China's new cyber security law, which will go into effect Thursday, is not aimed at limiting foreign companies' access to the Chinese market, the country's Internet regulator said Wednesday.
The law is designed to safeguard China's cyberspace sovereignty, national security, public interest, as well as the rights and interests of citizens, legal persons and other organizations, said the Cyberspace Administration of China (CAC) in a statement.
"It does not restrict foreign companies or their technology and products from entering the Chinese market, nor does it limit the orderly, free flow of data," the statement said. "China is entitled to make laws and rules to regulate its cyberspace sovereignty following international practice."
The law was passed in November 2016 at a bimonthly session of the National People's Congress Standing Committee after a third reading.
A regulation requiring Internet products and services that may affect national security to undergo a security review will go into effect on the same day as the cyber security law.
Reviews focus on whether the products or services are secure and sufficiently managed, and on assessing the risk of illegal control, disruption or interruption, the CAC noted.
They also evaluate the risk of providers using their products or services to illegally gather, store, process or make use of user information, it added.
"The security reviews will not target any particular country or region. They will not discriminate against foreign technology or products, nor limit their access to the Chinese market," said the CAC. "On the contrary, they will boost consumer confidence in such products and services, and expand their markets."
FREE FLOW OF INFORMATION
According to the law, operators of key information infrastructure, including public communications and information services, energy and finance, are required to locally store personal information and vital data collected and produced by their services in China.
If business needs require them to provide the data and information for overseas use, a security evaluation must be carried out, it added.
The provisions target those operating key information infrastructure, personal information and data that is vital to the country, said the CAC, adding personal information is allowed to flow abroad with the approval of individuals concerned and data is allowed to flow abroad after clearing security reviews.
"Such provisions do not prohibit cross-border data flow, nor restrict international trade," said the CAC, saying cross-border data flow has been a prerequisite for economic globalization and the Belt and Road Initiative.
The CAC warned against infringement of its cyber sovereignty under the pretext of providing free flow of information. Preventing illegal information from entering China does not contradict supporting the free flow of information, it said.
"In the real world, all enterprises or individuals are required to observe laws of the countries they enter, and there should be no exception made in cyberspace," according to the statement.
China strictly manages the Internet within its borders and has banned the spread of illegal information via technical or other means. This embodies the country's cyber sovereignty and is a requirement for safeguarding national security and protecting the interests of its citizens, it said.
In addition, the law stipulates that Internet service providers should increase control on information released by their users and immediately stop the spread of information deemed illegal.
The regulation will not infringe on privacy nor restrict free speech online, the CAC said, adding that the regulation targets information made public by Internet users, not their personal communications.
The CAC reiterated that authorities aim to prohibit the spread of illegal information rather than impeding free speech.