Photo:IC
Chinese authorities published data security draft regulations on Thursday that would ban the export of what was classified as core data, a step experts hail as a necessary step to ensure national security and normal functioning of society.
The draft regulations, published by China's Ministry of Industry and Information Technology (MIIT), classify data into three categories and ban the exports of what has been classified as core data.
According to the draft regulations, data generated from industrial and information technology sectors in China, including raw materials, equipment manufacturing consumer products, electronics manufacturing, explosives for civil uses and software, are subject to newly proposed restrictions.
The government will classify data into three categories, with general data which has limited social impacts, vital data that could threaten China's economic, social, cultural, cyber, ecological and nuclear wellbeing and compromise China's overseas interests, and core data that seriously threatens national security and could have major social and economic implications.
Data on biological, space, polar and deep-sea activity and artificial intelligence is considered to be vital or core data, depending on a data set's specific impacts.
The draft regulations require all the data from industrial and information technology sectors to be stored within China according to relevant laws and regulations, and ban core data from leaving the country. They require security appraisals to be taken first for the exports of vital data if there is a compelling reason to be transferred outside of China.
Analysts said data has become an indispensable part of a country's social governance, service and production, therefore it is necessary to ensure China's national security and social functioning with related regulations on data. Globally, the EU and the US both have similar rules.
Xiang Ligang, director-general of the Beijing-based Information Consumption Alliance, told the Global Times on Thursday that the new regulations could have implications for foreign companies operating businesses in China.
For instance, data generated by smart internet-connected vehicles should face limits if a company wants to transfer it outside of China, Xiang said, noting that the categorization means China is not isolating itself in the digital world.
Violation to the regulations could result in fines, suspension of business and revoking of business licenses.
Analysts noted that Chinese companies overseas are also required to follow data security rules of the country of their operation.
Qin An, head of the Beijing-based Institute of China Cyberspace Strategy, told the Global Times on Thursday law-abiding, compliant foreign companies in China don't have to worry about the new proposal, as it only targets illegal use of data or those who seek to misuse sensitive data.
The clear categorization approach to data throughout Chinese regulations is relatively balanced, compared with corresponding rules in the EU and the US, Qin said.