DistantNews
Support us
China Scrutinizes Critical Data of Western Firms, Legally
๐Ÿ‡ต๐Ÿ‡ฑ Poland /Economy & Trade

China Scrutinizes Critical Data of Western Firms, Legally

From Rzeczpospolita · () Polish

Translated from Polish, summarized and contextualized by DistantNews.

At a glance

News Sources not specified Context piece
  • Western data management firms are divesting from China due to political and regulatory pressures.
  • China classifies data within its borders as a strategic state asset, requiring strict control and oversight.
  • New regulations and existing laws mandate data localization and require government approval for cross-border transfers.

Western companies are increasingly exiting China's data center sector, driven by mounting political and regulatory pressures. Firms like Princeton Digital Group, Bain Capital, and Carlyle have decided to sell off significant assets in the country, a trend highlighted by the Financial Times. This exodus stems from what the FT describes as "political and regulatory pressure that makes foreign ownership of digital infrastructure difficult."

The principle of data localization, according to which operators of critical information infrastructure (CIIO) must store personal data and so-called important data on servers physically located in mainland China. In turn, their transfer abroad requires a prior security assessment conducted by the Chinese Cybersecurity Administration (CAC).

โ€” Piotr DecExplaining China's data localization and cross-border transfer regulations.

While China's cloud services market continues to grow, stricter cybersecurity and data protection regulations enacted in Beijing have made foreign ownership of critical digital infrastructure a politically sensitive issue. The core of these regulations, which have been developing since 2016, is the classification of data within China as a strategic state asset subject to government control. This principle is reinforced by three key laws: the Cybersecurity Law (2017), the Data Security Law (2021), and the Personal Information Protection Law (2021).

This shows a structural tension in which investors operate: simultaneous liberalization of ownership and tightening of operational control over data.

โ€” Piotr DecDescribing the challenges faced by investors in China's data sector.

These laws establish a data localization rule, requiring operators of critical information infrastructure to store personal and "important" data on servers physically located within mainland China. Transferring such data abroad necessitates a prior security assessment by the Cyberspace Administration of China (CAC). Although China opened its special economic zones to full foreign ownership in 2024, it maintains stringent operational controls, including scrutiny of funding sources, server locations, cybersecurity frameworks, and energy efficiency. This creates a structural tension for investors, balancing ownership liberalization with intensified operational oversight of data.

These are sensitive issues, concerning not only the company's security but sometimes also the state's security. We need to make Polish companies aware that such regulations are in force.

โ€” Tomasz Kostuล›Commenting on the implications of Chinese data regulations for Polish businesses.
DistantNews Editorial

Originally published by Rzeczpospolita in Polish. Translated, summarized, and contextualized by our editorial team with added local perspective. Read our editorial standards.