According to CDNetworks, a company specializing in content delivery and cloud security solutions, the law in question defines guidelines for the future development of the network landscape in China and the role of the state in this context. The Cyber Administration of China (CAC) is given key functions in the legislation and acts as a testing and approval body.

One change that is currently affecting many companies is the new regulations on "data delivery" in China. According to current interpretations of the new legal requirements, all data defined as sensitive or personal is to be hosted in the country and will no longer be allowed to leave China in future - except with special permission from the government.

Due to the slow loading times caused by the long distance to China and the automatic checking of content by the so-called "Great Firewall", many companies already make their content available via a server or node in China. This can very often be done via a hoster, cloud service provider or content delivery network provider (CDN). Here, too, there are consequences.

If appropriate changes are not made, the so-called Bei'an license may be withdrawn and the Chinese website or data transfers in China will be blocked. According to CDNetworks, the legal texts are not available in German or English, making it difficult to interpret them correctly.

Which companies are affected by the new law?

All companies that are active in electronic commerce in China are affected. This includes operators of network or so-called critical information infrastructures, but also any other company or organization that "delivers" web content (websites, apps, etc.) in China or uses an operator for hosting or delivery.

Example: If an eCommerce provider previously had data processing systems such as order, invoice or inventory systems outside of China, but delivered these via a service provider in China, these systems must now be mirrored so that the data is processed within China. This is also the case for data from apps - from fitness bracelets to applications that transmit electricity meter or boiler data.

This means that companies from all sectors are affected, from retail and IT service providers to companies from industry, tourism, media, online advertising, gaming and many more. Companies that offer their content from outside China, including Hong Kong, are not affected. However, as Hong Kong is part of China but lies outside the "Great Firewall", these organizations must still expect loading times.

What are the consequences?

Thousands of certification officials and intelligent algorithms are currently checking whether foreign organizations that offer relevant content from China for the Chinese market meet all the conditions of the new legislation. If they are already working with a hosting service provider or CDN provider, they are also checked to see if they have the necessary licenses. If this is not the case, the Bei'an license required in China can be withdrawn and the website or web content blocked.

Companies are already receiving calls from government officials asking them to make the necessary changes as quickly as possible.

What needs to be done?

• Companies must check where their data is stored and processed.
• It is highly recommended to register the domain for China in China.
• If they use their own infrastructure, this must be checked for compliance or they should find a provider that is compliant with the new regulation and can support them in implementing all the necessary steps.
• If companies are already working with a hosting, cloud or CDN provider for the Chinese market, they should check whether they meet the requirements and whether any necessary changes can be made together. In addition to hosting and data delivery in China, this may also include support for mirroring systems and secure data transport.

Many providers have previously offered CDN for the Chinese market from other locations. This was very practical in the past, but is no longer possible with the new legislation, as the content must be hosted in China. So what requirements should a partner for data delivery in China fulfill in the future?

• Knowledge of the Chinese market - especially of the required licenses, ideally with accreditation for issuing the Bei'an license
• An existing CDN infrastructure with as many nodes as possible to accelerate content in China.
• A solution that supports companies in the mirroring of systems in China, which is necessary for many - including the secure encrypted transmission of data packets. Because if systems have to be mirrored, sensitive data should of course only be transmitted securely.