocking the Improper Extraterritorial Application of Foreign Laws and Measures.

[4] Article 12 of the Anti Foreign Sanctions Law of the People’s Republic of China.

[5] Article 300 of the New Civil Procedure Law of the People’s Republic of China.

[6] Article 75 of the Cybersecurity Law of the People’s Republic of China.

[7] Article 48 of the Export Control Law of the People’s Republic of China.

[8] Article 12 of the Measures for Blocking the Improper Extraterritorial Application of Foreign Laws and Measures.

[9] Article 33 of the Foreign Relations Law of the People’s Republic of China.

[10] Article 35 of the Foreign Relations Law of the People’s Republic of China.

[11] Article 2 of the Regulations on the List of Unreliable Entities.

[12] Article 10 of the Regulations on the List of Unreliable Entities.

[13] Article 11 of the Regulations on the List of Unreliable Entities.

[14] Article 13 of the Regulations on the List of Unreliable Entities.

[15] Article 12 of the Regulations on the List of Unreliable Entities.

[16] Article 3 of the Anti Foreign Sanctions Law of the People’s Republic of China.

[17] Article 15 of the Anti Foreign Sanctions Law of the People’s Republic of China.

[18] Article 4 of the Anti Foreign Sanctions Law of the People’s Republic of China.

[19] Article 5 of the Anti Foreign Sanctions Law of the People’s Republic of China.

[20] Article 6 of the Anti Foreign Sanctions Law of the People’s Republic of China.

[21] Article 12 of the Anti Foreign Sanctions Law of the People’s Republic of China.

[22] See Award (2021) Yue 01 Min Chu No. 1365.

[23] See Rule (2021) Hu 74 Xiewairen 1.

for Video Game Industry

China has been in lack of a comprehensive regulation governing online game industry in general since July 2019, when the Ministry of Culture and Tourism (“MOCT”) formally abolished the Interim Administrative Measures on Online Games promulgated by it in 2010. Since the National Press and Publication Administration (“NPPA”) became China’s sole regulatory body of online game business in early 2019, it has released a number of policies to guide and regulate the market on different aspects, in particular, on minor protection. However, due to the absence of an overall regulatory framework, the NPPA’s specific requirements and their legal consequences are less systematic and sometimes blurry.

On Dec 22, 2023, the NPPA released the long-awaited draft Online Game Administrative Measures (“Draft Measures”) to solicit public comments by Jan 22, 2024. Despite of the immediate concerns and controversies raised by gaming companies and other stakeholders, the introduction of a comprehensive regulation in game industry will undoubtfully fill the legislative gap and create more regulatory certainty.

Two Major Participants: Publishing Entity and Operating Entity

As game-specific approval (aka, ISBN) is a key administrative measure that the NPPA takes to regulate online game market, the NPPA divides its administrative dimension into two stages, namely prior-launch approval and after-launch supervision. It follows that the NPPA imposes regulatory duties on two entities: a game publishing entity (“Publishing Entity”) that must have an Internet Publishing Permit (“IPP”) in order to file an application for the ISBN to the NPPA and a game operating entity (“Operating Entity”) that must have an ICP License in order to distribute and operate an approved game. Such an approach follows the way the NPPA regulates traditional publishing business where a publishing house (comparable to a Publishing Entity) is in charge of the review and censorship of the content of a book, while bookstores (comparable to an Operating Entity) are in charge of the distribution of books. Though the split of the roles in game market does not make too much sense, such approach has been adopted by the NPPA for many years and is widely viewed as a “Chinese feature” in the regulatory landscape.

However, under such model, the NPPA feels its hands are tied when administrating Operating Entities, because an ICP License is granted by the Ministry of Industry and Information Technology. In other words, the NPPA is unable to impose any administrative power through a license or permit that an Operating Entity must have and maintain for its game operation activities. To close this loophole, the Draft Measures require a Publishing Entity must have an IPP with the business scope of online game publishing (“IPP-Publishing”) issued by the NPPA and an Operating Entity must have an IPP with the business scope of online game operation (“IPP-Operating”) issued by the provincial branch of the NPPA. The conditions for obtaining an IPP-Publishing are same as the requirements under a higher-level regulation, including having 8 qualified editors, which remains a high bar that most game companies are unable to satisfy. The conditions for obtaining an IPP-Operating are no stricter than the requirements for an ICP License that most game companies can meet. Thus, if the Draft Measures are finalized in current form, most gaming companies will simply need to go through some formalities to have an IPP-Operating. Apparently the newly introduced IPP-Operating is not meant to make it more difficult for companies to enter the market, but to bring them into the NPPA’s license/permit system so that to closely influence, monitor and rule them in relation to their game operation activities. By the same token, the Draft Measures also require that the change of registered matters, shareholding structure or ultimate controller of an IPP-Publishing/IPP-Operating holder, as well as the merger or split of the company or the setup of a branch should be subject to the NPPA’s approval. Moreover, an IPP-Publishing/IPP-Operating holder should submit annual reports to the NPPA’s provincial branch according to the Draft Measures.

The Draft Measures also emphasize that an IPP-Operating or IPP-Publishing holder must make sure its servers are located in China, which is required by other relevant laws and regulation.

No Harmful Content in Games Published Outside China

The Draft Measures list forbidden content in games, which has no substantial difference from the existing legal requirements and policies. However, the Draft Measures necessitate Chinese gaming companies to comply with those forbidden content in games targeting non-China users, which is quite controversial considering the NPPA should have no direct jurisdictions over those overseas game publishing activities.

Game Launch within 1 Year After Grant of ISBN

The Draft Measures require a game should go live within 1 year after the issuance of the ISBN, otherwise the Publishing Entity and/or the Operating Entity should explain the reasons in writing to the NPPA’s provincial branch, so that to prevent any company from stocking up ISBNs for any potential illegal use.

No Forced PvP

According to the Draft Measures, users can not be forced to play any PvP mode. In fact, such requirement was adopted by the MOCT before, thus most gaming companies are quite familiar with it and already have solutions to make players to “voluntarily” take part in duels. SLG games are most likely be affected by this requirement.

No Circumvention for Beta Test and Ad-only Games

The Draft Measures target to close loopholes for unlicensed games made available to the public in the name of a Beta test or ad-only games. If a company intends to do any technical test for an unlicensed games, then testers involved should be no more than 20,000, and the tester’s account and game record should be deleted, in addition, such test should be reported to the NPPA’s provincial branch in advance.

No Excessive Spend

The Draft Measures forbid rewards that may induce game addiction or excessive spend, such as for daily log-in, first time purchase or consecutive purchases. To hype or auction virtual items in order to offer them at a high price is also prohibited. In addition, game companies are required to put a cap on in-game spend, articulate the spend limitations in their terms of services and remind users not to spend excessively in pop-up windows.

Apparently, these rules are intended to prevent gaming companies from using the most commonly seen incentive mechanisms to enhance users’ engagement and urge to spend, they immediately became the most controversial part in the Draft Measures. Some companies argue such harsh restrictions are unfair and unnecessary, as similar incentives are widely used by other online businesses, and to encourage users to spend more time or money is determined by the nature of all online business. It’s worth noting that these limitations on in-game spend and live operations will likely be applicable to adult users only, since minors are subject to much stricter in-game spend limits and game hour restrictions in China. Such new rules may greatly change most game companies’ monetization model and user engagement practice once they are formally promulgated.

No Payment Services for Unlicensed Games

To curb commercial operation of any unlicensed game and illegal game operations, the Draft Measures disallow online payment solution providers to integrate their payment services in any unlicensed games or offer any payment services for any illegal game operation activities.

Trading of In-game Currency

The Draft Measures prohibit a company that issues in-game currency from setting up or operating any platform to facilitate the trading of the in-game currencies by users. A in-game currency trading platform can only allow users to use real-name digital RMB when purchasing or selling in-game currency.

Minor Protection

Considering China has already put in place the strictest rules in the world to prevent minors from game addiction, the Draft Measures stipulate these measures in greater details. In addition to reiterating the existing requirements, the Draft Measures prohibit minors’ access to loot box mechanisms and minors’ tipping in live streaming of games, which are not mentioned in any regulatory policies before. It is unknown whether game companies will be required to launch minor only version if loot box is used in gameplay.

Administrative Punishments

Though there are quite lengthy provisions on the consequences for violating the Draft Measures, no new administrative punishment is created due to the relatively low level of this piece of legislation. However, the Draft Measures quote and consolidate the administrative punishments under other relevant laws, such as China’s Cybersecrutiy Law and Personal Information Protection Law, which contain quite high administrative fines and make the Draft Measures look much stricter on the legal consequences.

Aftermath

The release of the Draft Measures caused a great deal of concerns and worries about the business of gaming companies that mainly make money from China market, and reportedly led US$80bn in market value being wiped off from China’s two biggest companies, Tencent and NetEase. The NPPA did not seem well-prepared for such a huge wreck in stock markets and immediately made 3 moves to soften its stance: on Dec 22, it announced the approval of 40 foreign game titles during the trading hours, just a few hour after the release of the Draft Measures; on the next day (Saturday), it responded to the market reaction that the Draft Measures are meant to promote the prosperity and healthy development of the industry, and it will carefully study the feedback and try to improve the next draft; on Dec 25 (Monday), it unprecedentedly granted 105 domestic game approvals in early morning with a clear intention to boost confidence in the stock market.

Outlook

As a draft of new legislation seeking public opinions, the Draft Measures still seem relatively rough and premature considering quite some provisions are less logically sound or too vague/general to put into implementation. Given the drastic reaction in the market and the NPPA’s prompt attempt to change its position, it may take some time for the NPPA to address the concerns of various stakeholders and come up with the next or final version of the Draft Measures, which is expected to, on the one hand, demonstrate the regulator’s attitude to encourage more innovative and high quality games, on the other hand, avoid creating the impression that the regulator may try to crack down on game industry.

— Based on Preliminary Analysis of Several Typical Judicial Cases Released by Pudong New Area People’s Court of Shanghai

On November 10, 2023, Pudong New Area People’s Court of Shanghai (“Pudong Court”) released 50 typical cases regarding the judicial protection of intellectual property (“IP”) at a press conference (“Pudong IP Cases”). The typical cases encompass a variety of IP matters, ranging from traditional issues in the fields of copyright law, trademark law and anti-unfair competition to practical matters like IP-related contractual disputes. This preliminary analysis will briefly address issues relating to interim measures particularly injection relief taken by Pudong Court in Pudong IP Cases. 

