China clamps down on foreign companies to strengthen cyber security

Foreign-owned companies are finding it increasingly difficult to operate in China, saying that they may be asked to pass on business-critical information to government authorities there.

Executives in the Asian country fear the crackdown may lead to intellectual property being leaked to competitors, leading to some companies choosing to reduce their presence.

Morgan Stanley is now looking at moving data jobs from its office in Shanghai to elsewhere in Asia, potentially impacting around 150 jobs.

Speaking to the Financial Times online, Shanghai lawyer, Shaun Wu, said:

“If companies are pulling out of China it doesn’t surprise me”. Companies in the nation are faced with the problem of optimising business continuity in a way that avoids intense government scrutiny and any subsequent action.

China’s Cyber Security Law came into play in June 2017, embracing all elements of IT infrastructure, from network systems to data storage and protection. The legislation has come under fire from overseas companies and IT experts, who say it is unclear and very broad in its definitions.

Developments to the Multi-Level Protection Scheme (MLPS), which upholds the cyber law in China, are expected to intensify the monitoring of tech industries, including mobile internet, IoT manufacturing, cloud usage, data and security, official statements say.

In the more-stringent climate, the Chinese government will have more of a presence in how products are developed, checked and assessed.

Jake Parker, head of the Beijing branch of the US-China Business Council, said:

“We are concerned that it may lead to more government scrutiny with authorities monitoring a broader swath of foreign technology and information and communications technology.”

Carolyn Bigg, a lawyer at DLA Piper in Hong Kong, said:

“Businesses need to know about this and pay attention to them because regulators will expect compliance.”

Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered.