LPA-CGR avocats is happy to present this summary of new legal issues which could affect your business in China.
1. China’s New Work Visa Policy
China recently introduced new foreign work permit system. The current Alien Employment Permit (Z-visa) and the Foreign Expert Permit (R-visa) will merge into one “Foreigner’s Work Permit” and every foreigner’s work permit will be graded on a range of A, B, or C according to a points system. The points system will numerically grade different aspects of the applicant such as his educational background, Chinese language proficiency, salary in China, time length worked in China, working area, etc. Each applicant will be assigned a unique ID number that does not change, regardless of permit renewal or change of employer. This new policy will also enhance the communication and exchange of information between the Labor Bureau, the Public Security Bureau and the Foreign Affairs Bureau.
The purpose of such reform is to grant Foreigner’s Work Permit taking into consideration not only experience, diploma and health of the concerned foreigner but also other assessment criteria which are more comprehensive. This reform may allow foreigners above 60 years old to obtain a work permit in China, when this was almost impossible before. Foreigners without less than 2 years’ work experience but graduated with master degree or above from top 100 universities around the world may also be able to obtain a work permit in China. It was announced that documentation requirements will be reduced by nearly 50 percent. However, our current experience in Shanghai does not yet support this allegation.
The new regulation is currently tested in Shanghai and will be applicable nationwide on April, 1st 2017.
2. Cyber Security Law to be effective soon
The Cyber Security Law of the People’s Republic of China (the « Cyber Security Law« ) has been adopted recently and shall come into force as of 1st June 2017.The scope of the law is quite broad and applies to the construction, operation, maintenance and use of the network within the territory of China. The Cyber Security Law strongly focused on security obligations applicable to providers of network products and services and network operators. The Cyber Security Law establishes a “graded network security protection system » and a core protection for key information infrastructures.
Here are the main requirements and obligations introduced by this law.
- Real identity disclosure
China is seeking to implement the strategy of trusted identities in cyberspace. Therefore, when handling network access for fixed line, mobile phone or providing users with information publication services, instant messaging services or others services, network operators shall require users to provide real identity information.
- Protection of personal information
The law provides substantial individual protections. Collect and use of personal information shall be governed by the principles of legitimacy, rightfulness and necessity. When products and services collect users’ information, the providers shall notify the users and obtain their consent. Network operators shall neither gather personal information unrelated to the services they provide nor transmit such information to third parties without the consent of the persons whose data is collected.
- Security requirements
Network operators shall, among other requirements have cyber security protocols in place, preserve web logs for at least 6 months, protect user’s personal data and verify the identity of phone and internet services users.
- Additional security requirements for key information infrastructure operators
The Cyber Security Law provides for additional security requirements for “key information infrastructure operators”. However, the Cyber Security Law does not clearly define what “key information infrastructure” means. Article 31 suggests that it could include any service needed for public communication or information, power, transportation, water works, finance, public service, or digital governance, as well as any infrastructure that would endanger national security, national welfare, popular livelihood, or the public interest if destroyed or hacked. This definition may include a wide range of operators, foreign and domestic. Given the additional security requirements applicable to such key information infrastructure operators, implementing regulations are going to play a vital role in the application of this new law.
Security requirements and obligation applicable to key information infrastructure operators include among others:
- The setting up of an independent security management institution and designation of persons responsible for the security management.
- Assessment of their cyber security at least one a year and submission of the results of such assessment to the relevant departments responsible for the security protection of key information infrastructure.
- Storage of personal information on servers located within mainland China. Transfer of such data abroad due to business requirements shall be allowed after conducting a security assessment in accordance with the measures formulated by the national cyberspace administration authority, in concert with the relevant departments under the state council.
This new Cyber Security Law provides important rules for network services providers and raises a lot of questions for network operators which may fall under the scope of key information infrastructure operators’ requirements and obligations. Chinese government already started to release draft rules to implement this law. Network operators should without no doubt pay close attention to the implementation of this important regulation.
3. Annual Audit and Compliance Requirements – 2017 calendar
Under current PRC laws and regulations, all Foreign invested companies (including WFOE’s and JV) are required to meet annual compliance requirements every year. Below are listed the main tasks and deadline for the 1st semester of 2017:
- From January to April 2017: prepare the audit report,
- May 2017 : prepare tax reconciliation,
- 31 may 2017: Tax clearance deadline,
- 30 June 2017: Annual reporting to AIC.