1. Injunction system under the current PRC law

In general, injunctive relief serves as a remedy that prohibits a party from doing an act or restrains from doing a threatened act, or mandatorily requires a party to do an act. Injunctive relief has existed in China for many years, particularly in the realm of IP rights (“IPR”), although the Civil Procedure Law of the People’s Republic of China (the “Civil Procedure Law”) did not formally endorse it until 2012.[1]

The Civil Procedure Law stipulates the interim measures which includes both the preservation of evidence and property and the injunctive relief. Such interim measures are available both before and after a litigation is initiated. Where an injunctive relief is sought before a litigation is initiated, the court shall make a decision within 48 hours and the decision should be executed immediately after the decision is made.[2] According to the Civil Procedure Law, the application of injunction relief shall be filed under the urgent situation.[3] 

According to the Provisions of the Supreme People’s Court on Several Issues concerning the Application of Law in Reviewing the Injunction Cases involving Intellectual Property Disputes, taking effect on January 1, 2019 (the “IP Injunction Provisions”), several cases are listed as urgent situations like the disputed IP is about to be at an illegal disposal or the IP of a relatively time-sensitive and hot show or program is or about to be infringed.[4] Furthermore, the IP Injunction Provisions provide that the People’s Court shall consider the following factors when reviewing an application for injunction such as (i) whether the failure to enforce an injunction will cause the applicant’s legitimate rights and interests to suffer irreparable injuries or will lead to the difficulty in executing a judicial ruling and (ii) whether the applicant’s injury due to the failure of issuing an injunction will exceed the respondent’s injury as a result of the enforcement of an injunction.[5]

It is commonly known that the subject matters of IPR are intangible assets, which can be easily reproduced regardless of time and space. In terms of infringement, IPRs are even more vulnerable than tangible property rights, which are more likely to result in extremely severe situations and cause irreversible damages. Injunctive reliefs offer several  advantages  for protecting IPR in the judicial process. Specifically, IP litigation normally involves a rich variety of complex legal, commercial or even technical issues, inevitably requiring the engagement of expert determination and demonstration of evidence. As such, the judicial process would usually last longer, and in the meantime, existing and potential damages would easily get increased if no remedial measures like injunctive relief are taken before a trial.

2. Injunctive Relief in Pudong IP Cases

According to the Judicial Protection of Intellectual Property Rights in Chinese Courts (2022) published by the IP Court of the Supreme People’s Court, courts in Beijing, Tianjin, and Shanghai, issued injunctions against acts such as the piracy of the Beijing Winter Olympics and the Qatar World Cup, which in turn improves the market environment for digital culture. 

Pudong Court further released three representative cases in which the injunctive relief was applied so as to timely protect the IPR before the trial. Below is the basic information of each case:

It is noted from the foregoing typical cases that Pudong Court adhered to the IP Injunction Provisions, thoroughly considered various situations of each case, and eventually issued the injunction in a relatively prudent manner. 

What’s more, considering that all of the foregoing cases are related to the emerging industrial sector such as livestream, online game and video aggregation, when determining whether irreparable damages may exist in a certain case, Pudong Court has given much attention to factors like comparative advantages and market shares may be affecting the industrial landscape as a whole. After all, to tackle IP issues in the digital era, a rich and complex understanding in terms of law and regulations, public policy, economy and commerce, technology and even culture is highly required.

Last but not least, one of the hot topics in IP is about balancing the interests of rightsholders and the public, which is continuously discussed both in the academic circle and the legal practice. Based on the analysis of those typical cases, Pudong Court has also proactively taken into account such balance when deciding to issue an injunction.

3. Looking ahead: increasing application of injunctive reliefs to boost the digital culture

It has been widely recognized that IP is of significant importance. Countries need an effective IP system to bolster innovation and creativity, helping to ensure economic prosperity and a vibrant cultural life. Moreover, the rapid development of the digital economy in China has sparked greater efforts to protect IPR through judicial procedure.

On September 22, 2021, China issued a long-term plan for the development of IPR power, stating that the country’s IPR competitiveness will rank among the top in the world by 2035, with a complete IPR system, prosperous growth in IPR-driven innovation and a better social environment for IPR culture. The injunctive relief, like the IP laws and regulations, is actually brought in from the Western legal regime. We have witnessed that Chinese courts focused more on solving IP disputes concerning new technologies and digital industries in recent years as they sought to adhere to the nation’s development strategy and promote innovation. The improved judicial efficiency is a boon for new businesses like the digital industry. The quick resolution of disputes allows market entities to invest in a fresh round of research and development as soon as possible, thus facilitating the creation of more new technologies.

The injunctive relief is designed to offer IP rightsholders effective measures to beef up IPR protection in disputes, specifically under urgent situations. As more and more injunctive reliefs are issued upon parties’ application in the IP litigation, this may further invite more rightsholders to proceed with such measures prior to an IP trial. With injunctive relief functions as a better safeguard in real cases, IP rightsholders could be protected even under extreme and urgent situations. Similar to other IP protection measures, it is believed that the application of injunctive relief would ultimately stimulate the creation and the economy driven by innovation. 

Currently, China is advancing the revision of laws in the fields of resolving disputes evidenced by the newly amended Civil Procedure Law to take effect on January 1, 2024 and the Arbitration Law in the amending and consultation process. As such, it can better solve disputes efficiently, optimize the arrangement of judicial resources, enhance the usage of technical methods in resolving disputes and effectively meet the public’s diverging expectations on resolving judicial cases in a variety of contexts such as fairness, high-efficiency and expediency. With the release of typical cases concerning the issuance of injunction, we may expect more injunctive reliefs would be taken in the future IP litigation. With respect to the arbitration process, however, injunctive reliefs are still in discussion and rarely filed in real cases, which has become an impediment for parties to choose arbitration for purposes of resolving IP disputes. For purposes of better allocating judicial resources, we would anticipate the usage of injunctions in the arbitration so as to resolve IP disputes more effectively and efficiently.

[1] Wenyan Ding, Application and Review of Civil Preservation of Act, People’s Judicature (Application) Issue 34 (2017), available at: http://yyfx.court.gov.cn/news/xq-622.html, (Accessed 26 November 2023)

[2] See article 103 of the Civil Procedure Law of the People’s Republic of China (Amended in 2023).

[3] See article 103 of the Civil Procedure Law of the People’s Republic of China (Amended in 2023).

[4] See article 6 of the Provisions of the Supreme People’s Court on Several Issues concerning the Application of Law in Reviewing the Injunction Cases involving Intellectual Property Disputes.

[5] See article 7 of the Provisions of the Supreme People’s Court on Several Issues concerning the Application of Law in Reviewing the Injunction Cases involving Intellectual Property Disputes.

The enactment of the Personal Information Protection Law (“PIPL”) in 2021 establishes a legal framework regulating foreign and domestic companies alike in collecting personal information (“PI”) in China and its cross-border transfer (or export, using interchangeably below). PIPL has extra-territorial effect. Foreign companies processing Chinese PI remotely from their home countries are subject to PIPL’s scrutiny, necessitating the establishment of an entity in China or the designation of a Chinese representative. This local entity or representative must comply with PIPL requirements and register with the Cyberspace Administration of China (“CAC”).

According to Article 38 of PIPL, companies exporting PI, regardless of that of Chinese or foreign nationals, must fulfil one of the following options:

a) pass a security assessment by CAC;

b) sign a standard contract with the overseas PI recipient and file it, along with PI Protection Impact Assessment, with the provincial level CAC; or

c) obtain certification from an accredited institution.

Under the Measures for Security Assessment of Data Cross-border Transfer, data processors who:

  • transfer important data;
  • are key information infrastructure operators or PI processors handling PI of over 1 million people; or
  • export PI of over 100,000 subjects or Sensitive PI of over 10,000 subjects since January 1st of the previous year

must apply for security assessments (Option (a)). Options (b) and (c) are not available for them.

PIPL empowers CAC to stipulate rules about Options (a)-(c). CAC has since issued the following regulations to set out deadlines for PI processors:

ConditionDeadlineRelevant regulations
Security AssessmentMarch 1, 2023Measures for Security Assessment of Data Cross-border Transfer
Standard ContractDecember 1, 2023Measures for Personal Information Cross-border Transfer Standard Contract
CertificationNo set deadlineImplementation Rules for Personal Information Protection Certification

Facing these deadlines, foreign enterprises in China have largely taken two approaches: proactive preparation for security assessment or standard contract, or awaiting further clarification or guidance from CAC.

On September 28, 2023, CAC issued the Draft Provisions on Regulating and Promoting Cross-border Data Transfers (“Draft Provisions”), providing exemptions under certain conditions. If a PI processor exports PI of fewer than 10,000 subjects, it may be exempted from fulfilling any of the three options. The consultation period of the Draft Provisions ended on October 15.

Once the Draft Provisions become law, this is good news for foreign companies collecting a small amount of PI in China and export it as part of their business operations. For instance, they may export a Chinese employee’s PI to manage global HR, or collect Chinese consumer’s PI to enrich their worldwide membership database. However, the PI amount and its business value, along with the business benefit derived from such PI export, do not justify disproportionate spending on legal compliance. Leveraging the Draft Provisions, they can claim exemptions from filing with CAC.

But as the second deadline of 1 December for filing the standard contract is now overdue and the final version of the Draft Provisions has not yet been released, these foreign companies which have previously taken a wait-and-see approach are now anxious about compliance issues. The first question popping into their head would be:

What is the legal consequence if we fail to file with CAC before the deadlines?

This article aims at answering the question, applicable even when the Draft Provisions become law. Preparing a precise response is challenging, as the laws are new and the deadlines not yet long overdue. Precedents are scant. No penalty has yet been issued for missing the deadlines. Given these restrictions, this article tries to offer insights from both a legal interpretation and practical perspective.

Legal interpretation

Chapter 7 of PIPL, titled “Legal Responsibility”, stipulates consequence for non-compliance by a PI processor.

Legal responsibility under PIPL includes administrative and civil liability. For criminal liability, Article 71 of PIPL defers to the Criminal Law of the People’s Republic of China. Article 286 of the Criminal Law stipulates certain criminal liabilities in extreme cases of non-compliance under the Crime of Refusing to Fulfill Information Network Security Management Obligations.

For administrative liability, Article 66 of PIPL provides directives for different violation levels, ranging from rectification orders and warnings to fines and business shutdowns. Article 67 records violations in the credit rating of the violating entity.

Article 66 (1) of PIPL subdivides violation into three levels, depending on the seriousness of the breach. For the first level, petty violation, CAC can issue the following decisions:

  • Rectification order,
  • Warning,
  • Confiscation of illegal gain, and
  • Order for suspension or termination of service.

