May 25, 2022

Market Spotlight: China’s data security rules racked with ambiguity

An entirely new legal framework governing data security in China has been introduced over the last few years, beginning with 2017’s Cybersecurity Law. This was followed in September 2021 by the enactment of the Data Security Law, establishing a system to classify data collected and stored in China according to its potential impact on national security. This was then joined by the Personal Information Protection Law, which was passed in August 2021 and came into effect in November.

The legislation has raised many challenges, both in terms of the short transition timeframe and the fact that some provisions remain ambiguous. Organizations await clarification while they try to make sense of the practical effects not only on operations in China, but on offshore data processing activities.

 

TMT and PMB sectors are first to feel the heat

The rash of legislation is part of a broader regulatory crackdown on large businesses and anticompetitive behavior. The technology, media, & telecom (TMT) sector has been the most obviously affected part of the economy so far, especially organizations who are deemed to operate ‘critical information infrastructure’. However, ‘critical information infrastructure’ is not defined in the legislation, leaving scope for interpretation.

Most businesses today, if not all, depend on information technologies and possess sensitive data. Though TMT has been the most impacted so far, data-rich companies in the pharma, medical, & biotech (PMB) and insurance industries are expected to come under increasing scrutiny.

 
Increasing scrutiny poses new challenges for M&A

Stricter compliance rules will weigh heavily on organizations and exacerbate risks in M&A. One response may be for would-be buyers to pursue alternative deal structures that invite less scrutiny or involve fewer liabilities.

The effect on listings is more explicit. As of mid-February, Chinese internet companies that hold personal information on more than one million users are required to participate in a network security review, administered by the Cyberspace Administration of China, before they list overseas, including in Hong Kong. Amid these developments, one might expect more companies to hold back from big-ticket moves before certain ambiguities are resolved.

 

Ready for Your Next Deal?

No matter what type of deal is around the corner, make sure you're deal-ready. Use our next-generation data room to deal faster and smarter. Contact your client representative or request a personalized demo.

Get in touch

There's More...

If you'd like to see how M&A is faring in other sectors and regions, check out our latest Deal Drivers reports from APAC, EMEA, and the Americas to gain more insight into dealmaking.

Learn more

Ready to Get Started?

You may also like:

South Korean conglomerates and tech unicorns - will a partnership emerge?

South Korea has created a strong startup ecosystem, supported both by private and public markets. The tech scene in South Korea also presents a huge opportunity from an investment perspective, as traditional investors, namely corporates and financial institutions, are looking to participate in technology deals and increase their market share in the digital space.

Acquire Trackers on Mobile

Map your way through every deal with trackers.

M & A Professionals discussing a Data Room
Innovation Spotlight: The Acquire dashboard - landing lights for your buy-side deal

From top-level progress to daily details, here’s how the Acquire dashboard lights the way to your destination.