China cyber lawyers cyberlawMany international companies that operate in China have Chinese websites and some kind of network system, whether for selling their own products or solely for internal use. In many cases, these websites and internal systems are hosted on servers outside China. I and the other lawyers on our China cyberlaw team are frequently asked whether a company that collects personal information within China must store that information within China.

The short answer is yes.

China’s Cybersecurity law took effect last year and it requires critical information infrastructure operators (CIIOs) to store personal information and important data collected and generated within the territory of the PRC. Whether a network operator is a CIIO typically depends on its industry and on how much a data breach would harm the public interest. Network operators in industries like public communication and information service providers, energy, finance, and public services are more likely to be considered CIIOs.

China is also in the process of establishing rules for cross-border transmitting of personal information and important data via draft Measures for Security Assessment of Cross-border Transfer of Personal Information and Important Data (个人信息和重要数据出境安全评估办法, the Measures) and draft Guidelines for Data Cross-Border Transfer Security Assessment (数据出境安全评估指南, the Guidelines). Under the existing drafts, the Measures and the Guidelines will apply to any company that is a network operator engaged in “domestic operation.”

The term “network operator” is defined to include any person or entity that owns and manages any network and also network service providers. If a company uses its internal network for its internal company operations and uses its company website to provide information to its customers and this system and website are owned and managed by its foreign parent, the foreign parent company is a network operator.

Under the Guidelines, domestic operation means providing products or services within China. A foreign network operator that is not registered in China but provides products or services to customers in China is engaged in domestic operation and will be subject to China’s cross-border data transfer requirements.

The Guidelines also set forth how to determine whether a foreign company is engaged in domestic operation. The factors that will lead to such a finding include using the Chinese language, settling payments with RMB, and delivering or distributing products or services to China citizens or companies. If one or more of these exist, a foreign company will be deemed to be engaging in “domestic operation” and therefore will be required to conduct a security assessment before engaging in any cross-border transfer of personal information and important data. But a network operator located in China that provides only products or services to foreign entities and whose operation does not involve any personal information of Chinese citizens or important data will not be considered to be a domestic operation and therefore will not be subject to China’s cross-border data transfer rules.

China Cross-Border Data Transfer Requirements.

Non-CIIO network operators may transmit personal information to a server located outside China so long as the subject of the relevant data has consented to such transmission and so long as the entity (usually a company) that initiates the transfer has undergone a security assessment regarding its data transfers. These requirements are laid out in the Measures and the Guidelines.  The company should conduct the security assessment, either by itself or engaging a third-party professional service provider.  Report of such assessment shall be kept for at least two years. In certain circumstances, the relevant industry regulator will review the assessment.  

Under Article 7 of the second draft of the Draft Measures, the relevant regulatory authority will conduct when the data transfer involves any of the following:

  1. Data containing or accumulatively containing personal information of more than 500,000 individuals
  2. Data related to nuclear facilities, chemical biology, national defense, or military, population and healthcare
  3. Data related to large-scale engineering activities, the marine environment, or sensitive geographical information
  4. Data related to the cybersecurity information of key information infrastructure, such as system vulnerabilities and security protection measures
  5. Other factors that may potentially affect China’s national security and public interests
  • The Required Consent

To transfer personal information outside China, a network operator must first obtain consent from the subject of the personal information. This consent must either be in writing or by some other sort of affirmative action by the subject of the data. Consent can be achieved by, for example, an online pop-up notification asking the data subject to click yes or no, or by sending a text message to the data subject requiring a “yes” or “no” reply to the cross-border transfer.

Consent can be implied in certain circumstances, such as making international calls, sending an email internationally, international instant messaging, and conducting cross-border transactions via the Internet.

  • The Required Data Security Assessment

The Measures require the company transmitting personal information and important data outside China to conduct (or use a third party to conduct) a security assessment of the cross-border data transfer system it will use to send the personal information and important data. Industry regulators or regulatory authorities will be responsible for monitoring these assessments and they shall do their own cross-border data inspections “regularly.” According to the Guidelines, when there are multiple entities involved in an outbound data transmission, the entity that initiates the transmission shall conduct the security assessment.

Only one security assessment is needed for “continuous” cross-border transmissions. If two separate data transfers occur within a year and the purpose and recipient of both transfers are the same, and the scope, type, and quantity of information are similar, these transmissions will be considered “continuous.” Take for example, a Chinese subsidiary of a foreign retailer that collects its customers’ personal information on any initial order and then transmits that information to its foreign parent company. This sort of transmission may happen instantly many times every day with the receiver, scope and type of information remaining the same. These transmissions would likely be considered continuous and therefore not require a separate security assessment for each single transfer.

In my next post I will provide more on the nuts and bolts of what foreign companies that are doing business in China need to do to comply with China’s cybersecurity and internet privacy laws.

China Lawyers
China Law Blog gets “social.”

