Friday, 24 September, 2021

Data security law: China orders state firms to migrate to government cloud services

  • Sun Online Desk
  • 30th August, 2021 05:54:24 PM
  • Print news

With just days to go until the national data security law comes into effect, China’s state assets watchdog has ordered its firms to accelerate data migration from cloud services by tech giants like Alibaba and Tencent to the government’s own infrastructure.

Data security is high on the government’s agenda and the move is expected to send turbulence through the country’s cloud service market, now dominated by private players.

In a notice posted online on Friday, the State-owned Assets Supervision and Administration Commission of Tianjin ordered state firms to not build new data centres, buy servers or purchase other storage hardware.

Firms owned by the municipal government were forbidden to renew or sign new leasing contracts with public cloud platforms owned by Huawei, Alibaba, Tencent, China Unicom, China Mobile and China Telecom, The Economic Observer reported, citing a document dated August 12.

Data stored in these platforms must be moved to digital infrastructure controlled by the State-owned Assets Supervision and Administration Commission (Sasac) within two months of the expiration of existing leases, with the final deadline at the end of September next year.

 “The data of state-owned enterprises are state assets and must be put under supervision,” the online notice said.

Sasac oversees the country’s 97 biggest industrial firms, including China National Petroleum Corporation, Baowu Steel and China Mobile, controlling about 70 trillion yuan (US$10.8 billion) of assets.

No details were given about the Sasac cloud service or how it differed from those provided by the three state-owned telecom operators.

But in April, the southwestern province of Sichuan unveiled a local version of the Sasac cloud service. And Hangzhou Iron & Steel said last month that it had built a similar government-controlled cloud service in the eastern province of Zhejiang.

Calls on Saturday to the Tianjin state assets watchdog for confirmation went unanswered.

The data security law takes effect on Wednesday and lists severe penalties for violations.

Fines of up to 10 million yuan will apply for unapproved overseas transfers of “core state data”, while those handing over “important data” to a foreign judiciary or law enforcement agency without prior approval could be ordered to pay up to 5 million yuan.

International business groups have sought clarification on the boundaries of “important data” and some foreign-funded firms, such as Tesla, already store the data of Chinese users onshore.

The country’s public cloud service market grew 49.7 per cent to US$19.4 billion last year, according to International Data Corporation estimates.

In terms of IaaS, or infrastructure as a service, the biggest segment of public cloud services, Alibaba led the market with a share of 40.6 per cent in the fourth quarter of 2020, followed Tencent and Huawei on 11 per cent each, and China Telecom with 8.7 per cent, IDC data showed.

Last month, the Zhejiang telecoms regulator accused Alibaba Cloud of violating China’s cybersecurity law following a complaint related to a 2019 data leak, and ordered it to rectify its business.

Government concerns over data security have already led to a crackdown on Big Tech companies and listing rows with the United States this year.

A precedent was seen from ride hailing giant Didi Chuxing which was investigated after its New York share sales in June.


Source: South China Morning Post