We recently dealt with a technology company that contacted one of our China lawyers months after already having started selling its software product into China. It came to us seeking help in deciding whether to continue selling its software from the United States or to form a China WFOE and start selling through that entity.
But the first thing we told this company was that selling their software in China violated both China’s data privacy laws and U.S. export control laws and that it should cease as quickly as possible. It had simply never occurred to this company that what it could sell legally in the United States would be illegal (on two counts) for it to sell to China.
Before entering any international market, particularly one as different as China, companies should research and understand their legal compliance requirements. This is particularly true for technology companies because both China and the United States have laws focused on high technology.
The two sets of laws that tripped up this particular company are the two sets of laws we most frequently see American high tech companies ignoring when looking to sell into China: U.S. export control laws and China data protection laws.
Many know that the United States prohibits product selling a wide range of products to countries like Syria, North Korea, Cuba and Iran, but few seem to realize is that there are prohibitions on selling various products to China (and many other countries) as well. The Export Administration Regulations deal with the sale of software that may require a license or other exemption from the United States government. These regulations apply to software both physically shipped and electronically transmitted overseas. Whether a technology company requires an export license under EAR depends on the nature of the product, its intended use, its end-users, and on the country to where it is being exported. Failing to comply with EAR can lead to civil penalties of up to USD $250,000 per violation and criminal penalties up to USD $1,000,000, plus up to twenty years of prison time per violation.
China data protection laws also often come into play for American (and other foreign company) technology companies selling their product to China. China has very strict data privacy laws (see e.g., China Anti-Spam Laws) and it is critical that you comply with its data privacy and data security laws. Making compliance more difficult is the fact that China does not have not yet have a comprehensive law or regulation for personal information protection; this means that you need to be aware of and research a whole host of laws to know whether what you are doing complies with Chinese law.
Bottom Line: Do not ship or transmit your software or other technology product to China without first making sure that doing so complies with both your own country’s laws and those of China.