If the violator fails to comply with the rectification order, it is subject to the second level liability, which includes:

  • A fine of below RMB 1 million yuan (approx. US$143,000) imposed on the PI processing entity, and
  • A fine of RMB 10,000-100,000 yuan (approx. US$1,430-14,300) for responsible person(s).

For more aggrieved circumstances, the highest-level administrative penalty is stipulated in Article 66 (2), which empowers provincial level CAC to issue the following decisions:

  • Rectification order,
  • Confiscation of illegal gains,
  • A fine of not more than RMB 50 million yuan (approx. US$7.15 million) or less than 5% of the previous year’s turnover,
  • Business suspension,
  • Business shutdown for rectification,
  • Notification to relevant authorities to revoke business license,
  • A fine of RMB 100,000 – 1 million yuan (approx. US$14,300 – US$143,000) for responsible person(s), and
  • Prohibition of that person(s) serving as a director and other responsible position in a company.

Civil liability is briefly mentioned in Articles 69-70 without going into detail about how damages are measured. Article 69 introduces a reversed burden of proof. If a PI processor infringes upon PI rights and causes damage, but cannot prove that it is not at fault, it shall bear the liability for infringement such as compensation for damages.

Article 70 introduces the concept of class action. The People’s Procuratorate, consumer organizations and organizations determined by CAC may file a lawsuit with the People’s Court on behalf of a group of affected individuals.

In practice

Without precedent cases for reference, foreign companies may find it challenging to gauge the actual risk level for not meeting the deadlines. The risk level would definitely increase over time.

CAC is aware of business justifications for foreign companies to export certain PI back to their headquarters in home countries. In practice, there is no technical means to detect all PI export activities in China and penalize all violators in one go. Unavoidably, CAC may focus enforcement actions on cases which possess higher risk to the Chinese PI subjects, society and national security as a whole.

Depending on certain factors, foreign enterprises may experience different challenges in conducting their compliance activities in China. Companies may consider the following non-exclusive list of factors in their risk assessment and preparing an appropriate level of compliance activities that they find fitting:

FactorCommentary
PI SensitivityPIPL affords a stronger protection to Sensitive PI, as defined by the law and National Standard. Priority should be given to PI considered particularly sensitive in the Chinese context, for example biometric data, credit ratings, medical records, PI of minors and financial data. A foreign company exporting a substantial amount of Sensitive PI, should plan ahead in their compliance activities.  
Industry sectorsCAC may consider certain business sectors as strategic, under which any PI collected and exported would likely invite more scrutiny from the authority. While not explicitly stated in the law, foreign PI processors in areas such as finance, education, medical, telecom, transportation, energy, and advanced technology (e.g. AI, electric vehicle, microchips, robotic, life science) are advised to pay more attention to PI compliance issue.  
Scale of PI exportDestination – Chinese PI being exported to a country lacking legal and technical protection for PI would certainly raise eyebrows at the Chinese authority. Even if the recipient country has a sophisticated legal framework on PI protection, inconsistencies with PIPL or discriminatory measures against Chinese PI may prompt CAC intervention.   PI Amount – The higher the amount of PI export, the riskier the exporter is for being accused of non-compliance.   PI Scope – To calculate whether the amount of PI export has reached a certain threshold, all PI belonging to the same PI individual would be considered as one count only. A foreign company exporting a smaller amount of PI may not reach the threshold of a security assessment. However, if it exports a large scope of PI for the same person that goes beyond usual items like name, sex, date of birth, telephone number, etc., its risk level may increase.   Duration – PIPL requires PI processors to delete PI upon completion of the stated processing purpose. If a piece of PI stays overseas for too long without a proper retention and deletion process, CAC may challenge the entire PI export activity.
Location of foreign companies in China  Exporting PI from a major Chinese city (Beijing, Shanghai, Shenzhen, etc.) is a double-edged sword. On one hand, that invites scrutiny from a more proactive provincial CAC bureau that is eager to enforce PIPL. These local bureaus are, however, also more experience in resolving PI exporting issues faced by a foreign company and more ready to provide guidance. Foreign companies setting up a branch office in China are advised to stay closely in touch with their local CAC.
Origin of foreign companies  A foreign investor from a more PI law-advanced country may be more reputed in its PI export activities. But if China’s relationship with this country turns sour, any activity of this investor would be in the limelight.
Other factorsOther dynamic factors such as government attitude, public and media opinion, and PI leakage incidents, may change from time to time but are crucial for foreign companies to measure their risk level in Chinese PI compliance.

Conclusion

While the factors above affect the likelihood of CAC’s accusations, violation occurrence remains a fact. A time bomb is ticking. It is advised for even low-risk foreign companies to engage third-party assessors for PI export compliance activities. These activities may include:

  • PI Protection Impact Assessment: even if they are not prepared to file an application with CAC, organizations are required under Article 55 of PIPL to conduct an impact assessment for any cross-border PI transfer.
  • Consent Management: Organizations must obtain explicit consent from individuals before transferring their PI across borders. The consent process should be transparent, and individuals should be informed about the purpose, scope, and destination of the PI transfer.
  • Data Localization: PIPL emphasizes PI localization requirements, meaning that certain types of PI must be stored within the borders of mainland China. Organizations should assess the types of PI they are collecting and ensure compliance with localization requirements.
  • Security Measures: Implementing appropriate security measures to protect PI during its export is crucial. This includes encryption, access controls, and other safeguards to prevent unauthorized access, disclosure, alteration, and destruction of PI
  • Contractual Obligations: Organizations engaging in PI export should establish clear contractual agreements with overseas PI recipients, outlining the responsibilities and obligations of each party in ensuring the protection and lawful use of the transferred PI.
  • Notification and Transparency: Individuals should be informed about the cross-border transfer of their PI, and organizations should be transparent about their PI processing practices. Notification may be required before or after the transfer.
  • Recordkeeping: Maintaining records of cross-border PI transfers is essential for compliance. Organizations should be able to demonstrate to regulatory authorities that they are handling PI in accordance with the law.
  • PI Subject Rights: Ensure that individuals have the right to access, correct, and delete their PI even when it is transferred across borders. Organizations should establish mechanisms for individuals to exercise their PI subject rights.
  • Compliance Audits: Regularly conduct internal audits to assess compliance with PIPL and related regulations. Audits can help identify areas for improvement and ensure that the organization’s practices align with legal requirements.

Businesses operating in China or dealing with Chinese citizens’ PI should stay informed about the latest regulations and non-legal updates, such as PI news in China and China’s diplomatic relationship with other countries. The regulatory and other PI landscape can evolve, and companies should regularly review their PI protection policies and practices to align with the current circumstances.

For the most up-to-date and accurate information, it is recommended to consult CAC directly or other legal professionals in China.

Guiding Cases 199-201 Issued by the PRC Supreme People’s Court – Further Steps Toward a Pro-Arbitration Regime

On December 30, 2022, the Supreme People’s Court of the People’s Republic of China (“SPC”) released its 36th batch of six guiding cases, all of which relate to the judicial review of arbitration awards. Our previous article focused on the first three guiding cases (Guiding Cases 196, 197, and 198) which addressed several critical issues related to arbitration agreements. This article elaborates on the context and pivotal holdings of the three remaining cases—Guiding Case 199, 200 and 201.

Guiding Case 199: Public Interest Related to Cryptocurrency

Guiding Case 199 (Gao Zheyu v. Shenzhen YunSilk Road Innovation Development Co. Ltd and Li Bin) – recognized[1] as the first Chinese case concerning setting aside of an arbitral award involving bitcoins – is one of the rare cases in recent years where Chinese courts have invoked the concept of “public interest” to annul an award.

China’s strict regulatory stance towards cryptocurrency stands in contrast to the broader recognition of cryptocurrency in a few neighboring jurisdictions (e.g., Hong Kong[2] and Singapore [3] ). Back in 2017, seven Chinese authorities (including the People’s Bank of China and the China Securities Regulatory Commission) jointly issued the Announcement on Preventing the Financing Risks on Initial Coin Offerings[4]. Article 3 of the Announcement strictly prohibits any financial institution operating in China from offering cryptocurrency-related services, including pricing, intermediation or engaging in the buying or selling of cryptocurrency.

The arbitral award, which was set aside by the court, mandated that the respondent compensate the claimant a certain amount of Chinese Yuan equivalent to the bitcoins owed by the respondent to the claimant. In determining the value of the bitcoins, the tribunal referred to the bitcoin price provided on the Okcoin[5] website. This award, which sparked intense debate, was eventually set aside by the Shenzhen Intermediate People’s Court on the ground that it, in effect, facilitated the exchange between the bitcoin and fiat currency, resulting in the violation of the stability and integrity of the Chinese financial market and public interest.

This guiding case, without doubt, conveys a clear message of Chinese courts’ stance on implementing stringent supervision over cryptocurrencies. However, taking a step back, if the award merely required the respondent to compensate the claimant with a certain number of bitcoins or allowed the value of the bitcoins to be determined through parties’ negotiation instead of by reference to the price from a third-party website, would such award be enforceable? In the authors’ view, that remains an open question. As a case in point, in Sun Dingshang v. Xie Zuozheng[6], the court confirmed the validity of directly returning the bitcoins; and in a case shared by the Shanghai High Court[7], the plaintiff, through negotiations between the parties, waived the request for the defendant to return one bitcoin and instead agreed to receive a certain amount of Chinese Yuan as compensation.

Thus, while the guiding case is consistent with China’s regulatory bottom line for cryptocurrency-related issues, the extent to which courts will tolerate similar arbitral awards remains to be elucidated through future cases.

Guiding Case 200: Proactive Attitude in Harmonizing Expedited Arbitration and Ad Hoc Arbitration

Guiding case 200 (SvenskHonungsfora–dlingAB v. Nanjing Changli Bees Product Co. Ltd) reflects Chinese court’s consistent pro-enforcement stance towards foreign arbitration awards adjudicated in the way of ad hoc arbitrations.

As a general matter, ad hoc arbitrations are not recognized under the PRC Arbitration Law, which requires that an effective arbitration clause must designate a specific arbitration commission. The key issue before the Nanjing Intermediate People’s Court was whether, notwithstanding this provision, a foreign ad hoc arbitration initiated by the parties was in conformity with the parties’ dispute resolution clause that “in case of disputes governed by Swedish law and that disputes should be settled by Expedited Arbitration in Sweden.” The court found that ad hoc arbitration and expedited arbitration share the features of efficiency, convenience and economy, and are both focused on simplifying arbitration procedures, shortening arbitration time and reducing arbitration costs. Based on the above reasons, the court held that the term of expedited arbitration in the dispute resolution clause does not exclude resorting to ad hoc arbitration to solve the parties’ dispute.

