china implements encryption law

By Matthew Laight


New regulations implemented in the PRC under State Council Order Number 273 affect foreign organisations' or individuals' use of encryption products or equipment containing encryption technology (such as DES or RSA) in a number of ways.

Import into the PRC: The import of foreign encryption products will only be permissible if approval has been obtained from the State Encryption Administration

Sale/distribution: Encryption products can only be sold or distributed within the PRC by entities which have acquired special permits. Such permits are unlikely to be granted to non-PRC entities such as foreign invested enterprises.

Manufacture: Restrictions also apply to the type of entities which can manufacture encryption products, and such products will require approval.

End-users: Users of foreign encryption products, in use prior to the introduction of the new law, must have registered such use with the State Encryption Administration by last January 31 2000 in order to continue using such equipment. In addition, unlike PRC entities, foreign users must also obtain approval for the use of encryption products.

The implementation of these new regulations has aroused a great deal of debate in Hong Kong and the US, as they could affect China's entry to the World Trade Organisation (WTO). Lobbying is underway to re-address the balance, and it therefore remains to be seen to what extent they will be enforced.

... just as US encryption laws are relaxed

In contrast to the tightening of controls over the Internet in China, on January 14 2000, the US government issued regulations that relax the restrictions on encryption export from the US. Previously companies had to obtain a licence from the government to export encryption products over 56 bits in length. The new regulations make the following key changes (although they will not affect current restrictions imposed on Cuba, Iran, Iraq, Libya, North Korea, Sudan and Syria):

* US companies may export any encryption product globally to commercial firms, individuals and other non-government end-users without a licence, (exports to government end-users may be approved by licence);

  • "retail" encryption products that are widely available in the market can now be exported to any end-user including foreign governments;
  • commercial encryption source code, encryption toolkits and components can be exported without licence to businesses and non-government end-users for internal use and development of new products;

US companies may export any encryption products to foreign subsidiaries without prior review and foreign employees working in the US no longer need an export licence to work on encryption.

Importation of encryption software into Hong Kong

In Hong Kong, an amendment to the Import/Export (Strategic Commodities) Regulations (October 1999) came into effect, which restricts the use of any encryption software employing a key length in excess of 56 bits in Hong Kong. Application to import the restricted software may be made to the Trade Department. Consequently, Hong Kong companies may still benefit from the relaxation of the US regulations, provided they obtain the necessary permit to import restricted software.

Registration of domain names as trade marks

The Trade Marks Registry in Hong Kong accepts domain names for registration as trade marks, providing the criteria for registration are met, and providing non-registerable matter (such as ".com") are disclaimed. Increasingly, domain names are being used as trade marks rather than simply as the URL of a website. One of the most famous examples is, but more locally is likely to rise in importance following its high-profile listing last month on Hong Kong's new technology board, the Growth Enterprise Market (GEM).

Amendments to affect use of unlicensed software

The Intellectual Property (Miscellaneous Amendments) Bill 2000 gazetted January 14 2000 (the Bill) and read before the Legislative Council on January 26 2000, will if passed, introduce into the Copyright Ordinance provisions which affect the unauthorised use of computer software in business.

Pursuant to the proposed amendments, a person will be committing secondary infringement of copyright if he, amongst other things, possesses an infringing copy of a copyright work "for the purpose of, in the course of, or in connection with, any trade or business." This replaces the previous narrow definition, which referred simply to "for the purpose of trade or business".

This means that a legitimate business or trade which does not sell or deal in unlicensed software, but nevertheless uses unlicensed software in the course of its business, may still be liable for secondary infringement if it uses the unlicensed software "for the purpose of, in the course of, or in connection with, any trade or business."

First published in E-lawasi@ in April 2000.