CHINA

China Releases Guidelines on the Application of Security Assessment on Cross-Border Data Transfer

On 31 August 2022, the Cyberspace Administration of China ("CAC") issued the first edition of the Guidelines on the Application of Security Assessment on Cross-border Data Transfer ("Guidelines") (数据出境安全评估申报指南(第一版)) to clarify how organisations in China can apply to CAC for a security assessment for cross-border data transfer. The Guidelines, which are intended to be guidance for the Measures for Security Assessment of Cross-border Data Transfer ("Measures") (数据出境安全评估办法), were released one day before the Measures took effect on 1 September 2022.

The Guidelines repeats the circumstances where a mandatory CAC-led security assessment is required under the Measures: (i) transfers of important data out of China; (ii) transfers of personal information out of China by critical information infrastructure operators or data processing entities that process personal information of over one million individuals; (iii) transfers of personal information out of China since 1 January 2021, that consist of personal information of more than 100,000 individuals, or sensitive personal information of more than 10,000 individuals; or (iv) other circumstances as may be specified by CAC.

Schedule 1 of the Guidelines provides a list of the required application documents, including but not limited to (i) an application form (a  template of which is set out in Schedule 3 of the Guidelines), (ii) a self-assessment report on cross-border data transfer risks (a template of which is set out in Schedule 4 of the Guidelines), and (iii) a copy of cross-border data transfer agreements to be co-signed by the data recipient(s) outside of China. The self-assessment shall be completed within three months prior to the submission of the application. There should not be any material changes occurring between the completion of the self-assessment and the submission of the application. Otherwise, a fresh new self-assessment may be required to be conducted.

Back to Top Print

NDRC's New Regulations on Foreign Debt

On 26 August 2022, the PRC National Development and Reform Commission ("NDRC") issued the Administrative Measures for the Review and Registration of Mid- to Long-Term Foreign Debt of Enterprises (Draft for Comments) (企业中长期外债审核登记管理方法(征求意见稿)) ("Draft Measures").

The Draft Measures expressly provide that they will apply to the issuance of offshore bonds by an enterprise operating in Mainland China, in the name of an enterprise registered outside China, based on the equity, assets, income or other similar rights and interests of the domestic enterprise. This is generally in line with the previous notices and interpretation issued by NDRC.

Compared to the current foreign debt filing and registration system, the Draft Measures bring about certain major changes, including the following:

1. The current "filing" system is changed to a "review" system, implying that a more substantive review may take place to tighten the scrutiny of foreign debt, and a prior approval may be required for mid- to long-term foreign debt (which refers to foreign debt with a term of more than one year (exclusive)).
2. The time limit for NDRC’s review of a foreign debt application and issuance of a foreign debt approval registration certificate is extended from seven business days to three months from the acceptance of the application. Enterprises can only commence foreign exchange registration, account opening and withdrawal of fund procedures after obtaining the foreign debt approval registration certificate.
3. The Draft Measures expressly provide a list of prohibited uses of foreign debt funds (negative list), such as using the same to (i) increase the hidden debt of local governments, (ii) make up for losses or speculation, and (iii) lend to any third party (except banking institutions).

The Draft Measures show NDRC's stricter stance on the review and registration of foreign debt of enterprises. Once the Draft Measures are promulgated, Chinese foreign debt issuers must allocate more time to prepare for bond issuance deals.

Back to Top Print

China Publishes Revised Provisions on the Administration of Information Services for Mobile Internet Applications

On 1 August 2022, the revised Provisions on the Administration of Information Services for Mobile Internet Applications ("Revised Provisions"), which was issued by the Cyberspace Administration of China on 14 June 2022, came into force. The Revised Provisions were issued in response to the recent legislation on relevant data protection laws which aim to establish a data governance system in China by strengthening the supervision of application providers and application distribution platforms.

The Revised Provisions substantially amended the original ones ("Original Provisions"), increasing the provisions from 11 to 27 articles and clarifying the requirements in relation to the provision of application information services and application distribution services in the People's Republic of China ("PRC").

Clause 2 of the Revised Provisions provides for a more comprehensive definition of application information services and application distribution services. They now include almost all types of services that may be provided based on the application and new types of platforms (such as quick Apps centers, Internet applet platforms, and browser plug-in platforms) to distribute such applications.

Clauses 6 through 16 outline the requirements for application providers, which include, among others, (i) verifying user identity information; (ii) obtaining an Internet news and information services license or other administrative licenses for information services; and (iii) establishing a mechanism for examining the content of the information. In particular, the Revised Provisions stipulate the obligations in relation to cyber security, data security and personal information protection, emphasising the necessity for personal information collection and the fact that users shall not be denied the use of the basic function services of certain applications merely on account of their refusal to provide unnecessary personal information. These requirements are in line with the Cybersecurity Law and Personal Information Protection Law of the PRC.

Clauses 17 through 21 set out the requirements for application distribution platforms, which include, among others, (i) filing the required information with the local network information administration authority within 30 days from the time the platform has become operational; and (ii) establishing classification management systems. Clauses 17 through 21 also prescribe the management obligations of application distribution platforms in relation to application providers. If the applications violate the Revised Provisions, relevant laws and regulations, and service agreements, the application distribution platform shall take such measures as giving warnings, suspension of services, removal of the application from the platform, etc. It shall also keep relevant records and report the breach to competent authorities.

Back to Top Print

PRC Ministry of Justice Provides Clarification on Legal Assistance in International Civil and Commercial Cases

On 24 June 2022, the Ministry of Justice of the People's Republic of China ("PRC Ministry of Justice") published an article in Question & Answer format in respect of legal assistance in international civil and commercial cases ("Q&A"). In this Q&A, the PRC Ministry of Justice expressly states, among other things, that a judicial administration (including a court) or an individual in a foreign jurisdiction cannot directly enquire a witness who is located within the territory of PRC, either by phone call, virtual meeting or using any other technology. Instead, the judicial administration has to apply for legal assistance in accordance with the PRC Civil Procedure Law.

Based on the Q&A, there are only two ways to question such a witness: (i) a member country to the Convention on the Taking of Evidence Abroad in Civil or Commercial Matters ("Hague Evidence Convention") may request the PRC Ministry of Justice to provide legal assistance in accordance with the Convention; or (ii) a non-member country may request assistance through the diplomatic channel.

In this regard, the PRC Ministry of Justice makes it clear in the Q&A that a witness within the territory of PRC is prohibited from attending the hearing of a foreign litigation, whether voluntarily or through a subpoena issued by the foreign judicial administration. 

The PRC Ministry of Justice also highlights that due to the security requirements for cross-border data transfer, any data information located in the territory of PRC cannot be provided to a judicial administration or officer of a foreign jurisdiction without the approval of the PRC governmental authority in charge.

An arbitral tribunal does not appear to fall within the scope of "judicial administration or individual", therefore it is unclear whether the abovementioned rules apply to an arbitration in a foreign jurisdiction.

Back to Top Print