When we first started this blog it was not unusual for us to get hundreds of comments on one post. Changes in how people see our posts — more than half of you read us via feeds or by email — and the importance of social media have meant fewer comments. But though the number of people who see our actual website has declined, our readership continues to increase and the range of the China Law Blog “online empire” keeps widening as well.

As part of all this we have ramped up what we do on social media. We have a thriving China Law Blog Group on Linkedin that serves as a 99.99% spam-free forum for China networking, information, and discussion. This group is always growing and it will soon hit 12,000 members. More importantly, the number and quality of the discussions keeps growing as well.

We have had some great discussions, as evidenced both by their numbers (we’ve had discussions with 50-100 comments) and their substance. Our discussions range from people asking and try to answer questions like, “why is it so difficult to do business in China” or ”what do I need to do to get my Chinese counter-party to not breach my contract” to the ethereal, like “when will we know China is taking innovation seriously?”

The group is nicely split between those who live and work and do business in China and those who do business with China from the United States, Australia, Canada, Europe, Africa, the Middle East and other countries in Asia. Some of our members are China lawyers, but more than 90 percent are not. We have senior level personnel (both China attorneys and executives) from large and small companies and a whole host of junior personnel as well. We have professors and we have students. These mixes help elevate, enliven, and enlighten the discussions.

What truly separates us from most (all?) of the other Linkedin China groups is how we block anything and everything that even smacks of spam. We have become so proficient at not allowing spam to show up on the discussion page that it is the rare person who even tries to tempt fate by trying to sneak anything past us anymore.

If you want to learn more about doing business in China or with China, if you want to discuss China law or business, or if you want to network with others doing China law or business, I urge you to check out and join our China Law Blog Group on Linkedin. The more people in our group, the better the discussions, so please go here and join us!

Our China Law Blog Facebook page, which until only fairly recently was little more than an afterthought, has more than doubled its followers in less than a year. It has more than 22,000 followers and it is the rare post that does not engender discussion, often heated. With no government there to restrain us, we can be a lot more free-wheeling there than anywhere else and we do take advantage of that. Our Facebook page deals with China law to be sure, but it also deals with politics, tourism, food and fashion, business, culture, language, and just about anything else related to China. Our goal with that page is to educate and entertain. Please check out our Facebook page by clicking here.

And last and admittedly least, after a three-year hiatus, I am back on Twitter and I occasionally post there as well, especially to promote my own law firm’s China and international events. Click here for that.

But above all else, on all of our sites, we always do and we always will encourage our readers to share their thoughts and their comments.

China IP lawyersChina (Shenzhen mostly) is the primary destination for manufacturing of small electronic consumer products. And since Internet of Things (IoT) products are red hot, this means our China lawyers get a steady stream of China IoT legal matters.

The big issue we most often see is this: the IoT product has now reached the mass production stage and is being produced in large quantities. Now that it has a commercial product, the U.S. or European (usually) buyer now seeks financing for its start-up company. The financier (be it angel, VC, private equity, or even someone’s father-in-law) then asks who owns the intellectual property in the product? With the rise of the Internet of Things (IoT), this question is often difficult to answer definitively.

How did we get to this point where the IP rights of a product are so often vague? The process has worked its way through three general stages:

Stage One. In the good old days (roughly 1981 to 1995), the situation was simple. There were two possibilities. In the first, the Chinese manufacturer made a standard consumer product. The foreign buyer purchased that existing product and perhaps required the Chinese manufacturer take the extra step of placing the buyer’s own trademark/logo on the product. In that setting, ownership of the intellectual property was clear: the Chinese manufacturer owned the product design and the foreign buyer owned its trademark/logo. In the second, the product was a long standing, well developed product of the foreign buyer. The foreign buyer brought the completed product to the Chinese manufacturer and contracted with the Chinese manufacturer to make a copy. In that setting, ownership of the intellectual property was clear: the foreign buyer owned all the intellectual property and the Chinese manufacturer owned nothing.

The simplicity of this sort of relationship encouraged the somewhat lazy practice of documenting the entire manufacturing relationship with purchase orders. NNN agreements, product development agreements and OEM agreements were seldom used, since IP ownership was clear and the price and delivery terms were resolved via the purchase orders. This approach would often lead to product defects, but that is for another post.

Stage Two. In stage two (roughly 1995 to 2015), a new form of manufacturer-buyer relationship developed. Foreign buyers began coming to China with no completed project in mind; they instead would come with a product idea or proposal. The foreign buyer would then work with the manufacturer to co-develop a product. In some cases the Chinese manufacturer would simply take a completed prototype and commercialize that prototype for mass production. In these cases, the foreign buyer arrived with little more than a basic idea and the two sides worked to co-develop the product. See China Product Development Agreements, for pretty much everything you need to know about China product development agreements.

The Chinese manufacturer usually would perform the product development work at its own expense, with the implied agreement being that it would be the exclusive manufacturer of the product. This co-development process typically used the same lazy “purchase order only” approach from stage one. This approach then led to the many issues we see today that make answering the “who owns what IP” question so difficult. To do the co-development process properly, the parties must define their relationship with three agreements: 1) an NNN Agreement, 2) a Product Development Agreement and 3) an OEM Agreement.

