China tightens its choke hold on Great Firewall piercing VPNs

By Elles Houweling

The Cyberspace Administration of China (CAC) – the country’s top internet watchdog – has released another set of draft regulations to further increase the government’s control in cyberspace. The document titled “Network Data Security Management Regulations” aims to punish individuals and institutions for bypassing China’s “Great Firewall”, which could have far-reaching implications for the usage of virtual private networks (VPN).

The proposal establishes cross-border data security gateways to “block the spread of information that originates from outside the People’s Republic of China.” It added that “no individual or organisation shall provide programs, tools, lines, etc., for penetrating or bypassing cross-border data security gateways.”

Individuals and entities are also prohibited from providing “internet access, server hosting, technical support and dissemination of information on how to bypass cross-border data security gateways”.

Anyone breaching the law would be subject to a fine no more than 10 times the amount of money made from the offence, or up to 500,000 yuan ($78,362) for any offender in a managerial position. Any offending business may have its licence revoked.

The draft was released on Sunday and is currently subject to public consultation until December 13. It is expected to pass without much challenge and will raise renewed questions for multinational entities operating in China, most of which rely on VPNs to access foreign services.

This marks the country’s toughest attempt yet to ban VPNs. Although China’s telecommunication regulator allows certain big multinational corporations to bypass the country’s Great Firewall, the approval threshold is very high. As a result, most individuals and businesses have to operate using VPNs which is considered a legal grey area.

In 1997, Chinese lawmakers first attempted to outlaw the usage of VPNs by stating that “anyone who wants to access foreign websites must use government-designated channels.” However, a more sophisticated law targeting VPNs was not enforced until 2017, when the Ministry of Industry and Information Technology carried out a large-scale inspection on internet service providers. In the same year, Apple removed 674 VPN services from its app store.

Nevertheless, it has been highly uncommon for foreigners to be punished for bypassing the Great Firewall.

In addition to its rules on cross-border data security, the draft law also stipulates that companies seeking to go public in Hong Kong have to undergo stricter cybersecurity reviews on national security grounds. Despite not being as tough as reviews for any company wishing to list in the US, it may make initial public offerings (IPO) in Hong Kong more difficult for mainland entities.

The document states that “data-processing entities seeking to go public in Hong Kong, which may affect national security” must apply for network security checks.

In July, the CAC published a set of proposals that makes going public overseas more difficult.

“Critical information infrastructure operators, purchasing network products and services, and data processors carrying out data processing activities that affect or may affect national security shall conduct network security reviews in accordance with these measures,” the document said.

The rules over Hong Kong were, however, unclear. Many companies that had initially planned to go public in the US have subsequently revoked their plans or announced that they would instead aim for an IPO in Hong Kong or Shanghai.

“Today, we find that Chinese companies IPOing in the US will have to spell out on the first page of their prospectus’ regulatory risks,’” Michael Orme, analyst at GlobalData and China specialist, told Verdict when the proposal was released.

“At the same time, the SEC is under mounting pressure to try to enforce great transparency among US-listed Chinese companies within the 3-year time period for them to show marked progress or get delisted.”

Notably, ByteDance, the social media giant behind the popular app TikTok and the world’s most valuable private company, postponed its overseas listing plans earlier this year. Instead, it set its sight on the Hong Kong Stock Exchange, for which the new rules could prove to be an additional obstacle.

The Great Firewall comprises the laws, regulations, and technologies that govern the internet in China. It is an essential part of the Party-State machinery and is cordoned off from the rest of the world. It determines what the Chinese population can read, see and hear online by blocking access to foreign sources of information, internet tools, mobile apps and strictly censoring domestic sources of online information, including so-called “vulgar” content.