In the age of the internet, China has become a major internet-empowered nation. It has a vast internet market with a huge online population (829 million internet users out of a 1.4 billion population). The application of the internet is extremely diverse in China, and they range from consumption, industry, finance to government management, with large amounts of internet-based information and data involved. On the basis of this, the formation of an extremely complex internet society took place. If we take a step further to consider the connection between China's network and the outside world, the internet is no longer a technical tool of human invention. Rather, it is an important part of human society and the economy.
Although the advent of the internet society has greatly changed the social economy, at the same time it brought about the question of formulating rules and instilling order for the cyber society. For the government, participating in the governance and service in the era of the internet has become a real problem. Observing the development of this internet age, we can see that network development practices from the market and social levels are always way ahead of government regulation and governance. The government is always striving to adapt and catch up with the development and innovation of the internet, and often has difficulty in achieving that. Even so, countries and regions including the United States and the European Union are working on creating the necessary supervision of the internet, and have even introduced their own internet management laws and regulations in order to maintain network order and address national security issues for the internet.
China is also working on this matter. On May 21, 2019, the Cyberspace Administration of China issued a draft for the review measures for cybersecurity, focusing on the assessment of national security risks that may result from procurement activities, including: (1) the possibility that critical information infrastructure is controlled, disrupted, and business continuity is compromised; (2) the possibility of large amounts of personal information and important data being breached, lost, damaged, brought out of the country, etc.; (3) the controllability, transparency and supply chain security of products and services, including the possibility of disruption to the supply of products and services due to non-technical factors such as politics, diplomacy and trade; (4) impact on defense industry and key information infrastructure related technologies and industries; (5) product and service providers' compliance with national laws and administrative regulations, commitments and obligations; (6) products and service providers subject to foreign government funding, control, etc.
Not long ago, the Chinese government has issued the beefed-up National Standard for Cybersecurity Multi-level Protection Scheme drafted by the Ministry of Public Security (MPS), effectively replacing the one introduced more than a decade ago. The purpose of this move is to include new technologies, application security objects and security protection areas in order to strengthen the cybersecurity protection system. The new technologies covered in this standard includes those related to cloud computing, Internet of Things, mobile internet, industrial control systems, Big Data, and so on. It is understood that the MPS has organized relevant units and experts to summarize the implementation of the previous standard of protection, and study the safety of new technologies and new applications since 2014. After five years of study and adjustments, the revision of the standard has now been completed.
However, as China has successively introduced a number of internet regulatory policies within a short period of time, there are also more departments that have the power to use the internet for supervisory purposes. Hence, the reasoning and interests involved in the regulation have become increasingly complicated, to the level that internet regulations have become grassroot and generalized. This in turn, can easily lead to new social management problems and confusion to both to China and the outside world. Those outside of China believe that China's internet supervision and review mechanism are highly complicated and that supervisions overlap with each other. According to a study by the U.S. think tank New America, the measures for cybersecurity and other regulations are lower-level regulatory documents complementary to the National Security Act and the Internet Security Law. This is the usual practice of the Chinese legal system. However, the regulations of the Cyberspace Administration and those of the Ministry of Public Security on information security are apparently overlapping in some respects. Foreign-funded institutions are concerned that under conditions of overlapping supervisions, a company can easily become both a so-called "critical information infrastructure" (subject to the Cyberspace Administration) while being included in the list of "classified protection".
The outside world's concern about China's internet supervision is that China's cybersecurity censorship system is ambiguous and uncertain. Although it gives the regulatory authorities a lot of flexibility, it also makes the market feel rather inconvenient, and it can even lead to obstacles for the market. Nick Marro, an analyst at The Economist Intelligence Unit, was quoted by the South China Morning Post as saying, "the regulatory opacity means that officials have quite a lot of flexibility in how they want to implement this – meaning it could be applied to US firms in a way that embodies 'qualitative measures' as part of China's trade war response".
The outside world is often biased in their view of China's internet regulation, and this bias is based on their own standards. However, looking from China's own development needs, its cyber supervision does indeed need to be clarified and integrated. On the one hand, it is necessary to clarify the rules and standards of supervision and governance. On the other hand, there should also be room for the development of the internet. The establishment of rules and the establishment of order are not to be confused. China's national legal system is governed by the national legislative law. The reality in China is that the faster the internet develops and the larger its scale becomes, the more "internet supervisions" would come into existence. Hence, when there is a need, there will be supervision. In addition to the actual needs of internet governance, interest and regulatory power are the reasons for internet supervision as well. This means that those who seize the right of internet supervision will be a greater power in the future, and this is a reason that so many parties want to have a piece of the pie. In the past, real estate was the one that could increase fiscal revenue, but now it is the internet's turn to play that part. Some analysts pointed out that not only are various ministries and commissions eager to take part in the current internet supervision in China, even players in the local prefecture and county levels are attempting to join in for various reasons, each seeking its own internet regulatory power. However, it is worth noting that not everyone will get the chance to do so.
The law of development of the cyber world requires the government to treat it with an open and development-focused mindset. When communicating informally with Anbound think tank researchers, certain Chinese government officials admitted that the speed and complexity of the internet has far exceeded the government's regulatory capabilities. Sometimes the government is unable to accurately grasp the innovation of the internet. If the internet is supervised based on the conventional propaganda-focused approach, the existing government departments and laws and regulations will be insufficient to carry out the job. If the regulations are tight, there will be few developments. Conversely, if they are loose, the situation might get chaotic. Under this circumstance, it is necessary to establish a large-scale strategic framework for the internet and clarify the regulatory thinking of cyber policies. Otherwise, the environment for the development of the internet will face more difficulties. In addition, there will be regulatory disruption, split supervision, and constrained development, as well as the possibility of being detached from the society.
Final analysis conclusion:
In sum, China's cyber supervision and governance as a major internet power should adjust its starting point and ideas, encouraging and protecting development and bottom-line thinking in order for principled supervision to take place. On some major issues and important areas (such as national security, personal information protection, intellectual property protection, and political security), China should also formulate basic bottom line rules, rather than basic rules, rather than fragmenting the management on behalf of different authorities.