Blog: Concerns About China’s New Anti-Espionage Law and Recent Cases Targeting MNCs

By Craig Allen

On April 26, the Standing Committee of the National People’s Congress adopted a revision of China’s Anti-Espionage Law (EN/CN) effective July 1. These changes, coupled with reports of investigations and enforcement actions against a growing number of multinational corporations and their employees in China, have raised legitimate concerns about conducting certain routine business activities, which now risk being considered espionage under the guise of being a threat to China’s national security.

The changes to the law are having a chilling effect on business sentiment, and confidence in China’s market will suffer further if the law is applied frequently and without a clear, narrow and direct link to activities universally recognized as espionage. The revised law and recent cases indicate China’s heightened concern about multinational companies’ access to and use of data and information. As written, the law may be interpreted and enforced with an expansive view concerning the types of due diligence and similar customary business activities deemed illegal in China. 

USCBC is concerned about the increased volatility and risk this poses to our members and is closely watching these developments. We will continue to advocate on behalf of US businesses for a predictable and safe environment in China. 

Potential business impacts of key provisions:

  • Definition of espionage could include routine activities: Article 4 expands the definition of espionage to include overly broad descriptions of activities such as “illegally providing documents, data, materials, or other items related to national security and national interests.” The law offers no clarification on what activities constitute “illegally providing,” nor does it specify what types of data, documents, and materials are related to “national security,” which China elsewhere defines very broadly. Unclear language could mean that enforcement will be discretionary. Topics of conversation and research undertaken during the normal course of business activities, such as discussions on trade secrets, data sharing, market research, hiring procedures, and market intelligence gathering, could conceivably fall within the law’s broad scope.
  • Compliance may require closer collaboration between enterprises and state security organs: Article 12 of the law holds enterprises responsible for efforts to safeguard intelligence under the management of local regulators and the security apparatus. Taken together with Article 4, this means that security officials are now potentially able to check the computers and servers of all enterprises, including foreign-invested enterprises, for a broad range of security reasons. Refusal to cooperate in data collection activities covered by the law is punishable under the Data Security Law, which carries extremely high financial penalties on companies and their employees, as well as potential criminal and administrative liabilities. 
  • Emphasis on individual responsibility increases risk for organizations and people who interact with foreign firms: Articles 7 and 8 provide that all PRC citizens, enterprises, and organizations have an obligation to preserve national security, assist in anti-espionage efforts, and protect state secrets. Article 33 separately gives the state security apparatus broad remit to issue exit bans to PRC citizens whose exit from the country would be detrimental to China’s national interest, as well as of all persons regardless of citizenship implicated in espionage activities. Given the uncertainty concerning the scope of information regarded as impacting national security, these provisions will have a chilling effect upon both domestic and foreign companies, organizations and individuals as they engage in routine information gathering and sharing activities. The law may also thwart talent acquisition and retention in China—as from a legal perspective, it is becoming riskier for Chinese nationals to work for foreign firms in China.

Heightened risk for multinational companies

China seems intent on limiting the type of information foreign firms—particularly consulting and due diligence firms—can gather or have access to. It is worth noting that due diligence firms are often engaged in compliance work related to forced labor in supply chains and export controls—areas that are strategic flashpoints in the bilateral relationship that may risk direct legal exposure under the Anti-Espionage Law. Law and auditing firms may also face heightened risk as China seeks to restrict and control information gathering. Highly publicized investigations of US firms have shaken the confidence of businesses that rely on the due diligence sector to comply with US law. 

In recent months, President Xi Jinping has noted the need to balance economic growth and security, but the newly revised Anti-Espionage Law and recent enforcement actions against foreign companies suggest that the conditions required for growth are not receiving full consideration. Continued actions against multinational companies will erode business sentiment, impairing direct investment and other commercial activities that contribute to China’s growth. It remains to be seen how China will interpret and enforce the new law, but recent developments indicate increased business risks for multinational companies in China.

Finding a path forward

We are in an intense period of diplomacy leading toward the November Asia-Pacific Economic Cooperation (APEC) forum. A successful APEC hinges upon productive bilateral engagement between the two countries in the lead-up to November.  USCBC is concerned that continued enforcement actions under the revised Anti-Espionage Law may impair the much-needed productive engagement between the world’s two largest economies. A safe and predictable business environment in China will ultimately support the growth of both countries and the hard work of American and Chinese people.