China's new cyber security law, which will go into effect Thursday, is not aimed at limiting foreign companies' access to the Chinese market, the country's Internet regulator said Wednesday.
The law is designed to safeguard China's cyberspace sovereignty, national security, public interest, as well as the rights and interests of citizens, legal persons and other organizations, said the Cyberspace Administration of China (CAC).
"It does not restrict foreign companies or their technology and products from entering the Chinese market, nor does it limit the orderly, free flow of data," the statement said. "China is entitled to make laws and rules to regulate its cyberspace sovereignty following international practice."
The law was passed in November 2016 at the bimonthly session of the National People's Congress Standing Committee after a third reading.
Operators of key information infrastructure, including public communications and information services, energy and finance, are required to locally store personal information and vital data collected and produced by their services in China, according to the law.
If business needs require them to provide the data and information for overseas use, a security evaluation must be carried out, it added.
The provisions target those operating key information infrastructure, personal information and data that is vital to the country, said the CAC, adding personal information is allowed to flow abroad with the approval of individuals concerned.
"Such provisions do not prohibit cross-border data flow, nor restrict international trade," said the CAC, saying cross-border data flow has been a prerequisite for economic globalization and the Belt and Road Initiative.
The CAC also refuted discrimination against foreign companies by a supporting regulation which requires Internet products and services related to national security undergo a security review. The regulation will go into effect on the same day as the cyber security law.
Reviews focus on whether the products or services are secure and sufficiently managed, and on assessing the risk of illegal control, disruption or interruption, the CAC noted.
They also evaluate the risk of providers using their products or services to illegally gather, store, process or make use of user information, it added.
"The security reviews will not target any country or region, they will not discriminate against foreign technology or products, nor limit their access to the Chinese market," said the CAC. "On the contrary, they will boost consumer confidence in such products and services, and expand their markets."
