User Name:     Password:        Join Us
  • 1
  • 2
  • 3
  • 4
  • 5
▪ China’s Market Regulator Reined in Internet Commercial Ads
▪ Stricter than the GDPR, China’s Privacy Law Provides Prohibitive and Control Oblig
▪ China kicked off the 1st national security review on DiDi
▪ Non-prosecution for compliance under ISO 37301 - Dentons lawyers take the world’s
▪ China’s Data Security Law is anything but frightening
▪ Alibaba fined USD 2.68 billion for abusing dominant market position in China
▪ China’s new “Blocking Statute” and the concerns it raised
▪ Survey result: how is bribery risk managed in China?
▪ China’s Administrative Punishment Law Awards Meaningful Credits for Compliance Eff
▪ Salon | How Would the Sanction on Pompeo and Blocking Measures Impact Foreign Comp
▪ Fees to speakers: academic exchange or commercial bribery
▪ China’s Personal Information Protection Law (2)
▪ China’s Personal Information Protection Law (1)
▪ Reading Into China’s Export Control Law
▪ English Translation of Export Control Law of China
▪ China Issued Its List of Unreliable Entities
▪ Demystify Corporate Social Credit System in China
▪ China is deploying “Operation Skynet” to further “Fox Hunt”
▪ China is to award whistleblowers heavily – foreign companies are more vulnerable t
▪ 130 Chinese headhunters arrested, involving breach of 200 million personal info
▪ Corporate Compliance Programs Evaluation Issued by US DOJ (Chinese Translation)
▪ The prospect is promising to commercialize Level-3 autonomous driving in China
▪ Intelligent and digital infrastructures are scheduled to accompany automatic vehic
▪ Will China illegalize VIEs?
▪ You cannot miss the gold rush under China's new Foreign Investment Law
▪ Classified Protection Under China's Cyber Security Law
▪ China is to fast-track law-making in autonomous driving
▪ What compliance obligations to meet to transfer data from within China?
▪ Chinese government uses digital forensics technology to dig bribery evidence
▪ A Chinese medical device distributor fined CNY 50,000 for bribing with Moutai
▪ How would Chinese E-commerce Law affect you (1)?
▪ Conflict between the culture and the Party’s rules: $70 gift money got a director
▪ "Excessive Pricing" from perspective of Competition Law
▪ Does China prohibit cross-border transfer of scientific data?
▪ Hypermarket Caesar jailed for ten years for giving “reward for go-between”
▪ How is environmental protection tax collected in China?
▪ China Redefined Bribery Anticompetitive in Nature
▪ China is to amend its Constitution
▪ Chinese government vowed to crack down on bribe givers more harshly
▪ China has its own Dodd-Frank; the award for whistleblower could be US$ 80K
▪ Chinese government may LIUZHI a suspect of wrongdoing
▪ Cooking clinical trial data is rampant and now criminally punishable in China
▪ 5th Viadrina Compliance Congress
▪ Does a compliance bird eat nothing?
▪ How Are Drugs Being Sold in China Despite the Anti-Corruption Crusading
▪ Chinese whistle-blower lauded while French boss fled out of China
▪ Life Sentence for Deputy Chief Justice of China
▪ Why Is Chinese Anti-bribery Law a Very Important Compliance Obligation?
▪ The Report on Corporate Compliance Management in China (2016)
▪ Use of "predictive coding" in eDiscovery document review…best friend or job replac
Home > CyberSecurity
DiDi incident has turned into a movement
By Henry Chen & Warren Geng | 2021/7/5 18:12:25

Hours after an action against ride-hailing giant DiDi Chuxing, the Cyberspace Administration of China (CAC) launched new cybersecurity reviews of three more online services on Monday,  including newly-listed truck-hailing service providers (Yunmanman and Huochebang) and an online recruitment app (Boss Zhipin).  The stated purpose is to prevent data security risks and to protect national security.  Again, during the cybersecurity review, these companies are not allowed to register new users.  Data security is a big focus for the Chinese government in a broader attempt to regulate the technology sector which has grown largely unchecked over the years.  In June, China passed a new Data Security Law that lays out how companies collect, store and use data.  On the other hand, it is also focusing on antitrust and financial technology regulation. In April, e-commerce giant, Alibaba was slapped with a $2.8 billion fine in a antitrust probe and a food delivery firm Meituan is at the moment being investigated for the same reason.

The Measures for Cybersecurity Review was promulgated on April 27 last year by CAC.  The Measures, consisting of 22 articles, were promulgated under the authority of the National Security Law and the Cyber Security Law to implement Articles 35 and 59 of the latter statute which established a cybersecurity review requirement on network products and services procured by operators of critical information infrastructure (“CII”) which bears upon national security.  The Measures require that CII operators conduct an assessment of potential national security risk exposure prior to procurement of network products or services.  If it is determined based on such assessment that the products or services to be procured present potential national security concerns, the CII operator must apply to CAC’s Cybersecurity Examination Office (CEO) for a cybersecurity review.  Because of this, the Measures impose an obligation on CII operators to apply for a cybersecurity review when they intend to procure network products and services which present or may present a national security concern (Article 2).  The term “may present” is not subject to a reasonableness qualifier which increases the likelihood that the scope of application of the Measures will be broadly construed.

The above incidents that took place during the course of these couple of days have proved that Cybersecurity Law and laws on national security, which provide prohibitive compliance obligations, do have teeth that can bite enterprises real hard.  All of this suggest to us that a pre-prepared compliance plan on data safety needs to be in place so as to avoid heavy disruption in business operation.  What is important is that significant compliance foresight is required of these enterprises in dealing with China’s data regulators.  The compliance climate is unlike before and a great deal of thought should be put into such a plan.


The author, Henry Chen, licensed to practice law in China and New York, is a senior partner at the Dentons office in Shanghai. Before joining Dentons, Henry was AP Compliance Director of Ford.  Henry Chen is also Certified Information Security Personnel (CISP) and Critical Information Infrastructure Personnel (CIIP).

Henry Chen is a drafter of China national standard (draft) Information security technology-Cyber-data process security specification  (信息安全技术 网络数据处理安全规范).

Henry's practice areas include cyber security and data governance, FCPA, anti-bribery and fraud investigations, economic sanctions and trade controls, compliance management systems, corporate matters and dispute resolution. You can reach Henry by sending an email to Henry is the author of the book Risk Management on Commercial Bribery in China and the book Compliance Risks of Enterprises in Globalization: Outbreak and Control.

Warren Geng is the executive editor of The Compliance Reviews.

Tweet Like Email LinkedIn
There are no comments for this journal entry. To create a new comment, use the form below.
    Enter your information below to add a new comment.
Email:    (optional)
URL:    (optional)
  Comment Moderation Enabled
Your comment will not appear until it has been cleared by a website editor.
The Compliance Reviews COPYRIGHT © 2013-19 All Rights Reserved. Supported by International Risk and Compliance Association and International Risk and Compliance Institute Limited. 沪ICP备10034943号-8