It is noteworthy to consider, alongside Guiding Case 200, the development of ad hoc arbitration in China. Early in 2016, the SPC has officially opened the door for companies registered in free trade zones (“FTZs”) to submit their disputes to ad hoc arbitrations.[8] However, it was not until 30 June 2023 that the first ad hoc arbitration award in China was adjudicated based on the ad hoc arbitration rules of China Maritime Law Association[9], with the institutional assistance of the China Maritime Arbitration Commission. Another significant milestone in the development of ad hoc arbitration in China was the release of the Notice Regarding Requesting Public Comments on the Bills to Revise the Arbitration Law (Exposure Draft)[10] in 2021. According to Article 91 of the Exposure Draft, parties are entitled to refer foreign-related commercial disputes to an ad hoc arbitral tribunal. Whilst not applicable to domestic cases and confined to commercial disputes, this proposed change is a step forward for China to further align with the international arbitration practice.

In sum, the pro-enforcement attitude towards foreign awards issued in ad hoc arbitrations, positive attempts of applying ad hoc arbitrations in FTZs, and the latest amendments in the Exposure Draft all signify China’s readiness to take steady steps to modify its arbitration laws and regime to align with international practice. Whether ad hoc arbitration, as a relatively new concept in China, can effectively serve its function and flourish in China remains to be observed.

Guiding Case 201: Clarifying the Concept of “Sports Arbitration”

in China

Guiding Case 201 arose out of a Professional Coach Contract signed between a Serbian coach and a Chinese football club. The Chinese football club was required to pay the outstanding wages to the coach pursuant to an award rendered by FIFA Players’ Status Committee (“FPSC”)—an internal dispute resolution body in the football field. Due to respondent’s non-fulfillment of the award, claimant brought this award to Chinese local court for enforcement based on the New York Convention.

During the trial, the Shanghai First Intermediate People’s Court was faced with two major issues—(1) whether the award rendered by FPSC counts as an arbitral award under New York Convention; and (2) whether the arbitration clause—“In the case of disputes over which FIFA does not have jurisdiction, the parties shall submit such disputes to the CAS”—excludes the court’s jurisdiction over the current case.

Regarding the first issue, the court held that because FPSC is a self-governing internal dispute resolution body with the enforcement of the award primarily relying on the self-governing mechanism within the football industry—instead of an independent arbitral institution—the award does not possess binding force. Moreover, the award issued by FPSC is not final because such award does not preclude the parties from seeking recourse to the local court or CAS. In light of the above reasons, the court ruled that the award rendered by FPSC does not fall within the definition of an “arbitral award” under the New York Convention. From the court’s reasoning, it can be observed that Chinese courts typically place significant weight on the criteria of “Independence,” “Binding Force,” and “Finality” when interpreting the term “arbitral award” in the context of the New York Convention.

Regarding the effect of the arbitration clause in the contract, the court took a two-step approach. After confirming the validity of the arbitration clause, the court elaborated that as the pre-condition of initiating CAS arbitration was not satisfied, i.e., because FIFA had exercised its jurisdiction over the dispute, the clause was rendered unenforceable. Based on this, the court ruled that an unenforceable arbitration clause could not exclude the court’s jurisdiction.

An interesting hypothetical question arising from this case is whether, in the event that the dispute is submitted to CAS and an award is rendered by a CAS tribunal, such award would be recognized as an “arbitral award” under the New York Convention. Given that CAS, as a sports arbitral institution, deals with a wide range of disputes covering not only commercial issues but also areas like sponsorship and doping, the authors’ opinion is that Chinese court’s stance regarding CAS awards would remain ambiguous. And this ambiguity is further compounded by China’s declaration of “Commercial Reservation” when ratifying the New York Convention.

Concluding Thoughts

The 36th batch of six guiding cases clarifies multiple significant issues concerning both domestic and international arbitration in China. At the same time, considering the ongoing substantial revision of the PRC Arbitration Law, there is much anticipation for the future arbitration practice within this regime.

Note: 

[1] https://www.bjac.org.cn/news/view?id=4068

[2] For example, in the landmark decision of Re Gatecoin Limited (In Liquidation) [2023] HKCFI 914 issued this year, the Court of First Instance of Hong Kong, for the first time. held that cryptocurrency constitutes property under Hong Kong Law.

[3] For example, under the Payment Services Act 2019 of Singapore, cryptocurrencies are considered digital payment tokens regulated by the Monetary Authority of Singapore. The Monetary Authority of Singapore states that the Payment Services Act 2019 “provides for regulatory certainty and consumer safeguards, while encouraging innovation and growth of payment services and FinTech.”

[4] https://www.gov.cn/xinwen/2017-09/04/content_5222657.htm

[5] https://www.okcoin.com/

[6] https://law.wkinfo.com.cn/judgment-documents/detail/MjAzMTUxMTE2Njk%3D?searchId=68d9479f8ebe47cbaad22af67cccffe8&index=1&q=%EF%BC%882020%EF%BC%89%E6%B5%9903%E6%B0%91%E7%BB%88347%E5%8F%B7&module=&summary=%E6%B5%99%E6%B1%9F%E7%9C%81%E6%B8%A9%E5%B7%9E%E5%B8%258

[7] https://mp.weixin.qq.com/s/4KH68E0MVhxjgyeWgJAHOA

[8] https://cicc.court.gov.cn/html/1/218/62/409/410.html

[9] https://cmac.org.cn/data/upload/image/20220318/1647588189657054.pdf

[10] http://www.moj.gov.cn/pub/sfbgw/lfyjzj/lflfyjzj/202107/t20210730_432967.html

The Basic Requirements for the Security of Generative Artificial Intelligence Services

Recently, the National Information Security Standardization Technical Committee (“TC260“) issued the Basic Requirements for Security of Generative Artificial Intelligence Services (Draft for Soliciting Opinions) (“Draft Requirements“).[1]This is China’s first national standard that specifically puts forward specific security requirements for generative artificial intelligence (“GAI“), and also assists the implementation of the Interim Measures for the Management of Generative Artificial Intelligence Services (“GAI Measures“) in practice.

The Draft Requirements provide basic guidance on the security issues facing GAI services regarding training data security, model security, security measures, security evaluation, filing applications, security assessments, and other matters, which we explore in more detail below based on China’s existing artificial intelligence governance framework, judicial practice in related fields, and our practical experience.

Outline of the Existing Legal Framework

China has not promulgated a dedicated artificial intelligence (“AI“) law. Applicable rules governing AI-related fields are spread across a patchwork of laws (such as the Personal Information Protection Law (“PIPL“), the Data Security Law and the Cybersecurity Law (“CSL“)), regulations, policies, and standards, coming from different legislative bodies at different levels of the government.

The National Cyberspace Administration (“CAC“) and other departments have issued the following 3 overlapping administrative regulations to implement laws and regulate AI:

  • Administrative Provisions on Algorithmic Recommendation in Internet-Based Information Services 2021
  • Administrative Provisions on Deep Synthesis in Internet-Based Information Services 2022
  • Interim Measures for the Management of Generative Artificial Intelligence Services 2023

In addition, other regulations in different fields are deeply influencing the regulation of China’s AI industry, such as:

  • Opinions on Strengthening the Governance of Scientific and Technological Ethics
  • Measures for the Review of Science and Technology Ethics
  • Provisions on the Security Assessment for Internet-based Information Services Capable of Creating Public Opinions or Social Mobilisation.

Scope of the Draft Requirements

The Draft Requirements outline the basic security requirements for GAI services and cover aspects such as data sources (语料安全), model security (模型安全), security measures (安全措施), security assessments (安全评估), and more.

It applies to organisations and individuals providing GAI services to the public within China, and its purpose is to enhance the security level of these services.

The Draft Requirements allow for self-assessments by GAI service providers or assessments conducted by third parties. It can also serve as a reference for relevant regulatory authorities to evaluate the security of GAI services.

Normative References

The Draft Requirements reference the following standards:

  • GB/T35273 Information Security Technology Personal Information Security Specification: This standard was released earlier than the PIPL. It puts forward detailed requirements for the principles of personal information processing and full life cycle processing activities. It is an important reference for regulatory authorities when enforcing the law. While some of its requirements are inconsistent with PIPL, it remains an important reference source.
  • The CSL: The CSL can be considered one of the cornerstones of the Chinese legal framework regulating online activities, including providing GAI services. The security requirements of the Draft Requirements generally align with those in the CSL.
  • Provisions on Ecological Governance of Network Information Content 2019 (“Content Provisions“): The Content Provisions regulate online content in China. The prohibitions in Appendix A of the Draft Requirements generally align with those in the Content Provisions and, in some cases, provide more detail and specification. However, the list of prohibitions in Appendix A does not fully replicate that found in the Content Provisions.
  • TC260-PG-20233A Cybersecurity Standard Practice Guide – Generative Artificial Intelligence Service Content Identification Methodology: This contains content labelling guidelines.
  • Interim Measures for the Administration of Generative Artificial Intelligence Services 2023: The Interim Measures are regulations that directly govern GAI services. The Draft Requirements and the previously released TC260-PG-20233A are supporting documents for the GAI Measures, which provide more specific and practical requirements. The correspondence between the three is as follows:
Category

Basic Security RequirementsRelevant Laws & Regulations
Training Data SecuritySource SecurityArticle 7 (1) of GAI Measures
Content SecurityArticles 4 & 7 of GAI Measures
Label SecurityArticle 8 of GAI Measures
Model SecurityModel Source ComplianceArticle 7 (1) of GAI Measures
Generate Content SecurityArticle 14  of GAI Measures
Transparency, accuracy, and reliabilityArticle 4 (5) & 10  of GAI Measures
Security MeasuresSpecial population protectionArticle 10  of GAI Measures
Personal Information ProtectionArticle 9 of GAI Measures
Input Information ProtectionArticle 11 of GAI Measures
Content identificationTC260-PG-20233A
User complaint reporting channelsArticle 15 of GAI Measures

Terms and Definitions

The Draft Requirements provide several key terms and definitions that are essential to understanding their content:

  • Generative Artificial Intelligence Service: This is defined as “Artificial intelligence services based on data, algorithms, models, and rules that are capable of generating text, images, audio, video, and other content based on user prompts.” It would perhaps be more helpful to readers if AI were also defined within the Draft Requirements. A more general definition for AI systems can be found in GB/T 41867-2022, Information Technology – Artificial Intelligence – Terminology, which defines AI systems as “a class of engineering systems that are designed with specific goals defined by humans, generating outputs such as content, predictions, recommendations, or decisions…” We suspect that several technologies could fall within the scope of this definition that people would not normally consider AI, such as pocket calculators.
  • Provider: A provider is defined as “Organisations or individuals that provide generative artificial intelligence services to the public in China in the form of interactive interfaces, programmable interfaces, etc.” This definition restricts providers to those providing GAI services to the public in China while leaving the form of services open.
  • Training Data: This is defined as all “data directly used as input for model training, including input data during pre-training and optimisation training.”
  • Illegal and Unhealthy Information: This is a collective term for following 11 types of illegal information and 9 types of undesirable information noted in Content Provisions:
  •  
Illegal InformationUndesirable Information
Content opposing the basic principles established by the Constitution.Content using exaggerated titles, with serious inconsistency between content and title.
Content endangering national security, disclosing state secrets, subverting state power or undermining national unity.Hyped gossip, scandals, misdeeds, etc.
Content harming the honour or interests of the State.Improper comment on natural disasters, major accidents and other disasters.
Content distorting, vilifying, desecrating or denying the deeds and spirit of heroic martyrs, or infringing upon their names, portraits, reputation or honour by insulting them, slandering them or other means.Content making sexual suggestions, sexual provocations, etc., which is prone to cause association with sex.
Content propagating terrorism or extremism or inciting the implementation of terrorist or extremist activities.Content showing blood, horror, cruelty, etc., which causes physical and mental discomfort.
Content inciting national hatred or discrimination or undermining national unity.Content inciting mass discrimination, regional discrimination, etc.
Content undermining the State’s religious policies or propagating heresy or feudal superstition.Propagation of vulgar, obscene, and kitsch content.
Content spreading rumours or disturbing the economic and social order.Content that is likely to cause minors to imitate unsafe behaviour, violate social morality or induce minors to form bad habits, etc.
Content spreading obscenity, pornography, gambling, violence, murder or terror, or abetting crimes.Other content that has adverse effects on the network ecology.
Content insulting or slandering others, infringing upon others’ reputation, privacy or other legitimate rights and interests. 
Other content prohibited by laws and administrative regulations. 

It can sometimes be difficult to delineate the boundaries of illegal and undesirable information precisely. This could make some GAI service providers overly cautious or relaxed when categorising information.

  • Sampling Qualified Rate: In the context of security assessments, the proportion of a sample that does not include any of the 31 security risks listed in Appendix A of the Draft Requirements. It is perhaps more helpful to express it as follows:

× 100

General

The Draft Requirements not only specify specific requirements for GAI services in terms of training data security, model security, security measures, and the like. They also provide additional specifications and details on the procedures and content of security assessments for GAI services. According to Article 17 of the GAI Measures, those who provide GAI services with attributes of public opinion or social mobilisation shall conduct a security assessment in accordance with relevant national regulations and fulfil algorithm filing procedures. On 31 August 2023, 11 major model service providers became the first batch of enterprises to pass the GAI service filing. [1]

The Draft Requirements explicitly state that GAI service providers should conduct a security assessment before submitting a filing application to begin providing services with the relevant regulatory authorities, and they should submit their internal assessment results and supporting materials at the time of filing. Service providers can conduct security assessments themselves or entrust third parties for the assessment. The content of the security assessment should cover all the provisions of the Draft Requirements, and each provision should form a separate assessment conclusion, which, along with relevant evidence and supporting materials, forms the final assessment report.

In recent years, assessments conducted by companies themselves or by third-party service providers have gradually become an important compliance obligation in various fields, such as the risk assessment required when handling important data by automotive data processors or the ethical assessment required for technology activities. This current legal framework sometimes also stipulates that security assessments are a prerequisite for filing, such as personal information protection impact assessment reports, which must be submitted when filing the standard contract issued by the CAC for personal information outflows.

It is worth noting that although companies themselves conduct these assessments, regulatory authorities may provide feedback or request modifications to the assessment report. Therefore, we recommend that companies communicate with relevant departments before conducting a security assessment for GAI services or when complications arise during such an assessment to ensure that the assessment meets both the form and substance of regulatory requirements.

Training Data Security Requirements

As discussed above, in the Draft Requirements, the term training data (“语料”) refers to all data directly used as input for model training, including data used in pre-training and fine-tuning processes. While the Draft Requirements appear to be introducing a new concept, from its definition and the English translation provided in the draft (“Training Data”), it appears that “语料” in the Draft Requirements and “训练数据” in the GAI Measures should both refer to training data. Therefore, the necessity of creating a new concept in the Draft Requirements in this context is subject to debate.

When using training data to train artificial intelligence, service providers should avoid using illegal or harmful information and refrain from infringing upon the legitimate rights and interests of third parties, including but not limited to data rights, intellectual property rights, and personal information rights.

For example, in the past, PenShen ZuoWen publicly accused its partner Xue Er Si of unlawfully scraping data from servers without consent and using that data for training an upcoming large AI model.[1] Similarly, in foreign countries, companies like OpenAI, Google, and Stability AI Inc. have faced lawsuits for using training data suspected of copyright infringement. [2]

Keywords

Keywords are referred to in Sections 5.2 and 8.2 of the Draft Requirements. Section 9.1 of the Draft Requirements specifies what a comprehensive keyword library should contain. Keywords should generally not exceed 10 Chinese characters or 5 words in any other language. The library needs to be extensive, containing no fewer than 10,000 keywords. Furthermore, to ensure inclusivity, the library must include at least 17 types of security risks, as listed in Appendices A.1 and A.2. Each of the security risks in Appendix A.1 should have no fewer than 200 associated keywords, while those in Appendix A.2 should have no fewer than 100.

Data Rights Protection

The Draft Requirements stipulate that service providers must refrain from using data with conflicting rights or unclear origins. They must also possess proof of the legality of the data source, such as authorised agreements, transaction contracts, or legally binding documents.

In addition to the requirements listed in the Draft Requirements, service providers must also comply with other legal regulations regarding data rights. Data rights can be protected in China through the Anti-Unfair Competition Law and its implementing regulations. While no direct legal provisions exist, a mature set of rules have evolved through judicial rulings. For example, the Chinese courts have determined the scope of lawful use by assessing whether using web scraping technology “violates the principles of honesty and commercial ethics.” The following behaviours may violate business ethics and principles of honesty and credit:

  • Violating a target website’s Robots.txt file and user agreements;
  • Excessively or inappropriately using the scraped data;
  • Failing to protect consumer rights adequately;
  • Obstructing or disrupting the normal operation of other legitimate online products or services operators provide.

Intellectual Property Protection

The Draft Requirements mandate that service providers establish an intellectual property management strategy and designate an intellectual property manager for the corpus and generated content. Before using the corpus for training, individuals responsible for intellectual property matters should identify cases of intellectual property infringement within the corpus, including but not limited to copyright, trademark, patent, and trade secret infringements.

Additionally, service providers should take measures to enhance the transparency of intellectual property protection for GAI services:

  1. Establish channels for complaints and reports related to intellectual property issues and allow third parties to inquire about the usage of the corpus and associated intellectual property situations.
  2. Disclose summary information about the intellectual property aspects within the training corpus.

Protection of Personal Information Rights

There should be an appropriate legal basis when using data containing personal information. Article 13 of the PIPL stipulates seven legal bases, including consent, necessity for contract performance, and statutory obligations. However, in practice, most GAI services still rely on the consent of data subjects to meet the legal requirements for personal information processing.

In Section 5.2(c) of the Draft Requirements, service providers are specifically required to obtain written authorisation and consent from the corresponding data subjects when using data containing biometric information such as facial features. Written consent is a more stringent form of consent. In situations where laws and regulations require the written consent of individuals, personal information processors must express what is being consented to in a tangible form, such as paper or digital documents, and obtain the individual’s consent through active signing, sealing, or other forms.

According to the upcoming national standard, Information Security Technology – Guidelines for Notification and Consent in Personal Information Processing, which takes effect in December 2023, written consent must be explicitly expressed in text and cannot be obtained through methods like clicks to confirm, click to agree, upload submission, login use, or photography.

Currently, Chinese law does not require personal information processors to obtain written consent for processing biometric information like facial features. Article 14 of the PIPL clearly states that only laws and administrative regulations can establish provisions for written consent. Therefore, the specific requirements in Draft Requirements Section 5.2(c) do not have a clear legal basis.

Model Security Requirements

As AI continues to evolve and play an increasingly integral role in our lives, the need for model safety and reliability has become paramount. As such, the Draft Requirements contain a section dedicated to content security, transparency, accuracy, and reliability.

Content Security

A fundamental concern in AI development is generating safe and reliable content. The Draft Requirements address this issue with several crucial points:

  • Use of Registered Base Models: AI service providers are instructed not to use base models not registered with the relevant regulatory authorities.
  • Content Safety Throughout the Development Process: Content needs to be considered throughout an AI model’s lifecycle. During the training process, it is essential to evaluate content safety as a primary indicator of model quality. The goal is to ensure that the model generates safe and appropriate content. We believe that Regulators would consider a model with a high Sampling Qualified Rate to be comparatively safer.
  • Real-time Content Safety Checks: AI models should incorporate real-time security checks during user interactions. Any security issues identified during service provision or regular monitoring should prompt targeted adjustments, including fine-tuning and reinforcement through methods like machine learning.
  • Defining Model-Generated Content: Model-generated content refers to the unprocessed, direct output of the AI model. It is essential to clarify this definition to ensure consistent understanding and adherence to content security standards.

Transparency

Transparency is key to model security, providing users with information about the service and its functioning. The Draft Requirements emphasise transparency through various stipulations:

  • Public Disclosure on Websites: AI services provided through interactive interfaces, such as websites, should prominently display information about the service’s intended audience, use cases, and third-party base model usage. This transparency helps users make informed decisions regarding service usage.
  • Limitations and Technical Information: Interactive GAI services must also clarify their limitations and provide an overview of the model’s architecture, training framework, and other essential technical details that aid users in understanding how the service operates. This may not be easy for some organisations as they may not fully understand how their model(s) operate internally due to the Black Box Effect. As such, some organisations may only be able to achieve compliance on a relatively shallow basis.
  • Documentation for API Services: For services provided through programmable interfaces, essential information should be made available in documentation accessible to users.

Content Accuracy and Reliability

Content accuracy and reliability are critical to ensuring AI services provide meaningful and dependable responses. The Draft Requirements focus on these aspects with the following expectations:

  • Accurate Content Generation: AI models should generate content that accurately aligns with the user’s input intent. The content should also adhere to scientific knowledge and mainstream understanding and be free from errors or misleading information. Achieving alignment with a user’s input intent might be a challenge in many instances because of technical and linguistic limitations.
  • Effective and Reliable Responses: AI services should provide logically structured responses, contain highly valid content, and be genuinely helpful to users in addressing their queries or concerns.

