May 25, 2022

Market Spotlight: China’s data security rules racked with ambiguity

An entirely new legal framework governing data security in China has been introduced over the last few years, beginning with 2017’s Cybersecurity Law. This was followed in September 2021 by the enactment of the Data Security Law, establishing a system to classify data collected and stored in China according to its potential impact on national security. This was then joined by the Personal Information Protection Law, which was passed in August 2021 and came into effect in November.

The legislation has raised many challenges, both in terms of the short transition timeframe and the fact that some provisions remain ambiguous. Organizations await clarification while they try to make sense of the practical effects not only on operations in China, but on offshore data processing activities.


TMT and PMB sectors are first to feel the heat

The rash of legislation is part of a broader regulatory crackdown on large businesses and anticompetitive behavior. The technology, media, & telecom (TMT) sector has been the most obviously affected part of the economy so far, especially organizations who are deemed to operate ‘critical information infrastructure’. However, ‘critical information infrastructure’ is not defined in the legislation, leaving scope for interpretation.

Most businesses today, if not all, depend on information technologies and possess sensitive data. Though TMT has been the most impacted so far, data-rich companies in the pharma, medical, & biotech (PMB) and insurance industries are expected to come under increasing scrutiny.

Increasing scrutiny poses new challenges for M&A

Stricter compliance rules will weigh heavily on organizations and exacerbate risks in M&A. One response may be for would-be buyers to pursue alternative deal structures that invite less scrutiny or involve fewer liabilities.

The effect on listings is more explicit. As of mid-February, Chinese internet companies that hold personal information on more than one million users are required to participate in a network security review, administered by the Cyberspace Administration of China, before they list overseas, including in Hong Kong. Amid these developments, one might expect more companies to hold back from big-ticket moves before certain ambiguities are resolved.


Ready for Your Next Deal?

No matter what type of deal is around the corner, make sure you're deal-ready. Use our next-generation data room to deal faster and smarter. Contact your client representative or request a personalized demo.

Get in touch

There's More...

If you'd like to see how M&A is faring in other sectors and regions, check out our latest Deal Drivers reports from APAC, EMEA, and the Americas to gain more insight into dealmaking.

Learn more

Ready to Get Started?

You may also like:

Expert Spotlight: Will Deal Momentum in Denmark Continue in 2022?

A sustained period of inflation will impact both financial markets and transaction processes, and is currently top of mind for those involved in dealmaking. This was one of the key findings in a recent discussion in Copenhagen on the opportunities and challenges within Nordic M&A.

Market Spotlight: Distressed Deals in EMEA – Will History Repeat Itself?

Events in Europe are already affecting the successes enjoyed by dealmakers in 2021. Is the current situation similar to the 2007-08 crisis? Will restructuring and distressed M&A increase in EMEA in the coming months?

Market Spotlight: Keeping up with LATAM's Fintech Boom

Latin America may not spring to mind as an obvious venture capital hub. But the volatile political and economic history that has often deterred investors, has an upside. Potential is vast, innovation is buzzing, and now growth is flourishing as money floods into the region.