China Encryption Regulations

Governments and businesses worldwide have come to realize the significance of using encryption for sensitive information. China is no exception as they recently passed legislation that regulates encryption by dividing it into the categories of core, common, and commercial.

The state will manage core and common cryptography to protect confidential information such as state secrets. Commercial cryptography will be used to protect information that is not confidential and citizens, legal personnel, and businesses may use this form. These new regulations will go into effect alongside existing cybersecurity laws in the country.

China’s Existing Laws for Encryption and Cybersecurity

The existing cybersecurity laws require network operators to store certain data in China and allow authorities to check their network operations. This applies to just about every business in China that has computer systems that store, transmit, process, or exchange information.

Some of the sectors that are considered to be “critical” are:

  • Communications
  • Information Services
  • Energy
  • Transport
  • Financial Services

Anyone who partners with or supplies to companies in these fields could also be subject to the law. The law requires that network operators work with Chinese security investigators as well as allow the authorities full access to data upon request.

Network operators have to take precautions to prevent viruses and cyber attacks, monitor network safety and implement data classification, a back-up system, and encryption. Data about Chinese citizens must be stored on domestic servers. The law also states that information on economic, technological, or scientific data may not be exported to avoid threats to national security.

New Year, New Law

The new Chinese laws relating to cryptography will go into effect on January 1st, 2020. Under these new rules, classified information that is sent over wired and wireless communication must use cryptography for encrypted protection. Companies that are working on cryptography must establish management systems to ensure that the encryption is secure.

The managers in this position may not ask private encryption developers to surrender their source code or other proprietary information. While China is encouraging encryption, the development of it must not harm their state security or public interests. Anyone who develops cryptographic systems that are not examined and authenticated within the country will be subject to penalty.

The laws were put in place to increase data protection in the state, and encourage the development of such a technology. While this adds a layer of protection, outsiders are left with many questions and concerns. It seems there is little explanation as to what type of encryption constitutes a threat to the state and its operations. Additionally, any innovative developments for encryption must be approved before being implemented, putting the power in the hands of the government.

Encryption in Your Hands

The new law has been two-years in-the-making and while it has included extensive coverage of encryption application, management, and development, there is still room for Chinese authorities to change standards and include further restrictions on encrypted data. The ultimate goal of encryption is to protect data, and we believe that tech consumers should have a secure and easy way to do so.

The SecureDrive product line is completely hardware encrypted and eliminates data leaks. The portable devices are the latest innovations in data security. The KP model can only be unlocked with a complex PIN unique to the user and the BT model is unlocked using a mobile app. BT users may also authenticate with biometrics like fingerprints or facial recognition, making the authentication process completely secure from unauthorized parties.

The KP boasts features like brute force anti-hacking technology that will wipe the drive clean after 10 consecutive failed PIN entries. The BT drives may be remotely wiped at any time and admins on the device may change passwords or deny access to the drives by simply using the app.

If you need quality-level encryption for your corporate or personal data, see more about our SecureDrives. They are FIPS 140-2 Level 3 Validated for top-rated security and allow anyone from the average consumer to a large corporation to easily implement encryption. Call 1-800-875-3230 to learn more.