Security Measures Requirements

The Draft Requirements contain seven essential security measures that AI service providers should follow to promote safety, transparency, and regulatory compliance. We discuss these requirements below.

  • Justification: Providers should thoroughly demonstrate the necessity, suitability, and safety of using GAI across various fields within their service scope. In cases where AI services are deployed in crucial contexts like critical information infrastructure, automatic control, medical information services, or psychological counselling, providers should implement protection measures appropriate to the level of risk involved.
  • Protecting Minors: When AI services cater to minors, several safeguards are required: allowing guardians to set anti-addiction measures for minors, protected with passwords; imposing limits on daily interactions and duration for minors, and requiring a management password if exceeded; requiring the consent of a guardian before content can be consumed; and filtering out content that is not suitable for minors, ensuring the display of content that promotes physical and mental well-being.
  • Personal Information Handling: The Draft Requirements stipulate that AI providers must handle personal information following China’s personal information protection requirements and explicitly references “existing national standards, such as GB/T 35273, etc.” As discussed above, while GB/T 35273 is highly regarded, it predates the PIPL and does not perfectly align with it.
  • User Data Usage for Training: Prior consent should be obtained from users for using their input for training purposes. Users should have the option to disable the use of their inputs for training. Accessing privacy options from the main interface should be user-friendly, requiring no more than four clicks. Users must be clearly informed about data collection and the method for opting out.
  • Content Labelling: Content labelling must conform to guidelines established in TC260-PG-20233A, Cybersecurity Standard Practice Guidelines – Generative Artificial Intelligence Service Content Identification Methodology. This includes clearly identifying display areas, textual prompts, hidden watermarks, metadata, and specific service scenarios. We note the watermarking technologies are relatively immature at present.
  • Complaint Reporting Mechanism: GAI service providers must establish channels for receiving complaints and reports from the public and users. This can include telephone, email, interactive windows, SMS, and more. Clear rules and defined timeframes for resolving complaints and reports should be in place.
  • Content Quality Assurance: For user queries, AI services must decline to respond to obviously radical or illegal content. Supervisors should be designated to enhance content quality in alignment with national policies and third-party feedback, with the number of supervisors reflecting the service’s scale.
  • Model Updates and Upgrades: Providers should develop a robust security management strategy for model updates and upgrades. After significant updates, a security assessment should be conducted, and models should be re-filed with the relevant authorities as required.

Security Assessment Requirements

Providers are expected to conduct comprehensive security assessments, including corpus safety, generated content safety, and question rejection, with specific criteria for each aspect to ensure responsible and safe deployment of generative AI services.

Comprehensive Security Assessments for Responsible AI Deployment

Providers should conduct security assessments either before service deployment or during significant updates and have the option to choose internal or third-party evaluators. Each clause within the Draft Requirements should be assessed to produce a distinct assessment result of either “compliant,” “non-compliant,” or “not applicable.” Assessment results should be supported with evidence. In cases where format constraints prevent certain outcomes from being included, they can be appended to the report. Self-assessments require signatures from at least three key figures, such as the legal representative, the security assessment lead, and the legality assessment lead.

Assessing Corpus Safety

Evaluating corpus safety entails a very granular review. At least 4,000 randomly selected training data items must be inspected manually, demonstrating a Sampling Qualified Rate of 96% or higher. Additionally, keyword and classification model inspections necessitate random sampling of no less than 10% of the training data, achieving a Sampling Qualified Rate of 98% or higher. The keyword library and classification model should comply with the specifications outlined in Section 9.

Evaluating Generated Content Safety

To assess generated content safety, a random sample of at least 1,000 test questions should maintain an acceptance rate of 90% or higher. The same criteria apply to keyword and classification model inspections, involving random sampling of at least 1,000 test questions with an acceptance rate of 90% or higher.

Test questions should come from a comprehensive content testing question bank designed to evaluate AI-generated content’s adherence to security standards. It should comprise no fewer than 2,000 questions. The question bank must comprehensively cover all 31 security risks in Appendix A. Each risk in Appendices A.1 and A.2 should be represented by no fewer than 50 questions, while other security risks should have at least 20 questions each. Based on the content testing question bank, standard operating procedures should be established to identify all 31 security risks.

Assessing Question Rejection

A rejection question bank should be established to prevent AI models from providing harmful or inappropriate responses. This question bank should contain no fewer than 500 questions and be representative, covering the 17 security risks in Appendices A.1 and A.2, with each risk having no fewer than 20 associated questions. In contrast, a non-rejection question bank should also be created with no fewer than 500 questions. These questions should represent various aspects of Chinese culture, beliefs, personal attributes, and more, ensuring that AI models provide suitable responses for various contexts and user profiles.

During a security assessment, at least 300 test questions from the rejection bank should exhibit a rejection rate of 95% or higher. In the case of non-rejection, no more than 5% of test questions from the non-rejection bank should be rejected.

Conclusion

This article outlines the basic security requirements for GAI services under the Draft Requirements. These requirements encompass language data security, model security, security measures, and security assessments. They apply to GAI service providers aimed at the public in China.

Overall, the Draft Requirements seek to strike a balance between harnessing the potential of GAI and ensuring that it operates safely and effectively, with due consideration to the diverse needs and contexts of users and the broader Chinese public.

When the Draft Requirements are finalised, they will help GAI service providers maintain a higher level of legal compliance, safety, and reliability. Given that GAI services are a relatively new phenomenon, this is a positive development for service providers because it clarifies what is generally expected of them. Additionally, the Draft Requirements may serve as a useful reference for the Courts and relevant regulatory authorities in assessing the security of GAI services and other related matters.


[1] News report: https://m.thepaper.cn/newsDetail_forward_24432246

[2] See Case 3:23-cv-03440-LB; Case 3:23-cv-03199; Case 1:23-cv-00135-UNA; Case 3:23-cv-00201.


[1]The Draft Requirements can be accessed in full at: https://www.tc260.org.cn/front/postDetail.html?id=20231011143225

[2]News report: https://m.thepaper.cn/newsDetail_forward_24432246.

[3] News report: https://m.thepaper.cn/newsDetail_forward_24432246

[4] See Case 3:23-cv-03440-LB; Case 3:23-cv-03199; Case 1:23-cv-00135-UNA; Case 3:23-cv-00201.

On 28 September 2023, the Cyberspace Administration of China (“CAC“) issued the Regulations for Standardising and Promoting Cross-Border Data Flows (Draft for Comments) (“Draft Regulations”) to solicit public comments. The Draft Regulations appear to overturn some of the CAC’s previous requirements in relation to cross-border data transfers.

Background

Legal mechanisms under the PIPL

Under Article 38 of the Personal Information Protection Law (“PIPL“) issued in 2021, companies intending to export personal information to overseas recipients are required to go through one of the following legal mechanisms (“Legal Mechanisms“):

1. going through the security assessment organised by the CAC (“Security Assessment“);

2. signing the Standard Contract issued by the CAC with the overseas recipient (“Standard Contract”);

3. seeking personal information protection certification from a professional institute recognised by the CAC (“Certification“); or

4. meeting other conditions prescribed by law, administrative regulations, or the national cyberspace authority.

CAC regulations

The CAC has issued several regulations detailing the requirements for implementing the Legal Mechanisms, including:

Legal MechanismCAC Regulations
Security AssessmentMeasures for the Security Assessment of Outbound Data Transfers
 
Standard ContractMeasures for the Standard Contract for Outbound Cross-Border Transfer of Personal Information
  
Certification  Announcement on the Implementation of Personal Information Protection Certification

It is also worth noting that Item 4 of Article 38 of the PIPL grants the CAC the power to create new or supplemental rules for cross-border transfers of personal information. However, before the Draft Regulations, the CAC had never issued any rules that deviated from the three Legal Mechanisms.

Implementation of the Legal Mechanisms

Onerous compliance obligations under the Legal Mechanisms

The CAC has gradually promulgated regulations to implement the Legal Mechanisms for the Security Assessment, Standard Contract and Certification since late 2022. Companies that fall within the scope of the Legal Mechanisms have been trying to comply with them ever since. However, the compliance obligations under the Legal Mechanisms are onerous and require a significant amount of time and effort to complete tasks such as:

  • data mapping;
  • improvements to data protection and information security policies;
  • conducting assessments based on complicated parameters prescribed by the CAC and drafting long assessment reports;
  • seeking separate consent from individuals whose information is transferred out of China; and
  • assessing the local laws and policies of the countries to which the data will be exported.

It is also worth noting that the Security Assessment and Standard Contract both involve making filings with the CAC, and some companies’ data export practices have been challenged by the CAC during the filing process.

Concerns of companies and the CAC’s response

In light of the onerous compliance obligations associated with implementing the Legal Mechanisms, some multinational companies expressed their concerns to the CAC, and the CAC appears to be responsive to these concerns. For example:

  • In July 2023, the State Council issued the Opinions on Further Optimising the Environment for Foreign Investment and Increasing Efforts to Attract Foreign Investment (“Opinions“), which calls for the government to “explore a streamlined security management mechanism for cross-border data flows”, “establish green channels for qualified foreign-invested enterprises, efficiently conduct security assessments for the outbound transfer of important data and personal information”, and “promote safe and orderly flows of data”. The Opinions also encourage regions such as Beijing, Tianjin, Shanghai, and the Guangdong-Hong Kong-Macau Greater Bay Area to create, on a pilot basis, “lists of some ordinary data that is allowed to flow freely”.
  • In August 2023, the CAC is reported to have contacted and met with representatives from dozens of multinational companies to ease their concerns about the cross-border data transfer regime. For more information, see https://techmonitor.ai/technology/china-on-charm-offensive-with-western-businesses-over-new-data-laws.

The Draft Regulations

As a follow-up action to the government’s initiative to relax the requirements for cross-border data transfers, the CAC appears to be considering exercising its power under Article 38 of the PIPL to create some exceptions to the existing Legal Mechanisms to facilitate cross-border data transfers.

Essentially, the Draft Regulations propose exempting companies from complying with ALL three Legal Mechanisms under Article 38 of the PIPL if their data export scenarios fall under any of the following conditions:

  • the personal information to be exported is not collected or generated within China;
  • the export of personal information is necessary for the conclusion or performance of a contract to which the individual is a contracting party, such as personal information exports required for cross-border shopping, international remittances, flight and hotel reservations, visa processing, etc.;
  • the export of employees’ personal information is necessary for carrying out human resources management under an employment policy legally established or a collective contract legally concluded;
  • the export of personal information is necessary to protect the life, health, and property safety of natural persons in the case of an emergency;
  • a company intends to export the personal information of less than 10,000 individuals within a year.

