Passed in December 2016, the new law will place a host of fresh compliance burdens upon all multinational companies with operations in China – among them, heftier data localisation requirements and an expanded definition of the ‘critical information infrastructure operators’, or CIIOs, that will face more intense regulatory scrutiny. However, despite its far-reaching potential impact on multinationals in China, a recent survey from Consilio revealed that hardly any professionals in legal tech have prepared for the new legislation – or even heard of it.

Knowledge and concern both lacking

Of the 118 legal tech professionals included in Consilio’s recent survey at Legaltech New York, an overwhelming 75 per cent conceded that they were not familiar with China’s new cybersecurity laws. A mere 2 per cent said that they were ‘very familiar’ with the impending legal shift, and only 14 per cent of respondents described the new laws as a major concern. These tepid levels of knowledge and interest among Consilio’s respondents came in spite of the fact that 57 per cent of those surveyed reporting that they had at least one legal matter in China over the last 12 months.

State secrets provision

Broadening the requirement for multinationals with operations in China to localise their data on the mainland could in turn increase foreign companies’ reliance on data management and storage providers based in China, Consilio China managing director Dan Whitaker told Corporate Counsel. And the stakes are high for companies which to comply with the new laws: ‘Public surveillance, imprisonment and the death penalty are all listed as possibilities for violating the state secrets provision of the Cybersecurity Law,’ Mr Whitaker said, noting that in the past ‘documents as innocuous as a list of customers, a pricing spreadsheet, or even a weather report have been deemed state secrets.