BOFIT Weekly Review 2015/17

China suspends implementation of bank cyber-security requirements



The US and China have quarrelled over China’s intended measures related to net security and terrorism. China’s new regulation proposal called for e.g. requiring IT-system suppliers in certain branches to retain data on Chinese citizens on servers located in China. Moreover, companies would have had to grant officials access to secret information. The rules implied banks should start favouring domestic suppliers in future IT procurements.

Recent information suggests the planned regulations will not be applied to Chinese banks as such. Large US tech firms considered the proposed regulations less of a data security issue than a trade policy strategy meant to bolster the competitive advantage of Chinese firms. Establishing and maintaining local server clusters would be very expensive for foreign firms. Chinese banks have themselves expressed concern that rules limiting them to domestic data security firms would weaken their existing data security technology significantly.