China: Cloud Computing In China: Implications Of A Complex Environment

Background

In the past decade, physical servers and computer hardware have struggled to keep up with the astronomical amount of data that companies and individuals have created. Cloud computing has been introduced as a solution to harness large amounts of information for public and private access through flexible online "cloud" services.

The Chinese government has also taken note of the impact cloud computing is set to have on the world and plans to invest approximately RMB ¥1.1 trillion in cloud initiatives in the future. Despite the promise cloud computing technology has shown in the Chinese market, foreign investment restrictions, censorship, privacy protection, and jurisdictional issues – legal issues central to the successful delivery of cloud services – remain ambiguous.

This memo seeks to delineate China's current regulatory structure and address the potential impact that these legal issues may have on the growth of cloud computing operations.

What is Cloud Computing?

Cloud computing is the delivery of on-demand computing resources (e.g. networks, servers, and storage) to a large group of end-users. Unlike the traditional use of localized general-purpose hardware and servers to save and process data, cloud computing utilizes web-based infrastructure to store information and offer extra computing capabilities, eliminating the need to build massive server farms and purchase expensive storage systems. Cloud-based services enable greater flexibility by making information freely available through the internet, and information technology giants such as Google, Apple, and Microsoft have all launched cloud services in the past several years.

Cloud computing can be implemented in various forms, including:

  • Software as a Service ("SaaS"): SaaS providers offer a range of online software applications that users can access through their web browser. Examples of SaaS include Hotmail and Microsoft's online word processing service, Office Web Apps.
  • Infrastructure as a Service ("IaaS"): IaaS providers give consumers access to additional computing resources, including expanded storage capacity and webservers. A notable example is Amazon's Elastic Compute Cloud, which helped the New York Times to prepare its digitized hardcopy archive (spanning 1851-1980) for public availability within 24 hours by providing the Times flexible cloud infrastructure to host their content.
  • Platform as a Service ("PaaS"): PaaS providers offer a platform for software development and hosting, allowing users to create distributed web-based applications. A well-known example of this kind of service is Google's App Engine.

With technology growing at a rapid rate in China, cloud computing is proving to be an ideal solution to the expansion of internet usage and the continuing commercialization of data. However, current Chinese laws and regulations may pose some problems for foreign companies seeking to operate cloud-based services within China.

Limits on Foreign Investment in China's Cloud Computing Market

Internet information services remain a heavily regulated sector in China. The main regulatory framework for the Chinese telecommunications industry is the Telecommunications Regulations of the People's Republic of China (2000) ("Regulations")1. The Regulations categorize services as either "Basic Telecommunications Services" or "Value-added Telecommunications Services" ("VAS") in the Catalogue of Telecommunications Services annexed to the Regulations. Within this categorization framework, cloud computing is theoretically classifiable as a VAS. This is because cloud computing may fall under one of two broadly defined categories: "Internet Access Services," or "Information Services," both of which are subsumed within the category of VAS. Therefore, foreign investors interested in providing cloud computing services in China are subject to all regulations governing foreign investment in VAS, which include the Guidance Catalogue of Industries for Foreign Investment (2011) ("Foreign Investment Catalogue")2 and the Provisions on the Administration of Foreign-Invested Telecommunications Enterprises (2002) ("Foreign-invested Provisions").3

The Foreign Investment Catalogue establishes VAS as a restricted industry and limits foreign investors to holding less than 50% of the shareholding interest in a telecommunications joint venture ("JV") formed with a Chinese partner, and the Foreign-invested Provisions also contain a similar shareholding limitation. China's Ministry of Commerce ("MOFCOM") has delegated the authority to approve foreign investments of no more than US $50,000,000 in restricted industries to local commerce departments at the provincial level, but foreign investment in restricted industries like VAS is still subject to central MOFCOM approval if the investment exceeds US $50,000,000.4 In addition, the Foreign-invested Provisions further provide that telecommunications JVs offering cross-border services must obtain the approval of the State Council department responsible for the information industry, and conduct their services through an international communications gateway provided by one of the three state-owned telecommunications operators.5 JV cloud service providers are generally subject to these approval and gateway requirements because they often store data on servers located outside China. The VAS JV structure, therefore, has the disadvantage of being subject to the undesirable 50% shareholding restriction, as well as being subject to time-consuming and complex approval requirements.

Previously, an alternative to the VAS JV could be found in the form of a Variable Interest Entity (also known as a "Sina Structure").6 By using a VIE structure, a foreign investor could ensure effective control over a business located in China without going through the lengthy VAS JV approvals. The VIE Structure was initially designed to allow foreign investors to hold a controlling interest in an otherwise restricted area, such as telecommunications. This was accomplished by one or more foreign investors, who together with one or more PRC natural or legal persons formed an offshore entity, which in turn was owned or controlled an onshore Wholly Foreign-owned Enterprise ("WFOE"). This foreign-controlled WFOE would then execute control contracts which allowed the WFOE to have power over the ownership and management of a domestic-Chinese company that held the necessary licenses to operate within the VAS arena. While this arrangement served to relieve the restrictions placed on the allowed percentage of foreign investment by ensuring that the company seeking licensing was not legally "foreign" in nature, the recent downfall of the VIE due to its inherent flaws has made this option undesirable.7 Alternative corporate structures have been developed to fill the hole left by the failure of the VIE model, including that of the Multi-Jurisdictional Captive Company (MJCC).

