In 2017, in a policy initiative driven by President Xi Jinping, China laid the foundation for its digital sovereignty framework with the Cybersecurity Law (CSL). The Chinese approach to digital sovereignty, a national governing framework overseeing how information must be handled and how technology may be used, shares many of the principles and requirements of digital sovereignty frameworks elsewhere, such as the EU’s GDPR or Singapore’s Cybersecurity Act. But China’s approach differs dramatically in the breadth of its application and the depth of its impact to both the public and private sectors in China.

In recent years and culminating in 2023, China’s digital sovereignty framework has reached a level of maturity where its impact is no longer theoretical. Cybersecurity is now regulated in China, with implications for how international firms comply with and implement these requirements. Managing information has become more complex as regulations governing personal information have been expanded with administrative controls over cross-border data transfers. Firms are further challenged by vague regulations governing what the government describes as “important data”.

This challenging regulatory environment has occurred just as international firms are undertaking digital transformation programs. International firms are pursuing digital strategies involving cloud services, enhanced systems integration and adopting new automation technologies. For firms with operations in China, its digital sovereignty program complicates these digital strategies. China’s tightening information handling and technology regulations are designed to control not only cross-border information flows, but also cross-border services and in some cases technology.

As global firms look to become more efficient and effective through digitization, the China market has quickly become an exception to those initiatives. Balancing local digital sovereignty requirements with global digital strategies is the challenge firms face in China today.

Join Jim Fitzsimmons, Principal at Control Risks for this off-the-record breakfast meeting on China’s digital sovereignty program and the implications for international firms operating there.

In the session, Jim will:

• Provide an overview of the regulatory environment today
• Discuss the regulatory risks they introduce to international firms operating in China
• Identify best practices and practical compliance approaches used by firms in China today
• Discuss how firms are navigating the tension between their digital strategies and China’s digital sovereignty