China's Counter-Espionage Law
How Foreign Entities Can "De-Risk" China Exposure
Holistic National Security
The Chinese Communist Party (CCP) introduced revisions to its counter-espionage law in April 2023 with the intention of broadening its definition of “national security.” The amended law codifies the CCP’s increasing emphasis on a “holistic view” of national security (总体国家安全观), which considers potential security threats as emanating from an expansive range of different areas across the military, business, journalism, academia, and nonprofit sectors. This, combined with the law’s definitional vagueness about what counts as “national security” and sweeping enforcement powers to punish offenders, means that the CCP has effectively crafted legal grounds on which it can prosecute any individual or entity that it deems as not aligning fully with the party’s interests. While the CCP maintains that it has possessed these capabilities since first passing the law in 2014—aided by further passage of implementation rules in 2017 and Provisions on Counter-espionage Security Precautions in 2021—the amended law aims to legalize these efforts and potentially extend them overseas to include all Chinese citizens or even non-citizens of Chinese heritage living outside of the People’s Republic of China (PRC).
The law also highlights the CCP’s increasing prioritization of national security over other arenas like economic growth. This is likely to affect the ability of foreign entities to conduct smooth exchanges of people, capital, and intellectual property for businesses, academic, and nonprofit purposes. The Counter-Espionage Law expands the range of punishable offenses compared to the established Criminal Law, with foreign individuals found in breach punished by 15 days detention, a fine with no court trial, and/or deportation from the PRC. More extensive punishments are also possible depending on the severity of the charges.
Expectations for Foreign Entities in the PRC
Foreign entities operating in China or Chinese entities with significant foreign ties should not see a dramatic change in their ability to continue as usual in the short term, but in the middle to long term the amended law will likely contribute to an increasingly hostile business and operational environment. For both foreign and Chinese nationals, interaction with or employment in foreign businesses or entities is likely to face increasing scrutiny and pressure by China’s security organs as they push for a domestication of key sectors and heighten suspicion of foreign partners. This is particularly so for those industries considered closer to the tech sector—including AI, semiconductors, and autonomous vehicles, among others—and entities from the United States. For firms in consulting or advising, recent unannounced visits to these entities by the Chinese authorities, particularly for multinational corporations or entities with perceived foreign ties, suggests that the CCP hopes to prevent the gathering of information—corporate or otherwise—that does not come directly from CCP-approved sources. This approach also serves to deliver a warning to foreign entities that they will be increasingly subject to targeted surveillance and restrictions on how they operate in the PRC.
The amendments to the Counter-Espionage Law complement those of the Cyber-Security Law (2016) and other laws regarding the internet, which, when combined, give public security organs sweeping authority to inspect all users of China’s internet and digital spaces. Notably, entities with data stored in China will now not only have to store that data on Chinese servers that are subject to seizure by CCP organs, but if that data is considered in violation of or in service of national security—broadly defined—then the entities in question can be found liable for undermining national security.
Recent Cases
The amended Counter-Espionage Law is already in effect, with an increasing number of cases targeting both Chinese and foreign nationals. Foreign entities operating in China, including major multinational firms, have already received targeted attempts at intimidation and seizure of company property, including fines, the prevention of executives and employees from entering the country, and forced suspensions for business operations.
Notably, the CCP largely considers foreign nationals of Chinese heritage or ethnicity to be subject to laws governing the PRC, regardless of passport held or whether the subject is in the PRC or abroad. Recent cases that fall under the umbrella of national security, for example, include the detention of foreign journalists, businesspeople, and other private citizens of Chinese heritage who hold foreign passports. This means that companies and entities operating in the PRC should have mitigation strategies in place for what happens if an employee is detained, including both what information the employee may be required to divulge and how to maintain operations with a reduced team. Moreover, extrajudicial detentions by Chinese officials outside the PRC have continued despite assurances to the contrary. These cases underscore how the Counter-Espionage Law is significant for global companies regardless of whether they engage directly with PRC markets.
From “Decoupling” to “De-risking”
Foreign companies and entities active in the PRC should look to mitigate the heightened risk of continued operations in the country—most importantly employee safety, data and intellectual property seizure or restriction, and financial burdens of increased risk training—but are advised to keep potential mitigation strategies confidential to avoid potential political retribution. Companies should explore how to reduce their foreign workforce in the PRC to avoid the risk of detainment or harassment by the CCP’s security organs. While already present in the Entry/Exit Administrative Law, the Counter-Espionage Law also heightens the risk of both Chinese and foreign nationals being denied either entry to or exit from the PRC on national security grounds, which means that the physical movement of employees across PRC borders will face increased risk. Entities with foreign employees traveling to and from the PRC should have plans in place for how to respond to an employee being detained through denial of an exit permit, including potential legal and diplomatic avenues for ensuring their release.
For foreign entities looking to continue operations in the PRC, partnering with Chinese-owned companies—rather than Chinese-foreign joint ventures or global companies—is one approach to protecting from potential incursion from CCP authorities. Limiting the intellectual property and information shared with Chinese partners to a need-to-know basis is also prudent, as information can be seized by security organs and put both a company’s intellectual property and the survival of the local Chinese partner at risk of prosecution. Entities with significant investments in the PRC, particularly in sensitive industries, should consider how to decrease operations so that the entity will not be endangered by a potential loss of China-based operations or intellectual property.
In the long term, China’s targeting of foreign—specifically U.S.—corporations look likely to increase with the appointment of Minister of State Security Chen Yixin to oversee foreign entities operating in China, a role that was previously the responsibility of ministers with economic portfolios. At the same time, U.S. entities that invest in “sensitive” industries in China will face heightened scrutiny domestically, with U.S. officials seeking to deter trade or investment in China. Moreover, with Chinese economic growth rates predicted to level in the coming years, “de-risking” exposure to Chinese markets and diversifying supply chains beyond China will be increasingly important for entities looking to mitigate the potential negative fallout from the amended counter-espionage law.