Censorship and the "Great Firewall"

Censorship in China has always been a major problem for foreign-based companies, especially for those operating within the internet services industry. This has been especially true in cases when a foreign company has been unwilling to submit its services to the control exercised by the Chinese government. Additionally, the Great Firewall has hindered the availability of foreign cloud services such as Google Apps, which is often completely inaccessible to Chinese users.

Because cloud-based services are completely dependent on reliable internet availability, companies may find it difficult to satisfy their clients while facing restraints imposed by the Chinese authorities. Although cloud services have been praised for their convenience, users in China may prefer physical servers and hard drives over cloud computing because such physical resources are subject to fewer external service interruptions and encounter less latency overall. Both VAT JVs and companies utilizing alternate corporate structures such as VIEs and MJCCs may mitigate the impact of the censorship apparatus by locating key elements of the service outside of the reach of Chinese governmental authorities, but censorship and political sensitivity can still disrupt the smooth delivery of cloud computing services.

Since the Chinese government is fiercely protective of state secrets, cloud computing firms need to be aware of the fact that operating these services in China may be seen to compromise state secrecy. Due to the nature of sharing and collecting information on an online platform, cloud computing may pose a greater threat to state secrets than other technology services, and therefore may be subject to strict scrutiny. This is especially important as the Chinese government has the discretion to classify any information as dangerous, whether outwardly compromising or not, and may consequently censor the offending data. Companies acting in violation of the censorship regulations run the risk of suffering heavy penalties and having their services suspended or even terminated.

In the case of service termination, companies will need to have a procedure in place to allow users to retrieve their information from the online services, or alternatively to create a method of transferring the data to somewhere else. Companies are advised to establish practical exit plans and backup services to avoid data loss to their clients.

Privacy Issues

Because Chinese laws have not traditionally enforced stand-alone privacy rights, companies offering cloud-based services need to be cautious when they are operating within the Chinese market. Although increased pressure from technological advances has led to the continuing development of new piecemeal laws and regulations, China still lacks an overarching "data privacy" law to regulate the protection of information, and recent efforts to establish such a law have stalled. The current draft of the law includes restrictions on the transfer and sharing of information, but has yet to be implemented.

However, China has recently made a significant effort to address the privacy rights issue by amending the Criminal Law.8 Under the amendment, government and private sector employees who sell or unlawfully provide information obtained through their work duties to third parties are considered to have committed a criminal offense. Additionally, unlawfully obtaining such confidential information is also defined as an offense. Though the amendment is a crucial step in recognizing the need for privacy protection, it is still necessary to enact a stand-alone law to fully address the issue and achieve greater clarity.

The new Tort Law of the People's Republic of China ("Tort Law") also acts to supplement the criminal law with regard to privacy rights. The Tort Law specifically addresses the liability of a website operator with regard to infringing content that is posted within its database, and allows individuals to seek civil damages.9 Despite it being an important complement to the Criminal Law's amendment, the Tort Liability Law still lacks the enforceability of a stand-alone law.

The forthcoming Information Security Technology Guidelines for Personal Information Protection (the "Guidelines") represent another effort by the government to address the growing need for privacy protection. The Guidelines contain a set of principles governing the collection, processing, use, transfer, and maintenance of personal data on computer networks, which is expected to become the national standard for relevant companies. Internet giants such as Baidu and Sina have offered input towards the current draft of the Guidelines, which is still in the early stages of its development. However, even if the Guidelines do become an official standard they will lack the enforceability of a law, as a "recommended" standard is difficult to put into effect and relies on a company's willingness to abide by it.

Jurisdictional Issues

Just like clouds that constantly move from one place to another, cloud computing services constantly move data from one data center to another to maximize efficiency. However, certain jurisdictional issues will inevitably arise when data migrates across national borders, creating legal uncertainty for cloud computing providers. For example, the fluid location of data can become a problem when the governing law as specified in the contract between the user and the provider is in conflict with the law of the jurisdiction where the data resides. This conflict of laws is most acute in issues concerning confidentiality and privacy. Different jurisdictions afford varying levels of privacy protection, and information that is deemed private in one jurisdiction may be subject to unwarranted searches in another.

The general cultural and political differences between Western countries and China may also pose a major challenge to Western cloud computing providers who want to do business in China. When the Chinese authorities imprisoned reporter Shi Tao in 2005, Yahoo! China was accused of providing his personal information to the Chinese police without asking what the information was for. Yahoo!'s conduct led to an international outcry, a public-relation crisis, a U.S. congressional investigation, and a settlement for an unspecified amount with Mr. Shi. Although most conflict of laws issues are less dramatic than the case of Shi Tao, foreign cloud computing providers must be careful to take the difference between Chinese and Western legal systems into consideration.

