China’s Cyber Security Law – technical implications

China’s top legislature adopted the country’s Cyber Security Law on Nov 7th 2016. After a third reading by the Standing Committee of the National People’s Congress, the law took effect on June 1st 2017. In addition to defining a wide scope of critical infrastructure, it lays the foundations for enforcing penalties on overseas organisations and individuals who attack, breach or insufficiently protect critical infrastructure and/or personal data. Reto Haeni, Leader Cybersecurity & Privacy at PwC Switzerland, explains what companies should consider as the topic has more impact than usually discussed.

China’s new Cyber Security Law focuses to a greater degree on several key topics: keeping personal information secure, combating cybercrime, ensuring network products and services are secure, clarifying the obligations network operators face and addressing sovereignty issues in cyberspace. There are two main aspects to responding to the law, and the second is often overlooked. First, companies operating in China must implement the law’s requirements if they want to remain compliant. Second, organisations with information or systems not located in China must also review their technology architecture, data protection efforts and business processes if they want to minimise the potential risks stemming from the new law.


China’s Cyber Security Law is the next step in the country’s wider effort to tighten rules and regulations governing information security and data privacy. Regulations have previously existed, for example the Administrative Measures for Prevention and Treatment of Computer Viruses and the Administrative Measures for Hierarchical Protection of Information Security. The new law enforces the rights and obligations the government, network operators and users all have in the area of cyber security and data protection. While the law has already come into effect, its concrete implementation is not yet known and a fair amount of interpretation is still needed to apply the law in practice to operations in China. Complying with the law entails several new challenges for both government and business, such as ensuring appropriate network operations, identifying security risks and encouraging network innovation. Each of these steps must be addressed if the rights of all stakeholders are to be protected.

Download full article


Reto Haeni
Partner and Leader Cybersecurity and Privacy
+41 58 792 75 12

Prospects for Future Economic Cooperation between China and Belt & Road Countries

The Belt and Road Forum for International Cooperation (BRF) was held in Beijing from 14 to 15 May 2017. According to China’s Ministry of Foreign Affairs, 29 heads of states and governments attended the highest level of international conference held by China since the major initiative was put forward by President Xi Jinping in 2013. Economic cooperation is expected to be the top priority of this forum. So which areas are likely to achieve breakthroughs?

In our latest PwC analysis on the B&R initiative, Prospects for Future Economic Cooperation between China and Belt and Road Countries, we look at how the B&R initiative is reshaping the future economic cooperation between China and B&R countries.

Here are the major future prospects for economic collaboration between China and B&R countries:

  • Signing free trade agreements may be the most effective way for China to expand its trade with B&R countries
  • Opening up stock and bond markets for B&R countries will provide more investment opportunities for Chinese business
  • Promoting RMB internationalisation in major B&R economies rather than in the developed countries is more likely to be successful
  • Domestic preferential policy support will be critical in encouraging Chinese companies to invest more in the B&R countries

Read Attachment