{{item.videoDuration}}
{{item.title}}
{{item.text}}
{{item.videoDuration}}
{{item.title}}
{{item.text}}
Leading Western manufacturers with sizeable operations in China, or with plans to start production there, are exploring how digitalization can strengthen their business. However, companies need to consider various factors as they endeavor to fulfill their digital aspirations. Most notably, they will need to understand and respond to constantly developing regulations in China on cross-border data transfer and security.
Investment in digitalization and intelligent manufacturing has grown rapidly in China in recent years, resulting in the proliferation of digital products and the creation of smart factories and digital supply chains. Indeed, the World Economic Forum estimates that the financial value of the industrial software market in China doubled between 2017 and 2022, and now stands at 266 billion Yuan (35 billion Euro). More than a third of lighthouse factories in the world are located in China.
Breeding ground for digital models
There are various reasons for this rapid development, not least widespread technological innovation, involving areas such as 5G, artificial intelligence, the internet of things (IoT) and blockchain. Spurred by the Chinese government’s range of incentive policies to encourage digitalization, local manufacturing companies have responded with commitment and speed. As a result, many are already starting to arrive at an advanced stage of digital maturity.
Given these conditions, Western manufacturers look to China as an excellent breeding ground to build and promote digital models which they can then introduce into other markets to enhance productivity, reduce costs, and improve service to customers throughout the world.
For example, one leading German company built what it calls its first “digital native factory” in China, involving smart and flexible production and product design, intensive and efficient manufacturing operations, and optimized services using big data. The business outcome of the company’s digitalization program has been tremendous. According to the local management of that company, its production capacity increased by 200%, production efficiency improved by 20%, and time to market was cut down by 20%.1
1 https://www.21jingji.com/article/20220618/herald/048aac9f8e26a24e3ac849668cf0ed67.html
Obstacles to success for Western manufacturers
However, despite such success stories, Western manufacturers are still facing major challenges in China as they strive to tailor their digital transformation for the local market. First, some companies are beset by inadequate digital strategic planning, in large part due to a lack of transparency about what is and what is not possible in China, and they therefore lack clarity about their goals.
Second, impatient business leaders can fail to benefit from the long-term economic and social values of digital transformation. Indeed, in some specific sub-sectors, such as discrete manufacturing, it can be some time before digitalization starts to reap benefits, by which time companies may have hastily abandoned the entire process.
Finally, many companies are not fully aware of the risks brought about by new technologies and business models, particularly when it comes to cross-border data security and compliance. In China, the export and usage of data have been stringently regulated. Only after getting to grips with these rules can companies look forward to a smooth digital transformation.
The development of the digital legal framework in China
Indeed, many relevant laws and regulations, such as the Data Security Law and Personal Information Protection Law, have been issued in China over the course of the last fifteen years. There has been a focus on overseeing the movement of three types of information – personal information, where it is possible to identify information related to a person; sensitive personal information, such as racial or ethnic origin, political opinions or associations, or religious beliefs, which must be afforded additional security; and important data, which could potentially pose a broader, systemic threat to national security, the functioning of the economy, social cohesion or public health and safety.
The broader business, economic and political environment will ensure that this trend of tighter regulation in the field of information technology will continue for the foreseeable future. Burgeoning technology has led to an exponential increase in both cybercrime and in the demand for cloud storage, intensifying the need for robust cybersecurity.
Moreover, as the digital economy becomes a significant contributor to the development of many countries, even stricter regulations will inevitably follow as national governments seek to be in control of this huge constituent part of their economy. The growing number of relevant regulations throughout the world can also be seen as concerted attempts by the respective regions, such as the United States, the European Union and China, to anticipate global rivals’ actions by forging an ideal balance between stimulating digital development and safeguarding national, corporate and personal data security.