When these agreements do not exist, a standard set of issues arises: Who owns the product design? Who owns the molds and other tooling? Who owns the manufacturing know-how and similar trade secrets? If the buyer decides has the product made by a different Chinese factory, what compensation is owed to the Chinese manufacturer that co-developed the product? What are the  Chinese manufacturer’s obligations to comply with the foreign buyer’s price and quantity requirements? If the Chinese manufacturer terminates its relationship with the foreign buyer and manufacturers the product under its own trademark/logo, is this a violation of any agreement between the parties? Absent clear written agreements, none of these questions have clear answers. In these unclear situations, the Chinese factory will nearly always be in a much stronger position than the foreign buyer and the Chinese factory will typically prevail in any IP dispute.

Stage Three. In stage three (2015 to today), we arrive at the IoT era. In designing, developing and manufacturing consumer products for the IoT market, the already unclear and problem-filled relationships of the stage two era are now magnified. In the IoT era a whole new set of issues has arisen. In the stage two era, there was at least the simplicity of two entities designing and/or manufacturing a single product. In the IoT era, the situation is considerably more complex. In most of the IoT projects we have done, the development process has expanded to include the following:

1. Product “concept” from the foreign (usually United States or European) buyer.

2. Product external design, from an international design firm.

3. Internal design and function, owned by:

a. The foreign buyer;

b. The Chinese manufacturer;

c. The provider of sensors and other components required to connect the IoT product to an outside network.

4. Design of the IoT product “app” (usually for smart phones). This involves two completely separate sets of software: the communication sending software residing on the IoT product and the communication receiving software residing in the application. In the same manner as the internal design, these software components may be written/designed by multiple parties: the foreign buyer, the Chinese manufacturer and (quite often) third party software design firms.

What happens then when the product is complete, and manufacturing is ready to start and the foreign buyer starts to seek funding: The funding source almost invariably will ask who owns the IoT product? Who owns its underlying IP? What our China lawyers have far too often found when we ask the foreign buyers these questions is that they usually don’t really know.

This “we don’t know” response does not sit well with potential sources of serious financing. Even worse, when the foreign buyer is pushed to answer the question, it becomes clear that it is not clear who owns the new product. Far too often the only ownership issue that is clear is that the one entity that the foreign buyer is the one entity that does NOT own the rights to the product. Even worse, it is usually not possible to fix the situation by this point.

Bottom Line: As manufacturing in China and the IP issues attendant with that become more complex, it becomes even more important that you have clear written agreements that answer the obvious IP questions in advance. It does not make sense for you to devote your time and your energy and your money developing an IoT product for someone else to own.

For more on the issues involving China and the Internet of Things, check out the following:

Artificial Intelligence AIFor more than a decade, the Chinese government has been working to push the Chinese manufacturing sector up the value chain. More recently, the push from the central government has become more formalized, resulting in the 2015 issuance of the State Council manufacturing modernization manifesto: Made in China 2025《中国制造2025》(State Council, July 7, 2015). Made in China 2025 focuses less on the types of products to be manufactured and more on the methods of manufacturing. It is okay to continue making rubber duckies, so long as the process for doing so is modernized. That is, massive automated factories churning out thousands of identical items with minimal human intervention.

The Chinese government has made clear it believes the largest and most successful manufacturing companies in the world have achieved that status in large part through software/information technology. This has led China to focus on artificial intelligence (人工智能). The Chinese government experienced what Will Knight at the MIT Technology Review has termed China’s AI Enlightenment. The process started with the issuance by the State Council of A Next Generation Artificial Intelligence Development Plan (新一代人工智能发展规划 July 8, 2017) setting forth a plan for AI development in China. The plan will progress in three stages, concluding in 2030. The final goal is ambitious: by 2030, China’s AI theories, technologies, and applications will lead the world, making China the world’s primary AI innovation center.

We are now in Stage 1 of the AI Plan, covering the period from 2018 to 2020. The first stage plan has been issued by the PRC Ministry of Industry and Information Technology (MIIT). The plan is set out in the Three-Year Action Plan for Promoting Development of a New Generation Artificial Intelligence Industry (2018–2020) (促进新一代人工智能产业发展三年行动计划 (2018-2020年)(December 12, 2017, Ministry of Industry and Information Technology (MIIT), Science and Technology Department).

Artificial intelligence is a vast field. The term means many things to many people. To cut down the field and make its objectives clear, the 3 Year Plan proposes concentrating on seven technical sectors:

  1. Intelligent Connected Vehicles (ICV) (智能网联汽车). It has long been a goal of the PRC government to push its huge but technically primitive domestic auto manufacturing sector into new directions. The electric car program has not been successful, so MIIT has begun to push ICV technology. This is embodied in its recent Guide for Establishing an ICV System (Discussion Draft) issued by MIIT in June, 2017 ( 智能网联汽车 国家车联网产业标准体系
    建设指南 (智能网联汽车)(2017 年)(征求意见稿)(MIIT, June 12, 2017)
  2. Intelligent Service Robots (智能服务机器人). This is not manufacturing robotics and automation.
  3. Intelligent Unmanned Arial Vehicles (UAV, i.e. drones) (智能无人机). This focuses on drones rather than self-driving vehicles (passenger autos and trucks).
  4. Computer Aided Medical Imaging Diagnosis Systems (医疗影像辅助诊断系统). If China cannot develop more doctors, maybe they can automate the diagnostic systems.
  5. Video Image Recognition (视频图像识别). This technology includes facial recognition, a major focus of recent PRC government efforts for surveillance and control.
  6. Artificial Audio Intelligence (AAI) (智能语音). This is a major focus of Tencent/Wechat as part of their most recent cloud computing platform. In the U.S., this sector is focused on smart homes. It is not clear what Tencent is planning.
  7. Computer Translation (智能翻译). AI got its start at MIT with John McCarthy in the 1950s. A major focus of the MIT project was machine translation. They failed, setting AI research back for decades. The problem still has not been solved.

Many of the hot topics in AI are not mentioned in the Three-Year Plan. For example, there is no mention of machine learning, neural networks, custom AI IC chips and other recently fashionable technologies. Perhaps this is being done and simply has not been mentioned. Or perhaps the list of potential projects has been pruned to allow for more focus. As I have noted above, some of the choices are surprising, focusing on problems different from what we might expect.

It is always difficult to know what conclusions to draw from PRC government issued development plans. The typical plan is full of buzz words and lofty aspirations and short on specifics, like who will do it, how will it be done, and how will funding be arranged? The Three-Year Plan is no different. In fact, the ratio of buzz words to concrete planning is higher than in most.

In this case, by looking at the list of fields that will be promoted, we can though gain at least some insight into the current direction of AI development in China. The key thing to understand is that AI development is already taking place in China. Chinese companies like Baidu and Tencent and Alibaba are not waiting for government support. They are obtaining funding outside China and they are moving forward aggressively in developing products in the AI sector.

I see two big questions regarding AI in China. One, will Chinese universities and company R&D departments develop the theoretical underpinnings of AI, or will the Chinese remain dependent on the research done in other countries? Two, as with information technology in general, the AI sector in China is dominated by private companies neither owned nor controlled by the Chinese government. This lack of control has allowed these companies to take an innovative and market directed approach toward their development of AI. Will the Chinese government allow this independence to continue and what will be the impact if the government seeks to get more directly involved in these private companies?

How do you see the future of AI in China?

 

China online gaming lawyers
China online gaming laws. It’s complicated.

Online gaming in China is subject to the same overall regulatory framework that applies to software as a service (SaaS) in China.

The regulatory framework comprises no less than a dozen key components that have developed over the past twenty years or so. The development has not evolved neatly. Earlier regulations have not been comprehensively replaced or modified by later regulations. Rather, the development has been somewhat haphazard; with an apparent tension between the various authorities competing for control of the relevant sectors. A painstaking chronological analysis is therefore required to discern those threads surviving or running consistently throughout. As is always the case in China, the regulatory framework includes certain inconsistencies and loose ends, and the authorities may not always interpret the regulations in a manner consistent with a plain reading.

We explored these regulations in Selling SaaS in China: Resistance is Futile. As we noted in that post, the lawful delivery of SaaS in China requires a platform hosted on a server located in China and operated by a Chinese-owned entity. The operating entity must have direct contact with Chinese consumers and must have the required licenses and approvals. A system is required for the proper handling of the gamers’ personal information in accordance with Chinese cyberlaw.

Foreign online gaming companies often balk at these restrictions or expect simple workarounds.

One popular but flawed workaround involves a “variable interest entity,” or “VIE.” There are still people in the tech sector who believe these entities can be used to overcome the regulatory hurdles. A VIE involves Chinese partners holding assets on behalf of foreigners in sectors from which those foreigners are excluded. These structures are unsupported by law and the sector perception is based on myths and legends and history that no longer jibes with the present day. Our China lawyers have seen companies waste a lot of time and money on illegal structures over which the foreigners have no effective control.

Another flawed workaround involves delivery of online games to Chinese nationals from foreign servers. This is popular because it circumvents the requirements on what needs to be housed on Mainland servers. In taking this route, many foreign gaming companies ultimately compromise their access to the Chinese gaming market. Most Chinese do not use VPNs, so the foreign servers are hard for them to locate and are even harder for the foreigners to properly market. Foreign gaming companies also run the risk of having their games blocked when they are distributed this way.

For these reasons, we conclude that resistance to the regulations is futile. Especially if you are a serious player.