The Draft Regulations also propose raising the data transfer volume thresholds for triggering a Security Assessment (a more onerous Legal Mechanism) and allowing data exporters making lower volume transfers of data to rely on the Standard Contract or Certification (two relatively less onerous Legal Mechanisms):

Data transfer volume thresholdsSecurity Assessment required?Is a Standard Contract or Certification required?
Exporting the personal information of over 10,000 but less than 1,000,000 individuals within a year.NoYes
   
Exporting the personal information of over 1,000,000 individualsYesNo
   

Implications

The Draft Regulations appear more friendly to multinational companies than previous regulations. They would, once formalised, significantly reduce their compliance obligations. However, the sudden release of the Draft Regulations has raised a number of questions, which we attempt to answer below.

When will the Draft Regulations take effect?

It is unclear when the Draft Regulations will take effect. However, the CAC may want to formalise them soon because:

  • The CAC only provided 18 days (28 September – 15 October, most of which was a national public holiday) to solicit public comment, indicating its determination to formalise the Draft Regulations promptly.
  • The statutory deadline for filing the Standard Contract will end on 30 November 2023. If the Draft Regulations are not formalised soon, companies may devote time and resources towards meeting this deadline to file signed Standard Contracts with the CAC, and the CAC would then face the burden of processing these filings. Therefore, the CAC may want to formalise the Draft Regulations sooner rather than later and, in any event, before 30 November 2023.

Can companies rely on the Draft Regulations to stop work in relation to the Legal Mechanisms now?

No, because:

  • Until a formal version of the Draft Regulations is released, they should not be treated as an effective regulation to be relied on.
  • There is a possibility that the Draft Regulations may not be formalised by 30 November 2023. In that case, companies that need to adopt the Standard Contract would still be bound by the CAC’s existing regulations, which require them to file the signed Standard Contract with their local CAC by 30 November 2023.
  • The exemptions under the Draft Regulations are broad, and how they would interact with conflicting triggers under the CAC’s previous regulations is unclear. We expect more clarification in the final version of the Draft Regulations.
  • The radical changes proposed by the Draft Regulations are unusual. It is possible the CAC may want to take a step back in the formal version. For example, instead of exempting qualified companies from all Legal Mechanisms, the CAC may still want these companies to take some less onerous compliance measures (e.g., signing the Standard Contract but not filing with the CAC) to ensure data security.
  • The Draft Regulations do not propose changing the fundamental data compliance requirements of the PIPL. Therefore, even if companies may not need to go through any of the Legal Mechanisms, they would still be obliged to take actions to comply with the PIPL, including:
    • Setting up a data protection compliance framework (Article 51 of the PIPL);
      • developing an internal management system and operating procedures;
      • managing personal information based on classification;
      • taking appropriate technical security measures such as encryption and de-identification;
      • reasonably determining authorisations to operate the processing of personal information and conducting security education and training for employees regularly;
      • developing and organising the implementation of emergency plans for personal information security incidents; and
      • taking any other measure required by law or administrative regulations.
    • Notifying the data subjects of the details of the transfers and obtaining their separate consent where required (Article 39 of the PIPL);
    • Conducting Personal Information Protection Assessments (PIPIA) for cross-border data transfers (Article 55 of the PIPL);
    • Signing data processing agreements with entrusted processors (Article 21 of the PIPL).

The compliance work needed for these Legal Mechanisms significantly overlaps with the above PIPL requirements. As such, the compliance work that companies have started with a view to implementing the Legal Mechanisms will not be wasted.

How companies should react to the Draft Regulations

At this stage, companies are advised to:

  • carry on their compliance work for the Legal Mechanisms as planned;
  • analyse whether certain data export scenarios may fall under the proposed exemptions in the Draft Regulations;
  • monitor the development of the Draft Regulations closely; and
  • seek guidance from their local CAC or wait until the Draft Regulations are formalised to identify whether any further actions are required for filings that have already been submitted.

规范和促进数据跨境流动规定(征求意见稿)
Regulations for Standardising and Promoting Cross-Border Data Flow (Draft for Comments)

为保障国家数据安全,保护个人信息权益,进一步规范和促进数据依法有序自由流动,依据有关法律,对《数据出境安全评估办法》、《个人信息出境标准合同办法》等数据出境规定的施行,作出以下规定。

In order to safeguard national data security, protect the rights and interests of personal information, and further regulate and promote the lawful and orderly free flow of data, the following provisions are made in accordance with relevant laws regarding the implementation of data export regulations such as the Measures for the Security Assessment of Outbound Data Transfers and the Measures for the Standard Contract for Outbound Transfer of Personal Information:

  1. 国际贸易、学术合作、跨国生产制造和市场营销等活动中产生的数据出境,不包含个人信息或者重要数据的,不需要申报数据出境安全评估、订立个人信息出境标准合同、通过个人信息保护认证。

Where a Data Processor exports data (which does not contain personal information or important data) in international trade, academic cooperation, transnational manufacturing, and marketing activities, it is not required to apply for a Security Assessment of Outbound Data Transfers (“Security Assessment“), conclude the Standard Contract for Outbound Transfer of Personal Information (“Standard Contract“), or obtain a personal information protection certification (“Certification“).

  • 未被相关部门、地区告知或者公开发布为重要数据的,数据处理者不需要作为重要数据申报数据出境安全评估。

For data that is not notified to the Data Processor or publicly released by relevant departments or regions as important data, the Data Processor does not need to declare such data as important data for a Security Assessment.

  • 不是在境内收集产生的个人信息向境外提供,不需要申报数据出境安全评估、订立个人信息出境标准合同、通过个人信息保护认证。

Where the outbound personal information is not collected or generated within China, there is no need to apply for a Security Assessment, conclude the Standard Contract, or obtain a Certification.

  • 符合以下情形之一的,不需要申报数据出境安全评估、订立个人信息出境标准合同、通过个人信息保护认证:

In the following cases, there is no need to apply for a Security Assessment, conclude the Standard Contract, or obtain a Certification:

  1. 为订立、履行个人作为一方当事人的合同所必需,如跨境购物、跨境汇款、机票酒店预订、签证办理等,必须向境外提供个人信息的;

Where the export of personal information is necessary for the conclusion or performance of a contract to which the individual is a contracting party, such as cross-border shopping, international remittances, flight and hotel reservations, visa processing, etc.

  • 按照依法制定的劳动规章制度和依法签订的集体合同实施人力资源管理,必须向境外提供内部员工个人信息的;

Where the export of internal employees’ personal information is necessary for carrying out human resources management under an employment policy legally established or a collective contract legally concluded.

  • 紧急情况下为保护自然人的生命健康和财产安全等,必须向境外提供个人信息的。

Where the export of personal information is necessary to protect the life, health, and property safety of natural persons in the case of an emergency.

  • 预计一年内向境外提供不满1万人个人信息的,不需要申报数据出境安全评估、订立个人信息出境标准合同、通过个人信息保护认证。但是,基于个人同意向境外提供个人信息的,应当取得个人信息主体同意。

Where a Data Processor intends to export the personal information of less than 10,000 individuals within a year, it is not required to apply for a Security Assessment, conclude the Standard Contract, or obtain a Certification. However, where a Data Processor exports personal information based on the consent of individuals, it is required to obtain the personal information subjects’ consent.

  • 预计一年内向境外提供1万人以上、不满100万人个人信息,与境外接收方订立个人信息出境标准合同并向省级网信部门备案或者通过个人信息保护认证的,可以不申报数据出境安全评估;向境外提供100万人以上个人信息的,应当申报数据出境安全评估。但是,基于个人同意向境外提供个人信息的,应当取得个人信息主体同意。

For a Data Processor intending to export the personal information of over 10,000 but less than 1,000,000 individuals within a year, if it has concluded the Standard Contract and filed with the provincial-level cyberspace authority, or has obtained a Certification, it is not required to apply for a Security Assessment; For a Data Processor intending to export the personal information of over 1,000,000 individuals, it is required to apply for a Security Assessment. However, where a Data Processor exports personal information based on the consent of individuals, it is required to obtain the personal information subjects’ consent.

  • 自由贸易试验区可自行制定本自贸区需要纳入数据出境安全评估、个人信息出境标准合同、个人信息保护认证管理范围的数据清单(以下简称负面清单),报经省级网络安全和信息化委员会批准后,报国家网信部门备案。

负面清单外数据出境,可以不申报数据出境安全评估、订立个人信息出境标准合同、通过个人信息保护认证。

Free Trade Zones may establish their own lists of data (“Negative Lists“) that shall be managed through the mechanisms of the Security Assessment, the Standard Contract, or the Certification. The Negative Lists shall be approved by the provincial-level cyberspace authority and filed with the national cyberspace authority.

It is not required to apply for the Security Assessment, conclude the Standard Contract, or obtain the Certification to export data that is not on the Negative Lists.

  • 国家机关和关键信息基础设施运营者向境外提供个人信息和重要数据的,依照有关法律、行政法规、部门规章规定执行。

向境外提供涉及党政军和涉密单位敏感信息、敏感个人信息的,依照有关法律、行政法规、部门规章规定执行。

The export of personal information and important data by government agencies and critical information infrastructure operators shall be subject to relevant laws, administrative regulations, and departmental rules.

The export of sensitive data and sensitive personal information that involves the Party, the government, the army, and confidential units shall be subject to relevant laws, administrative regulations, and departmental rules.

  • 数据处理者向境外提供重要数据和个人信息,应当遵守法律、行政法规的规定,履行数据安全保护义务,保障数据出境安全;发生数据出境安全事件或者发现数据出境安全风险增大的,应当采取补救措施,及时向网信部门报告。

Data Processors who export important data and personal information shall comply with the laws and administrative regulations, fulfil data security protection obligations, and ensure the security of data exports. In the event of a data export security incident or an increased risk in data exports, they shall take remedial measures and promptly report to the cyberspace authority.

  1. 各地方网信部门应当加强对数据处理者数据出境活动的指导监督,强化事前事中事后监管,发现数据出境活动存在较大风险或者发生安全事件的,要求数据处理者进行整改消除隐患;对拒不改正或者导致严重后果的,依法责令其停止数据出境活动,保障数据安全。

Local cyberspace authorities shall strengthen their guidance and regulation of data exports by Data Processors, and enhance their supervision before, during and after the data exports. If they discover significant risks in the data export or if a security incident occurs, they shall require the Data Processor to rectify and eliminate the risks. If the Data Processor refuses to rectify or if serious consequences are caused, the Data Processor shall be ordered to stop data exports in accordance with laws in order to ensure data security.

