On December 27, 2015, the Standing Committee of the National People’s Congress, China’s national legislative body, passed the Counter-Terrorism Law of China, which entered into force on January 1, 2016. Although the law’s precise breadth and scope are yet to be determined, the law has important implications for companies deploying encryption technology as part of their cybersecurity programs.
As an initial matter, the Counter-Terrorism Law applies to telecommunications operators and internet service providers in China, but may very well be construed much more broadly. Specifically, the concept of an internet service provider is not clearly defined under Chinese law, and could refer to any business that provides services via the internet in China. This would sweep in the majority of global, including U.S.-based, technology companies with equipment, offices, employees and/or customers present in the Chinese marketplace.