To gain full access to the Chinese market, online gaming companies must comply with the regulations by identifying and co-operating with the right Chinese companies. The biggest problem is usually finding an appropriate Chinese partner or licensee — one with all of the required licenses and approvals. We have identified and analyzed the requirements an appropriate Chinese company must satisfy. Not less than 6 separate licenses and permits are required. As is so often the case in China, confirming whether a Chinese company has (or could hope to have) these licenses and permits is a relatively simple matter of due diligence. Again, we see a lot of time and money wasted on deals with Chinese companies that lack the necessary capacity.

In most instances, the only PRC companies with the capacity to obtain the necessary licenses and permits are major internet service providers with established gaming platforms. Proper marketing to Mainland gamers will be effectively impossible without the involvement of such companies in any event. Typically, these companies will expect the foreign game supplier to provide a turnkey or pre-installed solution and to give them an interest in the underlying technology and game IP. They will also take a certain share of gross receipts. So, even when you’ve found a Chinese company with the necessary capacity you need to understand their commercial requirements well in advance so you can decide whether they even make sense for you.

China online gaming laws
China online gaming laws

About a month ago, the Game Publishing Committee of China’s Audio-Video and Digital Publishing Association (中国音数协游戏工委) reported that China’s State Administration of Press, Publication, Radio, Film and Television (SAPPRFT) “holds a negative attitude” toward last-man-standing games like PLAYERUNKNOWN’S BATTLEGROUNDS (aka PUBG) and it would be difficult for this type of game to obtain a publishing permit in China. As we all know, “difficult” does not mean “impossible” and China’s gaming giant Tencent Holdings Ltd. has announced it will be bringing PUBG to China with a “socialist makeover.”

Though many gamers in China have had chicken dinners, PUBG has never been officially imported into China, meaning no Chinese government approval or local servers. Chinese gamers purchase PUBG (and many other games) through the widely popular gaming platform, Steam and play on servers hosted somewhere in the world other than China, like the US. This sometimes causes unstable network connections. Therefore, an official import is in demand.

  1. China prohibits Foreign investment in online game publishing.

As a basic rule, foreign companies are not allowed to invest in online game publishing in China. Reiterated in the 2016 Administration Rules for Online Publishing Service (2016 OPS Rules), online games are considered online publications and offering such publications via information networks is providing online publishing services. According to the Catalog for the Guidance of Foreign Investment Industries (revised in 2017), online publishing services fall under the industries where foreign investment is prohibited. Foreign developers, therefore, are prohibited from selling or operating online games directly in China.

  1. Licensing is key

Due to the restrictions stated above, foreign game developers must partner with a Chinese entity to enter the Chinese gaming market, and licensing is the way to go.

In choosing a China licensing partner, you want to first find out whether your potential licensee is qualified to sell and operate online games in China. Ideally, this potential licensee should own an Online Culture Business Operation Permit (网络文化经营许可证) and an Internet Publishing Service Permit (互联网出版服务许可证). If the licensee does not have these permits, it will not be able to apply to import foreign online games.

You will also need a solid licensing agreement to protect your legal rights and economic benefits. What we have previously discussed on China licensing agreements remains important and you should read the following:

Once a licensing agreement has been signed, the Chinese licensee will be in charge of registering your game with the Copyright Protection Center of China, applying for import approval, and the actual operation after the approvals. Since you as the foreign game developer will not be directly involved in these steps, it is critical you choose a Chinese partner capable of going through the complex approval process and operating your game smoothly.

  1. Approval authorities and content review

If you remember the fight over World of Warcraft years ago, you already know that GAPP (predecessor of the SAPPRFT ) and the Ministry of Culture (MoC) both asserted authority in approving the import of foreign online games.

As of now, approvals from both agencies are still required according to the 2016 OPS Rules and the Interim Measures for the Administration of Online Games promulgated by the MoC in 2010 (2010 Interim Measures). MoC focuses on the “cultural” perspective of the game, while the SAPPRFT focuses on the “publishing” side of things. Other than the nominal difference, it is unclear as to the exact role each of these two agencies plays in the approval process.

Overall, contents of online games are subject to censorship and games submitted for review must be fully developed and in their final operational version (or public beta version). The standard of content review is unclear. A few examples that may cause a failure to obtain approvals or the Chinese government to require further changes to a game include excessive violence, obscenity, compromising territorial integrity of the state (e.g. marking certain areas as independent countries), or discrediting the Chinese army. Again, an experienced Chinese game operator should be able to help the foreign developer avoid common pitfalls.

China’s online gaming industry is booming despite heavy regulations. Valued at $24.6 billion in 2016 (or more according to different market research reports) and growing. Like really growing. Strategic planning, choosing your Chinese partner wisely, and carefully negotiating and crafting your licensing agreement are nearly all that you need to navigate through this battlefield and earn your “chicken dinner.”

 

China Software as  Service SaaSThe market for software has shifted to the cloud. Using the Internet cloud, software products are no longer delivered as compiled programs installed on physical devices. The software is delivered online as an Internet-based service. This is known as Software as a Service (SaaS).