Conclusion

Companies that wish to operate cloud-based services in China currently face a number of challenges. These include a complex regulatory environment, limitations on foreign investment, as well as censorship, privacy, and jurisdictional issues. Cloud computing companies who wish to operate in China need to carefully balance efficient service delivery with risk control mechanisms, and ensure that they are structured to maximize their potential while minimizing the risk of undue governmental interference. This is especially important in sensitive areas, as the Chinese government takes censorship seriously and foreign businesses seeking to break into the internet services industry will continue to face closer scrutiny. Violations of local regulations could lead to data loss for both the company and its clients, as well as service interruptions, ultimately resulting in client dissatisfaction. A balance must be struck to ensure that such services can flourish in this new market.

Footnotes

1. Dianxin Tiaoli (电信条例) [Telecommunications Regulations] (promulgated by St. Council, Sept. 25, 2000, effective Sept. 25, 2000) (Westlaw).

2. Waishang Touzi Chanye Zhidao Mulu (外商投资产业指导目录) [Guidance Catalogue of Industries for Foreign Investment] (promulgated by Nat'l Dev. & Reform Comm'n and Ministry of Commerce, Dec. 24, 2011, effective Jan. 30, 2012) (Westlaw) (China).

3. Waishang Touzi Dianxin Qiye Guanli Guiding (外商投资电信企业管理规定) [Provisions on the Administration of Foreign-Invested Telecommunications Enterprises] (promulgated by the St. Council, Dec. 11, 2011, effective Jan. 01, 2002) (Westlaw) (China) [hereinafter Foreign-invested Provisions].

4. Shangwubu Guanyu Xiafang Waishang Touzi Shenpi Quanxian Youguan Wenti De Tongzhi (商务部关于下放外商投资审批权限有关问题的通知) [Notice of the Ministry of Commerce on Decentralizing the Examination and Approval Power for Foreign Investment] (promulgated by Ministry of Commerce, June 10, 2010, effective June 10, 2010) (Westlaw) (China).

5. Foreign-invested Provisions, art. 17.

6. For more information on the VIE structure and potential complications, please refer to CWT Clients & Friends Memorandum, "Understanding the VIE Structure: NecessaryElements for Success and the Legal Risks Involved" (Aug. 10, 2011) (available at http://www.cadwalader.com/assets/client_friend/081011UnderstandingtheVIEStructure.pdf); as well as CWT Clients & Friends Alert, "UPDATE – MOFCOM's New Security Review Measures (Announcement No. 53): Increased Scrutiny of VIE Structures Operating in Areas of PRC National Concern" (Sept. 2, 2011) (available at http://www.cadwalader.com/assets/client_friend/090211MOFCOMNewSecurityReview.pdf).

7. This downfall was the result of a confluence of factors, including increased regulation against VIEs within China, a lack of remedy for foreign investors in case of breach, and a lack of enforceability under Chinese law. For a more detailed account, please inquire about Cadwalader's forthcoming Clients &Friends Memo entitled "The End of the Variable Interest Entity: A Crisis of Confidence in a Flawed Structure."

8. See Xingfa Xiuzheng An (Qi) (刑法修正案(七)) [Amendment VII to the Criminal Law] (promulgated by Standing Comm. Nat'l People's Cong., Feb. 28, 2009, effective Feb. 28, 2009) (Westlaw) (China).

9. Ginquan Zeren Fa (侵权责任法) [Tort Law] (promulgated by Standing Comm. Nat'l People's Cong., Dec. 26, 2009, effective July 1, 2010) art. 36, (Westlaw) (China).

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

Authors
Similar Articles
Relevancy Powered by MondaqAI
 
Some comments from our readers…
“The articles are extremely timely and highly applicable”
“I often find critical information not available elsewhere”
“As in-house counsel, Mondaq’s service is of great value”

Related Topics
 
Similar Articles
Relevancy Powered by MondaqAI
Related Articles
 
Related Video
Up-coming Events Search
Tools
Print
Font Size:
Translation
Channels
Mondaq on Twitter
 
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
 
Email Address
Company Name
Password
Confirm Password
Position
Mondaq Topics -- Select your Interests
 Accounting
 Anti-trust
 Commercial
 Compliance
 Consumer
 Criminal
 Employment
 Energy
 Environment
 Family
 Finance
 Government
 Healthcare
 Immigration
 Insolvency
 Insurance
 International
 IP
 Law Performance
 Law Practice
 Litigation
 Media & IT
 Privacy
 Real Estate
 Strategy
 Tax
 Technology
 Transport
 Wealth Mgt
Regions
Africa
Asia
Asia Pacific
Australasia
Canada
Caribbean
Europe
European Union
Latin America
Middle East
U.K.
United States
Worldwide Updates
Registration (you must scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions

Mondaq.com (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of www.mondaq.com

To Use Mondaq.com you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.

Disclaimer

The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.

General

Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions