Jacob Painter, consultant, corporate risk programmes EMEA at Healix explores four ways businesses can ensure the safety of their staff amid the growing threats posed by Chinese espionage laws

Having come into force on 1st July, revisions to Beijing’s anti-espionage law are vague and give authorities broader leeway in implementing what was already opaque national security legislation that is difficult to navigate.

A wide definition of ‘acts of espionage’, includes but is not limited to; ‘activities that endanger the national security of the People’s Republic of China that are carried out, prompted, or funded by an espionage organisation and its agents, or carried out by agencies, individuals, or other collaborators domestically or outside the PRC borders’.

China espionage spy cyber

Who’s actually at risk?

Employers and their employees, as well as any freelancers or third-party contractors and any affiliated persons whose views are found to be aligned with an entity labelled an espionage organisation, fall under the scope of the law.

China’s revised anti-espionage laws came after a series of new crackdowns on information flows and high-profile arrests of local and foreign employees at foreign and local firms.

Chinese media long warned of a crackdown on foreign consultancy firms seeking access to sensitive information.

“The revised act has given the authorities wide-sweeping powers”

In fact, an uptick in raids and investigations conducted against businesses already posed a significant operational risk to businesses, before the revised laws even came into effect.

Since the amendments came into effect, foreign offices in China reported an increase in raids, with employees based in China being invited for questioning and investigations.

The revised act has given the authorities wide-sweeping powers, including the authority to ‘inspect and collect evidence’, freeze, confiscate or destroy commercial or private property, summon and question members of the public, and impose entry and exit bans on individuals.

What’s an exit ban?

Persons with an exit ban imposed on them are prohibited from leaving China. Exit bans can be imposed on any person under investigation or any persons deemed a national security risk after leaving China.

However, those with exit bans imposed on them are usually not notified, and most only discover that they are under an exit ban when attempting to depart China or when renewing their travel documents.

This raises a concern for business travellers and undermines business continuity plans.

Exit bans, issued by the National Supervision Commission, are also often impossible to appeal against in practice. The legal basis for the imposition of an exit ban, which often includes the ‘need to safeguard national security and interests’ and to ‘maintain social and public order’, is also unclear and it’s difficult to find out who ordered the ban.

“This raises a concern for business travellers and undermines business continuity plans.”

Laws surrounding the imposition of an exit ban are ambiguous and expansive, giving local authorities wide-ranging powers to impose and enforce them.

Exit bans can be imposed even before a civil or criminal case has been formally registered.

As a movement restriction, exit bans have traditionally been imposed as a blanket ban on minorities in China or used as part of China’s COVID-19 containment policy, and it is not unforeseeable for blanket bans to be imposed on an entire foreign company under investigations for espionage activity.

Four ways businesses can ensure the safety of their staff and mitigate the risks

1) Review business travel plans for expatriates travelling into China:

  • Pre-travel briefings and relevant training are critical for employees seeking to enter China for business dealings, especially in terms of the cross-border transfer of information during business engagements
  • Communication protocols should be established, with a clearly identified point of contact who can provide immediate legal and logistical assistance

2) Understand and review business plans and strategies:

  • Businesses should assess their supply chain and operations, joint ventures or other cooperations, and existing transactions and internal practices, to best avoid potential violations of Chinese law
  • A review of existing processes such as due diligence, vendor selection, recruitment, and business partnerships, is also strongly advisable. Establish a robust background check procedure to identify potential associations with organisations that could also fall foul of the legislation
  • Businesses should also be developing contingency plans to reduce the adverse impact of potential investigations under the law, as well as crisis management plans if any investigations or raids are carried out. This should include legal strategies and communication protocols, as well as any guidelines on reaching out for embassy support, local legal advice or communicating with local authorities

3) Data Processing and Protection:

  • Given increased scrutiny on cybersecurity, swotting up on Chinese data laws and regulations with the help of a Chinese legal expert is paramount. Those responsible for the safety of staff overseas need to be familiar with the types of data processing mechanisms used within the business, and whether any collection, storage, processing and transfer of information could fall under the remits of Chinese data or cybersecurity laws
  • Companies should be training their staff on data management - the collection, storing, transfer and disposal of data - as well as updating existing technologies to limit access to sensitive information
  • Well-defined procedures to identify and review the sources where data is obtained from and going to should be established, as well as implementing measures to mitigate the spread of sensitive information. Such protocols should include appropriate escalation measures and designated points of contact. Consider implementing a data classification system to distinguish between sensitive and non-sensitive information

4) Stay abreast of legal, political and economic developments:

  • Stay abreast of legal and economic developments. Complying with certain non-Chinese laws in daily business transactions, such as the US Uyghur Forced Labor Prevention Act (UFLPA) or other global export controls or sanctions targeted at China or Chinese industries, such as in relation to the advanced semiconductor technology industry, may heighten the risk of non-compliance with China’s counter-espionage laws
  • Stay up to date on any political developments, especially on tensions between China, the United States, and Taiwan. Foreign firms with civilian and military business units, or who deal with information related to technology and defence, are at heightened risk of being targeted by Chinese authorities under the counter-espionage law.