SaaS works fine when confined to the Internet of a single country or region such as North America or the European Union. The core concept of SaaS is that an open Internet exists on which SaaS can be built and delivered. But what happens when companies attempt to deliver SaaS into a closed Internet system?

That is the ultimate issue in providing an SaaS product in China. SaaS products not approved by the Chinese regulators are either blocked or in danger of being blocked. Gmail, Google Docs, Dropbox, and GitHub are all examples of SaaS products that are always at risk of being blocked in China. For SaaS products housed on servers located outside China, Chinese regulation makes active commercial exploitation difficult.

This applies to new SaaS products. Both IBM and HP are planning to roll out SaaS-based blockchain products. HP even calls their new offering “Blockchain as a Service.” Almost by definition, the blockchain system is intended to be global. But what happens when that service hits the closed Internet of China?

There is essentially only one way to deliver SaaS in China. The system must be housed on a server located in China and be licensed to a Chinese owned entity that has direct contact with Chinese customers.

The China server/China licensee model works like this:

1. The SaaS software is housed on a server located in China. This means the Chinese government will at all times have the right to access the server and inspect the contents of the software and all related data and information.

2. The SaaS service typically must be provided by a Chinese owned entity even though the regulations suggest this entity may be a Sino-Foreign joint venture.

3. The SaaS service is licensed to the Chinese entity in accordance with a very expensive and restrictive set of minimal requirements.

4. The SaaS software/platform has received the required approvals.

It has been difficult for many foreign SaaS developers to accept that the China server/China license model is in most cases the only way to sell SaaS products to Chinese consumers but the major SaaS players have already figured this out.

For example, the developers of video games have always been plagued by pirating in China. Game developers moved to the online model and developed the Massive Multiplayer Online Game model (MMOG), which is a form of SaaS. All of the major U.S. MOOG game developers now deliver their product in China using the China license model:

  • Valve Software’s Dota 2 is provided in China by Perfect World.
  • Blizzard Entertainment’s World of Warcraft is provided in China by Netease.
  • Riot Game’s League of Legends is provided in China by Tencent.

In the field of business software, Microsoft provides its Office 360 and Azure cloud service in China through a license with 21 Vianet.

Having accepted that a license in China is required, the real difficulties begin. The Internet infrastructure in China is quite advanced and due to the work of 21 Vianet and others, there is plenty of server space and bandwidth available for effective delivery of even the most complex SaaS products. The success of MOOG products in China is proof of this.

The real problem in China is in finding an appropriate partner/licensee. For the Chinese entity, operating as a licensee is expensive and technically demanding. So the real challenge in China is to find a licensee that is a) willing to take on the burden, b) has the technical capability to do the work, and c) the financial ability to take on the burden of ICP licensing, obtaining and maintaining approvals and then operating the complex server and software systems. Finding a willing licensee is oftentimes difficult for small SaaS systems and start-up products with no existing base of customers to provide immediate cash flow for the licensee.

For large, established SaaS providers, the issues are different but still significant. In this setting, due to the advanced technical requirements, the licensee will often be a direct competitor. So the challenge for large SaaS developers comes from managing the business in China, in protecting IP, and in dealing with the development and marketing of spin-off products. For many SaaS developers, these spin-off products are where the real value is generated.

In trying to evade the rules to avoid the China server/China licensee requirement, foreign SaaS developers are missing their opportunity to access the Chinese market. The real challenge is in finding ways to work within the China system in a way so the foreign SaaS developer both remains in control and earns a profit from China.

So resistance to China’s system for foreign involvement in SaaS is futile, but success is possible, so long as you get clear on what needs to be done.

China e-commerce law
Earlier this week, in China E-Commerce: Resistance is Futile, we set out what will likely be the new rules for foreign.

I could not have scripted better responses to that post as I personally received emails from what I would describe as “both ends of the spectrum.”

The first email is from a European businessperson I know who has been doing business with China for 25+ years and living in China for at least a decade. He has become pretty cynical about China and the focus of his email was on how China is setting everything up to “screw us foreigners”: Here is his email:

Great post as usual. It nicely encapsulates what I see happening here with everything. China is re-writing its laws to make its own companies rich and to screw us foreigners.

On the flip side, I got the following email from a very experienced China lawyer essentially saying nearly the opposite:

Exactly. The intelligent way to approach China is to figure out what is their plan and then work that plan to your advantage. Fighting against the plan is futile. Working with the plan can result in a lot of money. Google decided to fight, and they are gone. Microsoft finally decided to go with the plan and they are still in the middle of the China system.

When I say these sorts of things I get accused of being too negative and I would bet you will get that reaction to this post. But I do not view it negatively at all. It outlines a clear plan to success in China. It’s just that the plan follows a basic path outlined by the PRC government and Alibaba and the other rules of the PRC Internet. There is lots of money to be made and there are many things to be done to make the deals and to protect IP and similar.

That was our exact point with the post. There are great opportunities to make money on China e-commerce but to do so you must follow China’s rules. You can complain about those rules all you like, but the real issue is whether you are going to jump in and seize the opportunity (flawed though it is) or not. What’s your answer?

Earlier this year, I attended Alibaba’s Gateway ’17. The theme of that event was that there is easy money to be made by Western companies selling their products on Tmall and on Taobao. There is most definitely a lot of money to be made but it is debatable how easy it is to make it. I don’t know about you, but I doubt that any of our long list of clients who are making money in or from China — be it via China e-commerce or otherwise — would ever claim it to have been easy. And yet, I also doubt that any of them would say that it has been so difficult as to not be worth it.

The bottom line is that selling your products to China consumers via e-commerce will not be as easy or as cheap as selling your products to U.S. or EU consumers. But is that enough to stop you? In our next post, we will talk about what you should do to protect your IP before you start selling online to China.

 

China e-commerce laws
China e-commerce laws

The PRC National People’s Congress last week promulgated a second discussion draft of the PRC E-Commerce Law (电子商务法草案). If you are interested in commenting, you can find the new statute and a portal for comments here.

This statute is an attempt to gain greater control over the online consumer markets. These markets have exploded in China, in a situation where there is little or no regulation. The lack of regulation has not slowed development of e-commerce in the PRC. The success of online marketing is shown by the recent results of Alibaba’s November 11 “Singles Day” online sales event. As reported by ZD Net, the results were impressive:

Alibaba Group has raked in US$25.3 billion (168.2 billion yuan) in gross merchandise volume (GMV) from its annual online shopping festival, breaking last year’s record sales by 39 percent.

Held on November 11, its Singles Day shopping bonanza this year involved more than 140,000 participating merchants, including 60,000 international brands. Some 165 of these each generated more than US$15.1 million (100 million yuan) in sales, including Gap, Nike, and Samsung, with 17 merchants exceeding US$75.4 million (500 million yuan) and six surpassing US$150.9 million (1 billion yuan) in sales.

Japan, Australia, and Germany were amongst countries with the most sales selling into China during Singles Day this year.
At its peak, Alibaba processed 256,000 transactions per second and US$1 billion (6.6 billion yuan) was processed within the first couple of minutes. In the first two hours, it registered US$11.9 billion (78.8 billion).

Overall, Alibaba processed 1.48 billion payments, up 41 percent year-on-year, and 812 million delivery orders via its logistics arm, Cainiao Network. This was 23 percent higher than last year’s 657 million delivery orders.”

As you can see, foreign products played a big part in the success of the Singles Day event. Section 5 of the Discussion Draft sets out the proposed rules for cross-border sales. The Singles Day even illustrates the way the Discussion Draft plans for the future of cross-border online sales:

1. Foreign retailers will not be permitted to directly participate in online sales in China. All online sales will be limited to Chinese owned entities that have obtained the required commercial ICP license. Though there had been some hope there would be a limited exemption to the ICP license rule for e-commerce product sales, there is no hint of such a change in the Discussion Draft. The PRC government intends to continue restricting e-commerce sales to Chinese owned or controlled entities.

2. Foreign-owned operators of e-commerce platforms will also be excluded from operating in the Chinese market. Sales of foreign products will be forced to come into China through Chinese owned or controlled platforms.

3. The Discussion Draft provisions on cross-border e-commerce focus on ensuring cross-border sales comply with Chinese law and only approved products are imported into China and all taxes and duties on those products get paid. The Discussion Draft seeks to shut down online sales as a way to import illegal products into China and to shut down online sales as a method for evading China taxes and import duties.

4. The method for control proposed by the Discussion Draft is to create highly centralized e-commerce processing centers. The China (Hangzhou) Cross-Border E-Commerce Processing Pilot Area is an example of the ultimate goal. The idea is that these centers will handle the procedures related to e-commerce: foreign purchase, shipping to China, import into China with full compliance with all PRC applicable regulations on product approval, inspection and quarantine, payment of duties and taxes, and warehousing and distribution.

The plan is to funnel all cross-border e-commerce through a limited number of processing centers, all of which are controlled by the national government. These processing centers will also be under the control of a single e-commerce sales platform. The Hangzhou Center will be controlled by Alibaba, with competing online sales giants in China presumably establishing and controlling their own competing centers. This would be the opposite of the freewheeling approach that typifies e-commerce development in the U.S. It is though quite consistent with the current domination of retail e-commerce in the U.S. by a limited group of large players.

The success of the Alibaba event shows that the model envisioned by the Discussion Draft is already fully functioning. Foreign retail brands were excluded from direct sales. They were instead funneled through the single channel provided by Alibaba. Alibaba assumed all liability for compliance with PRC rules and regulations. No foreign entity was involved in any way with the actual direct sale of its product or with any direct relation to any Chinese consumer; all of this was handled by Alibaba.

This is the future of e-commerce in China. For foreign brand owners that want to penetrate the PRC online sales market, the Discussion Draft makes clear how the system will work.

Resistance is futile.

