On 30 June the Federal Communications Commission officially designated telecommunications companies Huawei and ZTE as threats to national Security. Chairman Ajit Pai specifically cited overwhelming weight of evidence towards possessing serious security threats against America’s communications network owing to both the company’s close ties to the Chinese Communist Party and China’s military apparatus.
A lot of objection was also raised questioning the rationale of the Indian Government when a similar measure was taken to ban the use, operations, and downlink of 59 Chinese Mobile Applications.
What is more significant in the aforementioned issues is a clear understanding of The Chinese National Intelligence Law (NIL) which was brought into force in the year 2017 and was subsequently amended in the year 2018 by People’s Republic of China. On lighter note, remember the references in fantasy novels and mythical folklores that speaks about how you must sign a soul binding contract with a wizard to become an ally of a dragon? (Most of the times it turns out that the contract was a sinister play) Well, it can be safely presumed that The Chinese National Intelligence Law is that specific soul binding contract.
Let us evaluate the law in question unambiguously in terms of the following lines:
1. How exactly NIL binds a company which qualifies and quantifies as a Chinese Subject?
2. Can the application of NIL be extended to foreign subsidiaries of the subject beyond the territorial jurisdiction scope of People’s Republic of China?
3. To what extent shall the subsidiaries be bound to override the domestic data protection and privacy regulations?
4. What is the scope and interpretation of “Citizen” and “Organisation” as mentioned in The Chinese National Intelligence Law?
To answer the pertinent questions, its warranted that we refer to the bare reading of the provisions of the NIL which are detrimental in nature if a Chinese business entity is allowed to operate in a country who is exactly not in good terms with the People’s Republic of China:
• The general provisions ( Chapter 1 ) makes it impeccably clear that the National Intelligence Work commissioned vide the concerned law aims to build an extensive network of sub-entities that coordinate, monitor, regulate and extract information from the “ subjects” of China ( including private citizens and corporate entities ) through a constitutionally mandated legal framework. The reasons for soliciting such information from anyone/everyone is completely at the discretion of the National Intelligence Work. There is absolutely no statutory bar within the NIL to have any control / regulation / checks / provisos / restrictions for the National Intelligence Work from soliciting information or to pre-mandate data and intel sharing from any individual or entity who is a Chinese Subject save Article 31 which is merely a showtusker as preventive cursory against the officials from benefitting themselves. The law is absolutely silent to any data Privacy Norms and Regulations including the tenets of the Tallin Manual or any/all such international data security covenants and principles which is generally adhered to by majority of the nations while soliciting data or regulating information from any business entity.
• Article 11 draws special attention wherein it says that the State Intelligence work institutions shall collect and handle the works of even foreign institutions or individuals that are implemented or instructed or funded by others or colluded by domestic and foreign institutions organisations or individuals. It further defines that any denial of divulging the information shall paramount to punishable offence. This read with Article 12 and Article 14 provides unrestrained power to scope out any information or to direct any entity that qualifies under Article 7 to engage in any such activity as directed by the National Intelligence Work / State Intelligence Work.
• Article 27 along with subsequent articles of Chapter IV enlists serious liability repercussions if a specific entity /individual does not comply with the instructions of the National Intelligence Work / State intelligence Work.
• Article 7 says that “All organisatio ns and citizens shall support, assist, and cooperate with national intelligence efforts in accordance with law, and shall protect national intelligence work secrets they are aware of.”. NIL applies to any/all Chinese groups including their subsidiaries across any foreign territory. NIL also mandates that any parent Chinese company shall also bind the subsidiaries to share the information with them which in turn shall be provided to any governing entity under NIL as and when asked for. Any deviation from the same will deemed as a statutory offence under NIL. It is also important to mention that NIL applies to all organisations in China irrespective of any form of ownership (public / private). It also applicable to those Chinese citizens who are shareholders in any foreign company.
• There is no geographical territorial location limit on the applicability of the NIL unlike other Cyber Security Laws. It extends to any citizens of China in contrast to the wording “Citizens / Entities within the territory of People’s Republic of China”. Article 33 of the constitution of People’s Republic of China defines “all persons having the nationality of PRC are citizens of PRC”. Hence a bare perusal of legal interpretation of the word would refer to any/all Chinese nationals irrespective of whether they are within the territory of China or not.
• The term “organisation” as defined also has a different connotation than what was originally intended in the first draft of NIL. The original definition was quite specific in nature which enlisted the type of entities to be deemed as an “organisation”. It said, “All state organs, armed forces, political parties, social organisations, enterprises, public institutions and citizens”. The NIL in its current form instead applies to any/all organisations including but not limited to individual corporates, public bodies, NGOs, confederation of companies, consortiums et all irrespective whether they are head quartered at China or not. The commercial international law perspective always has a territorial jurisdiction limit. The customary international law nonetheless provides scope for such application. However, the construction of the terms used in NIL or rather the absence of definition is quite different from other existing legislations of PRC. In regular legal parlance of international law, extra territorial jurisdiction extends under special circumstances with a limited scope contrary to how NIL exercises its jurisdiction.
• NIL only exhumes in its application if and only if not a single controlling entity/individual along with subsidiaries is within the definition of Article 7 of the same.
Having considered the legal implications of NIL, it can safely be presumed that there exists an undeniable potential threat in allowing any Chinese entity to operate within one’s territorial jurisdiction if one has any levels of dispute with China. It goes unsaid that the threat perception is not misplaced at least in legal terms. Off course one may argue that the operations can be monitored and regulated in terms of data security and privacy norms within the domestic legal framework of a particular country , yet at the same time we can’t ignore the red flag in almost literal terms that invokes NIL’s applicability over a particular subject. The threat is significantly higher when the entities belong to telecommunications and technologybased applications.
Siddharth Nayak is founder & managing partner, Atharva Legal LLP & Gyananedra Mishra, co-founder & senior managing partner, Atharva Legal LLP.