China Watch: Interpreting the Anti-Espionage Law

Download China Watch PDF

SUMMARY: The new anti-espionage law is another indicator of Xi Jinping’s obsession with political control, but the law, by itself, is unlikely to significantly increase risks to foreign businesses beyond current levels.  The PRC leadership assesses that China needs foreign investment and a vibrant private sector to overcome short- and long-term economic challenges and will likely try to strike a balance between national security and economic growth.  

China’s revised anti-espionage law, which went into effect on 1 July, codified the powers that the security services and courts already have. Under Xi Jinping, risks for foreign and domestic companies have gradually increased because of his emphasis on political control.  The revised law, based on the original anti-espionage law passed in 2014, is intended to address new geopolitical and security challenges and to reiterate Xi’s concept of “comprehensive national security.”

  • The updated version broadened the definition of state secrets to include sensitive data that could threaten national security and added articles to address cybersecurity threats and data security.  The revisions reflect China’s desire to protect sensitive economic and technological data as Beijing steps up its competition with the West and new challenges posed by cyberespionage.
  • The law is in part political posturing to reiterate Xi’s dominance.  A 3 July article in the online version of People’s Daily commented that the law incorporated Xi’s thinking on law and “comprehensive national security,” as articulated in his political report for the 20th Party Congress in October 2022.  The article also said that the law included language to further “centralize” anti-espionage work under the Party’s leadership. 
  • The reference to centralization is intended to signal Xi’s complete control over the security apparatus.  Prior to the Party Congress in 2022, some of the key security officials had ties to a rival faction, but Xi finally managed to put his trusted allies in charge of all the top security posts.

The law is another example of Xi’s tendency to promote contradictory polices that confound the foreign and domestic business community, as we wrote in the 16 May issue of China WatchWhile some Western media commentary has suggested that Xi is emphasizing national security over economic growth, this interpretation underplays the top leadership’s consistent message since the Central Economic Work Conference in December 2022 to expand foreign investment and support the private sector.  On 11 July, Xi reiterated the need to open up to the world and encourage trade and investment at a key policy meeting attended by senior leaders.

  • Premier Li Qiang has made foreign investment one of the top priorities since assuming office in March.  On 27 June, he sought to reassure investors by promising that China will not widely use “security reviews” against foreign businesses, in response to concerns about the anti-espionage and data security laws. 
  • The recent raids against three Chinese and US due diligence and consulting firms are likely not indicative of Beijing’s general approach toward foreign companies.  It is not entirely clear if Beijing was trying to send a message to foreign businesses because the most serious and dramatic legal action was taken against a Chinese consulting company, Capvision, whose clients included major Chinese state-owned enterprises.   
  • Due diligence firms that conduct investigations related to human rights, the defense industry, or political corruption will face higher risks.  Media reports suggest that the police targeted the Mintz Group because it had conducted supply chain inquiries related to alleged forced labor in Xinjiang.  It is not clear why the police questioned the employees of Bain in Shanghai, although such inquiries are not uncommon in the due diligence sector.

In addition to the anti-espionage law, foreign businesses also need to be mindful of China’s new data localization requirements, enacted after the adoption of new laws on cybersecurity (2017), data security (2021), and personal information protection (2021).  Beijing requires “core” and “important” data, categorized by their impact on national security, to be stored in China, unless permission is granted for data transfers, but the authorities have failed to clarify what types of data are considered sensitive.  Transfer of bulk data containing personally identifiable information collected from PRC citizens is also regulated.

  • Companies that work with Chinese partners with patented technology or trade secrets may need to ensure that such data stay on Chinese servers.  Some multinational companies have created separate data repositories for their PRC and international operations.
  • Beijing prefers to keep laws vague to encourage companies to self-police and seek approvals from the government.  Beijing also uses such laws as bargaining chips and diversion tactics in bilateral negotiations to avoid addressing deeper problems such as its unfair economic practices.  For example, Beijing may promise US officials to be cautious in enforcing the anti-espionage law as a “concession.”