For years, a stringent regulatory environment had made foreign investment in China’s data centre market rather challenging. However, in wake of a slew of new policies aimed at opening up the market, potential foreign investors and industry players can now look forward to having more opportunities in the internet data centre sector. This story delves into some of these policy changes made in 2024.
In April, the Ministry of Industry and Information Technology (MIIT) announced its plan to carry out pilot programs with a focus of opening up value-added telecommunication services (VATS) to foreign investment. Within VATS, data centre operations are regulated as B11 under the telecommunication services classification catalogue. Any entity that wants to offer data centres services to the public in China will require a VATS licence issued by the MIIT for category B11.
Before this pilot programme, foreign investors were not allowed to own or invest in any data centre businesses. Foreign investment in China’s VATS is restricted to specific sectors that China agreed to open when it joined the World Trade Organization (WTO). However, data centre services were not part of the sectors that China allows foreign investment in, according to the commitments outlined in its original WTO agreements.
The new programme will first be launched across four cities in China: Beijing, Shanghai, Hainan and Shenzhen. Within these approved pilot regions, foreign investors will now have greater opportunities to invest in and build data centres. This would be beneficial for foreign investors looking to capitalise on China’s rapidly growing digital economy and also foster greater collaboration between Chinese and international firms.
Apart from allowing more foreign investment within the telecommunication services market, China has also adjusted its policies to promote more convenient transfer of data across borders. The Cyberspace Administration of China (CAC) released a new set of measures titled Regulation for promoting and administering cross-border data flows in March 2024. This new measure would allow more data exporters to be exempted from the set of regulations that were in place since the launch of the Assessment measures for data export security in 2022.
Previously, organisations were required to carry out rigorous security assessments for the cross-border transfer of important data and personal information collected and generated during operations within China. Under the personal information protection law (PIPL), in order to export personal information, processors will be required to pass a governmental security assessment. However, this process is complex and time consuming. For an organisation to apply for the security assessment, they are first required to carry out a self-evaluation of their data export risks. Once the self evaluation is completed, the organisation can then proceed to apply for a data export security assessment. Failure to comply with these measures will be dealt with per the provisions laid down under the relevant data related regulations within China.
According to Bird and Bird, the Security Assessment regime, effective from 1 September 2022 with a six-month grace period, has seen hundreds of applications from PI exporters in China, mainly large multinationals. However, only a few have been approved, with the process expected to take over ten months and involve multiple rounds of CAC review.
Good news is that with the new measures in place, more data exporters will now be exempted from the entire data export regime. Several key exemptions from the data export security assessment requirement are outlined below. As stated by Bird and Bird, when personal information (PI) needs to be exported to facilitate or fulfil a contract involving the individual as a party, no data export security assessment will be necessary. Examples include shopping, booking of flights and other related cross border transactions. Additionally, PI processors who have exported data for fewer than 100,000 individuals from January 1st each year will also be exempt from undergoing the full procedural requirements.
This policy reform will benefit foreign data centre operators by simplifying compliance and reducing operational delays. Exemptions from the complex data export security assessment, particularly for smaller data exports and contract-related transfers, will streamline the process for foreign businesses. This not only lowers compliance costs but also makes the Chinese market more attractive for foreign investment, fostering innovation and international collaboration. By easing data transfer regulations, foreign operators can better focus on expanding their services and infrastructure in China.
Therefore, even though 2024 is not yet over, it has become a significant year for the data centre industry in China, with the government taking active steps to open up the market in an attempt to encourage more foreign investment.