China cyber law
Screenshot of Hangzhou Cyber-court Website, showing its Chinese name as Hangzhou Railway Transport Court as of end of June.

China has adopted a plan to establish a cyberspace court in Hangzhou lately. The plan is for this court to accept filings electronically, try cases via livestream and hear only e-commerce and Internet related cases.

Why Hangzhou? As a general rule of Chinese civil procedure law, lawsuits must be brought in the place of the defendant’s domicile. For companies, domicile means their principal place of business or the place where it has its registered address. Hangzhou is home to Alibaba and to many other technology companies, it has been dubbed the “capital of Chinese e-commerce,” and it is the site of the China Cross-Border E-Commerce Comprehensive Test Zone (中国(杭州)跨境电子商务综合试验区). Hangzhou courts have experienced a considerable increase in the number of e-commerce related cases, from 600 cases accepted in 2013 to more than 10,000 in 2016.

Before these most recent plans for a cyber-court in Hangzhou, the Zhejiang High Court launched a pilot program to create Zhejiang E-Commerce Online Court System to better handle Hangzhou’s increasing caseload in Hangzhou. Three Hangzhou trial courts and the Intermediate Court of Hangzhou initially joined this system to try certain e-commerce related cases online. Other than a different space (cyberspace versus an actual courtroom) for the actual litigation/trials, there are no significant differences between the online court and traditional courts. The Zhejiang E-Commerce Court website explicitly states that its litigation processes will strictly follow China civil procedure law.

What Cases Will the Cyber-Court Handle? The Cyber-court will have general jurisdiction over certain Internet and e-commerce related cases in the Hangzhou area. Although the Cyber-court’s website is currently inaccessible, according to the Zhejiang E-Commerce Court website, the following cases (over which the existing trial courts in Hangzhou would normally have original jurisdiction) will be tried by the Cyber-court beginning on August 18, 2017:

  • Disputes regarding online purchases of goods, online service agreements, and small [online?] loan agreements;
  • Disputes regarding “internet copyright” ownership and infringement;
  • Infringement on personal rights (e.g. defamation) using the Internet;
  • Product liability claims for goods purchased online;
  • Domain name disputes;
  • Disputes arising from Internet based administration;
  • Other civil and administrative cases concerning the Internet assigned to the Cyber-court by a higher court.

No matter in which district of Hangzhou a defendant is domiciled, cases that come within the above list should be filed with the Cyber-court instead of with the trial court in the previously relevant district.

How to file a case with the Cyber-court and Attend trials? Please note that because the Cyber-court’s website is currently offline and inaccessible we have had to base the information in this section on what we obtained from the website back when it was live in July and from news reports. The Cyber-court will use an online platform that allows people to file cases and attend trials. To be able to use this platform, users must first verify their identity and then register for an account. There are two options for doing this. One is to physically go to Hangzhou and show your ID to the court clerk, which to a large extent defeats much of the purpose of having the online court system. The other is to have your identity verified through Alipay (Alibaba’s payment service). If you already have an Alipay account and Alipay has verified your identity (because you probably used Taobao before), such a verification will be accepted by the cyber-court’s system.

Once you have a cyber-court account, you can file a complaint, submit evidence, and request service of process through this platform.

You can attend your trial remotely by entering a verification code on a webpage. Transmission of audio or video of any hearings and trials and the evidence presented and other data exchanges will be encrypted using security technologies provided by Alibaba Cloud.

Implications. For people who do not live in Hangzhou area and want to sue someone there based on causes that are within the Cyber-court’s jurisdiction, the new system sure will make that more convenient. It also will likely make rulings on internet and internet related cases more consistent and thereby give more and better guidance to potential and actual litigants

But I also wonder whether all of what has been put under the cyber-court’s jurisdiction makes sense. Take product liability as an example. How is a product liability claim for goods purchased online any different than that for goods purchased physically in a store? In what will the cyber-court be better able to handle such a claim? There may be difference in online and offline purchase agreements for issues such as where the defendant resides, the place of execution or performance of the agreement or jurisdiction. But those are typically answered by existing product liability law, contract law, and civil procedure law and there is no single “Product Liability Law for Cyberspace.” Do we need a separate cyberspace law or is it just the Law of the Horse? Many countries, including China, have separate maritime and IP courts and those have generally worked well. Does it make sense to have a separate court handle internet disputes? I hate to sound trite, but time will tell. Is this a genuine attempt to reform e-commerce and embrace technology? Will this one cyber-court eventually assume nationwide jurisdiction of internet claims (not likely)? Will other regions in China create their own cyber-courts? What have other countries done on this front? Please comment below if you know!

Does it make sense to have the system rely so heavily on one company’s technology (Alibaba’s)? Did it have any real choice? How secure is Alibaba’s technology as to data and privacy protection? What protections are in place to prevent Alibaba from appropriating and using the litigation data?

Finally, as with most new developments involving cyberspace and e-commerce in China much about the cyber-Court remains  unclear and will likely change, and fast. I will be covering the changes so please stay tuned.