May 25, 2022

Market Spotlight: China’s data security rules racked with ambiguity

An entirely new legal framework governing data security in China has been introduced over the last few years, beginning with 2017’s Cybersecurity Law. This was followed in September 2021 by the enactment of the Data Security Law, establishing a system to classify data collected and stored in China according to its potential impact on national security. This was then joined by the Personal Information Protection Law, which was passed in August 2021 and came into effect in November.

The legislation has raised many challenges, both in terms of the short transition timeframe and the fact that some provisions remain ambiguous. Organizations await clarification while they try to make sense of the practical effects not only on operations in China, but on offshore data processing activities.


TMT and PMB sectors are first to feel the heat

The rash of legislation is part of a broader regulatory crackdown on large businesses and anticompetitive behavior. The technology, media, & telecom (TMT) sector has been the most obviously affected part of the economy so far, especially organizations who are deemed to operate ‘critical information infrastructure’. However, ‘critical information infrastructure’ is not defined in the legislation, leaving scope for interpretation.

Most businesses today, if not all, depend on information technologies and possess sensitive data. Though TMT has been the most impacted so far, data-rich companies in the pharma, medical, & biotech (PMB) and insurance industries are expected to come under increasing scrutiny.

Increasing scrutiny poses new challenges for M&A

Stricter compliance rules will weigh heavily on organizations and exacerbate risks in M&A. One response may be for would-be buyers to pursue alternative deal structures that invite less scrutiny or involve fewer liabilities.

The effect on listings is more explicit. As of mid-February, Chinese internet companies that hold personal information on more than one million users are required to participate in a network security review, administered by the Cyberspace Administration of China, before they list overseas, including in Hong Kong. Amid these developments, one might expect more companies to hold back from big-ticket moves before certain ambiguities are resolved.


Ready for Your Next Deal?

No matter what type of deal is around the corner, make sure you're deal-ready. Use our next-generation data room to deal faster and smarter. Contact your client representative or request a personalized demo.

Get in touch

There's More...

If you'd like to see how M&A is faring in other sectors and regions, check out our latest Deal Drivers reports from APAC, EMEA, and the Americas to gain more insight into dealmaking.

Learn more

Ready to Get Started?

You may also like:

Teaming Up with Sport as an Investment Goal

Datasite recently spoke with Alex Coral, VP, Oakwell Sports Advisory, to hear his thoughts and insights on why sport and its related assets remain a popular investment, even during a downturn.

Expert Spotlight: How is Saudi Arabia Cementing its Position as an M&A Leader in 2023?

Saudi’s Vision 2030 is driving dealmaking activity there. However, regulatory and cultural challenges persist, which can make doing business in the region difficult for some. What does this mean in terms of M&A activity in 2023 in the region? The experts recently shared their thoughts.