How Western manufacturers can ensure compliance
Given the pace of these regulatory developments, it is not surprising that executives increasingly harbor anxieties. For example, in PwC’s 2021 China Business Climate Survey Report, 83% of surveyed multinational companies in China expressed concerns about the regulatory environment and its impact on their operations.2
Their concerns are understandable. There are examples of companies that have been severely punished for non-compliance in data export, with considerable ramifications for the company's business. For example, in July 2021, a Chinese ride-hailing giant was taken to task for issues related to user data security and improper cross-border data transfer. As a result, the company was forced to suspend new user registrations and undergo rectification measures.
Given the long-term potential of the Chinese market, however, any unease about the regulatory climate will not deter the vast majority of Western companies from doing business in the country. Indeed, according to the 2022 China Business Report, developed by the American Chamber of Commerce in Shanghai in partnership with PwC, only 17% of US companies are considering moving operations out of China in the next three years3 That said, leaders are certainly aware that they constantly need to monitor the impact of existing and new regulations on their business. They should approach this challenge in a methodical and rational way by first reaching clear answers on certain fundamental questions.
For example, they need to understand what exactly constitutes data export activity according to Chinese law.4 Typically, this can involve two sets of circumstances: when data processors transfer and store data overseas that has been collected and produced in domestic (Chinese) operations; and when data processors store data within China itself that has also been collected and produced domestically, but foreign entities are nevertheless able to gain access to it.
In terms of data transmission, Western manufacturers also need to appreciate what “cross-border” entails in the Chinese context. In general, data export refers to data transmission to countries or regions outside of the Chinese mainland, but transmission to Hong Kong, Macau and Taiwan is nevertheless also considered to be data export.
When Western manufacturers are involved in data export, an official assessment for the Chinese authorities is compulsory if the relevant criteria are met (in terms of the data type and quantity). If not, a standard contract on data export, without the government assessment, can be carried out. Should the company be obliged to complete the official data export assessment, a risk self-assessment is also obligatory. We recommend that companies still carry out a self-assessment even when the official assessment is not required, as its business may in the future grow sufficiently to meet the relevant criteria.
In this self-assessment, companies will need to evaluate the purpose of the data export, explore the sensitivity of the data, pledge that the overseas recipient can safeguard the security of the exported data, determine any third-party risk to the security of the data export, and confirm that the contracts with the overseas recipient related to the data export fully stipulate relevant responsibilities.
2 https://www.amcham-shanghai.org/sites/default/files/2021-09/CBR-2021.pdf
3 https://www.amcham-shanghai.org/en/article/amcham-shanghai-releases-2022-china-business-report
4 The information provided in this article does not, and is not intended to, constitute legal advice. Please consult legal counsel if needed.
Those manufacturers not only planning digital transformation, but also contemplating the launch of a digital platform service in China, need to consider value-added service (VAS) regulation. There is no universal license for this activity, and companies will need to apply for a specific permit according to the nature of the platform and their business.
Regulations relating to digital activity in China are inevitably complex. Western manufacturers should therefore look to establish a strong relationship with local legal advisors and regulatory experts to ensure compliance. They should also consider forming partnerships with local companies in order to navigate this intricate regulatory environment. Companies must stay agile at all times, and handle constant regulatory changes with a proactive approach, including regular reviews and updating of internal compliance policies and procedures. By ensuring that their digital business in China is compliant, companies are able to concentrate on purely commercial decisions, while also avoiding punitive measures and business interruption.
Western manufacturers with operations in China or planning to start production there should ask themselves the following questions on digital compliance
- How are my business activities classified (type of business) by the Chinese government?
- What constitutes data export in the Chinese legal context?
- What types of data will I be transmitting – personal information, sensitive personal information, or important data?
- Will my company be launching a digital platform service in China?
- How do I orchestrate my digital ecosystem in China and manage digital platforms and data flows and usage in a compliant way?
As we saw from the earlier survey, Western companies are very aware of the potential challenges of the regulatory environment in China, but nevertheless intend to stay put in the country. With a disciplined and watchful approach to compliance, they shall prosper in the Chinese market without unexpected surprises.
{{filterContent.facetedTitle}}
{{contentList.loadingText}}
{{contentList.loadingText}}
Contact us