  1. 《数据出境安全评估办法》、《个人信息出境标准合同办法》等相关规定与本规定不一致的,按照本规定执行。

Where the Measures for the Security Assessment of Outbound Data Transfers, Measures for the Standard Contract for Outbound Transfer of Personal Information, or other relevant provisions are inconsistent with these regulations, these regulations shall prevail.

LI Jilong (Anjie Broad Law Firm (Xiamen Office))

LI XianglongChina University of Political Science and Law

In 2010, the Supreme People’s Court of the People’s Republic of China (the “SPC”) issued the Provisions of the Supreme People’s Court on Case Guidance (the “Provisions”). The Provisions are widely considered to establish a unique case guidance system in China, under which courts at all levels should refer to the selected guiding cases when adjudicating the similar issues.

On the last working day of 2022, and “on the eve” of a revised Chinese Arbitration Law, the SPC released its 36th batch of six guiding cases. Unprecedentedly, all of the six guiding cases are related to the judicial review of arbitration cases. This article highlights the backgrounds and key holdings of Guiding Cases 196, 197 and 198 (the first three of the six guiding cases,which focus on several pivotal issues related to the arbitration agreement) and seeks to explain the significance behind these court decisions.

Guiding Case 196: The Doctrine of Separability of Arbitration Agreement.

In Guiding Case 196 (Yunyu Co. Ltd. v. Shenzhen Zhongyuancheng Commercial Investment Holdings Co. Ltd.), the First International Commercial Court of the Supreme People’s Court (the “FICC”) was faced with an arbitration respondent’s application to confirm the non-existence of an arbitration agreement on the ground that the whole contract that contained the arbitration agreement was in the process of negotiation and never signed between the Plaintiff and the Defendant.

The FICC first affirmed its jurisdiction to review this issue. It confirmed that the issue of determining the existence of an arbitration agreement falls within the scope of assessing the validity of an arbitration agreement, which is a cause of action pursuant to Article 20 of Arbitration Law of the People’s Republic of China.

The FICC then carefully examined the parties’ negotiation history, particularly as it relates to the arbitration clause. The judges noted that in the first draft contract (“Draft Contract I”) sent by the Plaintiff, the arbitration clause listed the Beijing Arbitration Commission (“BAC”) as the arbitration institution. However, after receiving Draft Contract I from the Plaintiff, the Defendant replied to the Plaintiff and suggested changing the arbitration institution from BAC to the Shenzhen Court of International Arbitration (“SCIA”). Afterwards, the Plaintiff adopted SCIA as the arbitration institution in the revised draft contract (“Draft Contract II”) and sent the copy back to Defendant. Subsequently, the Defendant had Draft Contract II sealed and delivered back to the Plaintiff. The parties then engaged in further negotiations regarding other clauses in the contract, but the arbitration clause remained unchanged.

Based on the above conduct surrounding the negotiation of the arbitration clause, the judges held that, as far as the arbitration clause was concerned, the Plaintiff’s sending of the Draft Contract II should be regarded as an offer made by the Plaintiff in accordance with the PRC Contract Law and that the Defendant’s subsequent sealing of the Draft Contract II should be regarded as an acceptance of the arbitration clause. As a result, the judges ruled that the arbitration clause had already been concluded at the time the sealed Draft Contract II was delivered to the Plaintiff even though other clauses in the contract did not come into effect because the contract had not been signed.

In sum, Guiding Case 196, which was heard by a panel of five SPC judges, presents an opportunity for the court to meticulously apply the doctrine of separability in determining the status of the arbitration clause where the main contract has arguably not yet been concluded.

It is noteworthy that in DHL Project & Chartering Ltd v Gemini Ocean Shipping Co Ltd [2022] EWCA Civ 1555 the High Court of Justice of England and Wales reached a different conclusion facing a similar issue.  The different conclusions reached by the courts likely primarily stem from the factual differences between the English case and Guiding Case 196. In the English case, it is difficult to trace any substantial negotiations or discussions regarding the arbitration clause that were separate from negotiations of the main contract. In contrast, in Guiding Case 196, because such negotiations were quite distinct, the FICC engaged in a fact-intensive inquiry into whether the parties had a meeting of minds with respect to the arbitration clause. Therefore, it is understandable that the two cases reached opposite conclusions about the existence of the arbitration clause where the main contract was not concluded.

Guiding Case 197: Challenging the Arbitration Agreement in “the First Hearing at the Arbitration Tribunal

The issue in Guiding Case 197 (Shenzhen Shizhenggongying Investment Holdings Co. Ltd v. Shenzhen Municipal Transport Bureau) relates to Article 20(2) of the Arbitration Law of the PRC, which provides that “[a] doubt as to the effectiveness of the arbitration agreement, should be raised before the first hearing at the arbitration tribunal.”

In Guiding Case 197, the arbitration claimant did not raise any jurisdictional challenge—either before the arbitration tribunal or in the court—before the first hearing in the arbitration proceeding. After the arbitral award was issued, Claimant resisted enforcement in Shenzhen Intermediate People’s Court (“Shenzhen Intermediate Court”). The Shenzhen Intermediate Court neither refused to enforce the award nor dismissed Claimant’s application; instead, the court found it appropriate for the arbitration tribunal to make a new award and remanded the award in whole for re-arbitration according to Article 61 of the Arbitration Law of the PRC.

In the re-arbitration, Claimant, for the first time, raised a new challenge over the validity of the arbitration agreement in the Shenzhen Intermediate Court. The challenge was dismissed by the Shenzhen Intermediate Court, which dismissal was affirmed by the Shenzhen High Court. The Shenzhen High Court held that even though the underlying case went to re-arbitration, insofar as the two arbitrations relate to the same dispute, the Claimant remained bound by its conduct during the first arbitration. Claimant’s failure to challenge jurisdiction in the first arbitration thus constitutes a waiver of its right to challenge under Article 20(2) of the Arbitration Law; and the Claimant cannot have a second bite at the cherry in the re-arbitration process. The Shenzhen High Court opinion was selected as Guiding Case 197.

The Shenzhen High Court’s opinion was also in line with ensuring the efficiency of the arbitration process. If parties facing the same dispute, without newly discovered material evidence or facts, were to be entitled to challenge the validity of the arbitration agreement, it may cause undue delay in the arbitration process, and may also run afoul of the principle of res judicata. This case serves as a reminder for the parties to proactively exercise their legal rights as failure to do so may constitute a waiver even in a re-arbitration proceeding.

Guiding Case 198: Privity of the Arbitration Agreement in Construction Arbitration

Guiding Case 198 (Industrial and Commercial Bank of China Limited, Yueyang Branch v. Liu Youliang) concerns the privity of the arbitration agreement in the context of arbitration of construction work disputes. Relevant parties involved in a construction arbitration generally include the employer, the contractor, and the subcontractor(s) (or actual constructor(s)).The contractor typically signs contracts with the employer and the subcontractor(s) respectively. As such, there is generally no contractual privity between the employer and the sub-contractor(s).

In 2004, in order to protect the legitimate interests of the subcontractors (mostly migrant workers), specifically with regard to their wages, the SPC issued The Interpretation of the Supreme People’s Court on Issues Concerning the Application of Law for the Trial of Cases of Dispute over Contracts on Undertaking Construction Projects (the “2004 Interpretation”). Article 26 of the 2004 Interpretation grants the subcontractor the right to break the contract privity and to directly file a lawsuit against the employer when the employer failed to make payment of construction project costs owed to the contractor.Though controversial, this particular provision was never abrogated and remains included in the latest SPC Interpretation issued in 2020 as Article 43.

A thorny issue raised by this provision is whether the employer may rightfully contend—as many do—that the subcontractor is subject to any arbitration clause established between the employer and the contractor, as the subcontractor has in effect, substituted the contractor’s rights. Prior to the issuance of Guiding Case 198, Chinese courts were divided on this issue. In Zhongjiao Second Highway Engineering Co. Ltd v. Fu Yang[①] and Qinghai Senkeyanhua IndustryCo. Ltd v. Xiong Daohan, Chongqing Jianan Constrcution Co. Ltd[②] the SPC opined that the right granted to a subcontractor under Article 26 of the 2004 Interpretation should be defined as a subrogation right under civil law; and that a subcontractor is accordingly bound by any arbitration clause that was originally agreed upon between the contractor and the employer. However in RongSheng(BengBu) Properties Co. Ltd v. HeFei Huaxing Construction Installation Co. Ltd[③] and Cheng Jingnan v. Nantonghaizhou Construction, Nantong Branch Co. Ltd[④] the SPC and the Anhui High Court held that, insofar as Article 26 of the 2004 Interpretation is a special arrangement designed to address the issue of outstanding wages for migrant workers in a particular era and social context, the assertion of rights by the subcontractor against the employer should not be interpreted as a succession of the contractor’s rights and that, accordingly, the subcontractor should not be bound by the arbitration clause between the contractor and the employer.

Guiding Case 198 adopts the latter view. Yueyang Intermediate People’s Court, in the opinion that was selected as Guiding Case 198, expressly held that there was no “succession” of the contractual arbitration clause from the contractor to the subcontractor. Article 26 of the 2004 Interpretation only grants the subcontractor a sui generis right to initiate a lawsuit against the employer but does not serve as a legal basis to extend the scope or effect of the arbitration clause between the employer and the contractor to the subcontractor.

This author is of the view that Guiding Case 198 does not firmly shut the door to a contention that the subcontractor could, in certain circumstances, be bound by an arbitration agreement between the employer and the contractor. For example, in circumstances where the subcontractor has taken on the de facto role of the contractor and has performed the contractor’s duties and obligations during the construction process, or where the contractor-subcontractor contract clearly stipulates that its performance shall be subject to the employer-contractor contract, and the subcontractor is aware of the existence of the arbitration clause in the employer-contractor contract, then the subcontractor may arguably rely on or be bound by the arbitration clause. Such circumstances should still be diligently examined on a case-by-case basis.

These three guiding cases shed light on Chinese courts’ instance on three significant while controversial issues related to arbitration agreement. Meanwhile, with the substantial revision of the Chinese Arbitration Law, the future arbitration practice in this regime is worth expecting.

Note: The views expressed in the article are the authors’ own and do not represent the views of others.


[①] 最⾼⼈民法院(2013)民提字第148号

[②] 最⾼⼈民法院(2015)民⼀终字第170号

[③] 最高人民法院(2014)民申字第1575号

[④] 安徽省高级人民法院(2020)皖民终1334号