What is China’s revised anti-espionage law?
China has recently revised its laws on espionage, which will take effect on 1st July. The updated laws expand the definition of ‘espionage activities’ and give national security agencies more investigative powers. The Chinese government is making a concerted effort to regulate sectors that are considered to pose a risk to national security.
Under the revised laws, local authorities have wider powers to:
- Inspect and collect evidence
- Seal, seize, freeze, confiscate or destroy property
- Summon and question persons
- Impose administrative penalties
- Impose exit and entry bans
China’s anti-espionage law allows authorities to confiscate most information and materials, including password-protected documents and emails, equipment and facilities, personal items and exclusive technologies during investigations. People in the workplace may be detained for questioning without notice during inspections. Persons at risk include employers, employees, part-timers, freelancers, third-party contractors, and anyone affiliated with an entity labelled as an espionage organisation. The authorities may also impose exit bans on foreigners and Chinese citizens without informing them. Entry bans may be pre-emptively imposed on foreigners who may endanger Chinese interests. Researchers, ex-civil servants and those working in defence industries are at higher risk. Such bans may be indefinite, and authorities are not required to inform banned subjects of any revocation of exit or entry bans.
The Chinese government has been conducting more investigations and raids on firms before the new laws have come into effect. This poses a significant risk for foreign entities operating in country. Foreign employees have also been detained while access to publicly available Chinese information has become limited. Chinese state-owned enterprises have been warned not to retain international firms for services due to data security risks. As a result, some firms, such as Microsoft, have begun announcing the relocation of employees, or the separation of parent and subsidiary companies due to concerns with violating China’s anti-espionage law.
What are the civil liabilities?
Penalties for violations by individuals, not constituting a criminal offence, include up to 15 days’ detention, a fine of up to 50,000 RMB, or a fine of up to five times the value of any unlawful gains if unlawful gains exceed 50,000 RMB, alongside other civil orders.
Entities may face civil liabilities. Directly responsible managers or superiors may also be subject to personal liabilities. Entities may be fined up to 500,000 RMB or up to five times the value of unlawful gains if unlawful gains exceed 500,000 RMB. The authorities may also impose other civil orders such as licence revocation, property destruction, cancellation of third-party partnerships or provision of services, or specific performance.
There are some concerns about the extensive powers local authorities have over company assets. It is unclear if state agents must provide any legal justification to seal, seize or freeze property and facilities, and whether they can do so with immediate effect during preliminary visits. The period of seizure or suspension is also unclear, and authorities may arbitrarily lengthen such periods. It is unclear if firms have a proper avenue to challenge this administrative decision, and there are no safeguards as to what state agents can do to confiscated assets. Businesses risk having a competitive disadvantage when their assets are frozen or seized.
Operational risks to businesses in China
Businesses in China face operational risks under the new anti-espionage law. Certain groups, such as non-government organisations, human rights groups, journalists, academics and think tank researchers are at higher risk if their past conduct in the course of business could be investigated under the revised law and used against them unfavourably.
Companies face heightened compliance risks when carrying out due diligence, data collection and sharing, market research and business intelligence gathering, talent recruitment and technical expertise retention, data storage and management, and when implementing cyber security measures.
Networking events or communication or collaboration with certain entities may be seen as espionage activity. Firms ordered to surrender data for investigation face competition from Chinese state-owned enterprises and intellectual property risks due to the lack of safeguards against the transfer of information and intellectual property obtained from foreign firms from Chinese authorities to state-owned enterprises. The risk is exacerbated by the lack of robust intellectual property rights and an underdeveloped legal landscape for intellectual property in China.
Organisations seeking access to Chinese developments, news and statistics, or researching human rights or corruption, are at risk of committing espionage. Foreign entities or think tanks collaborating with Chinese universities for academic research may be labelled ‘espionage organisation agents’. Domestic research institutes, media groups and academic individuals will be disincentivised from collaboration, undermining information access. NGOs and think tanks which rely on social media discourse to generate debate and interest are also at risk of being investigated for espionage activities.
Advice for companies operating in China, or collaborating with Chinese-based entities
Organisations are advised to reassess the following:
- Compliance procedures, due diligence processes, and internal practices
- Supply chain and operations, joint ventures and existing transactions
- Business contingency and crisis management plans
- Recruitment policies and vendor selection processes
- Data management processes, including the collection, storage, processing, transfer, and disposal of information
- Relocation and travel plans to and out of China.
In the event of an unannounced office raid or investigation by the authorities:
- Ensure that state security agents have produced their employment document, affixed legal approval documents from an authoritative person for the local state security organ (district-level).
- Ensure that the entire process of inspections, sealing and seizures must be audio-visually recorded and retained for future reference.
- Cooperate where possible and ensure all deadlines for enquiries, data submission and property management are met.