Following new restrictions aimed at improving government control over virtual private networks (VPNs), businesses in China must contend with rising cybersecurity costs as well as uncertainty around the Chinese government's latest Internet regulations.
The Chinese government notoriously maintains extensive online filters, preventing access to content that Beijing deems contrary to the interests of the nation. The list of websites blocked by Beijing is extensive, and includes common sources of information, such as Google
In an effort to tighten control over an increasingly complex network of Internet censorship workarounds, the Chinese Ministry of Industry and Information Technology announced a ban on non-state sponsored VPNs, stating that access to all VPNs not licensed by the state would be blocked beginning March 31, 2018. Under the newly effective regulations, businesses and individuals in China will only be permitted to use VPNs that have been approved by the government. Beijing's hardened stance on VPNs came in tandem with broader cybersecurity legislation enacted by the Chinese government last year that has already pressured foreign companies conducting operations in China.
Businesses and foreign embassies are concerned about the impact of the new VPN restrictions and the costs of complying with them, as well as their implications for state surveillance. Companies may turn to international private leased circuits (IPLC) to support a direct connection between their Chinese offices and their headquarters. But IPLCs are costly to maintain, and can pose "a real problem" for smaller companies, according to Lester Ross, a committee head of the American Chamber of Commerce.
During the months leading up to the effective date of these latest restrictions, Chinese authorities began increasing state control over VPNs and cracking down on domestic VPN providers. Last July, Bloomberg reported that the Chinese government had ordered state-run telecommunications companies, including China Unicom
The recent VPN block is the latest in a series of Internet regulations enacted under President Xi Jinping, a strong advocate for China's "cyber sovereignty." Xi's government has sought to strengthen and consolidate state management of the Internet and cross-border communications, putting in place broad measures aimed at tightening the government's hold on information and data flow in the country. On November 6, 2016, the Chinese parliament approved a sweeping new cybersecurity law, which came into effect last June. The legislation targets "critical information infrastructure operators," requiring qualifying businesses to store their data in China. For businesses in China and Hong Kong, complying to the new regulations has contributed to increasing cybersecurity costs over the last year.