Corporate compliance programs must address the risk of improper disclosures of sensitive technical or commercial information.

State control of information has been a focus of PRC regulation since the founding of the People’s Republic in 1949. Despite several updates to laws governing “state secrets” in China over the years, the concept of state secrets remains amorphous and subject to interpretation in line with prevailing political winds. Foreign companies in China must be aware of the serious implications state secrets laws pose on inbound and outbound trade and investment, especially given the PRC government’s increasing emphasis on foreign compliance. Firms doing business in China must implement comprehensive compliance policies and training programs to prevent employees from violating China’s state secrets laws.

The evolution of China’s state secrets laws

The PRC government issued its first regulations governing state secrets in 1950 and 1951. The regulations were broad and reflected Chairman Mao Zedong and Premier Zhou Enlai’s objectives at the time: political consolidation after decades of revolution as the government sought to combat perceived “enemies within and without” the country. Accordingly, the 1951 regulations listed a wide range of topics that could be considered state secrets—from highly sensitive matters, such as national defense, foreign relations, state finances, and infrastructure, to much less sensitive matters, such as culture, education, hygiene, and meteorological forecasts. What could not be captured through broad and vague classifications was included in a catch-all provision covering “all state affairs not yet decided upon” and “all other state affairs that must be kept secret.”

1988 State Secrets Law

China’s more recent state secrets regime is based on the 1988 Law on Guarding State Secrets, which attempted to balance former leader Deng Xiaoping’s push to open up to the outside world with the state’s interest in controlling certain types of information. The law is clearer and more detailed than the 1950 and 1951 regulations. Upgrades included categories for secrets based on sensitivity (top secret, highly secret, and secret); procedures for declassifying of information because of changes in circumstance or time; and clearer government agency responsibilities for classifying and handling information. The law, however, still lacks clarity in important areas that affect how Chinese and foreigners acquire, handle, store, and convey information. Most notably, the law’s definition of “state secrets” remains ambiguous. It provides a narrower list of items that could potentially be considered state secrets, yet still contains a catch-all provision for “other matters that are classified as state secrets by the national State Secrets Bureau,” with no limitation on what those matters might be. In effect, the vague “state secrets” label allows the government to choose which potential violations to prosecute and which to ignore. For foreign companies in China, however, it creates difficulties in managing risk: How does one ensure compliance with a law when what constitutes a violation remains unclear?

2010 amendments

The PRC government recently released Amendments to the State Secrets Law, which took effect in October 2010. The amendments add clearer standards for identifying and handling classified information, delineate authority to determine what should and should not be classified, and take into account technological developments such as the Internet.

The new amendments prohibit connecting computers that contain classified information to the Internet and other public information networks. They also stipulate that private communications may not “touch upon” state secrets and require Internet service providers and other public network operators to cooperate with state secrets investigations. Though the 2010 amendments provide clearer guidance for businesses on how to adhere to the law, they also make explicit that Chinese network operators and service providers must cooperate with a state secrets regime often used to suppress political dissent.

The 2010 amendments introduced a welcome system for labeling classified information. In addition to maximum protection periods for various categories of classified information, the amendments state that even at lower levels of the bureaucratic chain, the State Secrets Bureau must wherever possible identify the specific people who are permitted access to the information. Moreover, the amendments provide that all devices and objects that carry classified material must be clearly marked as such. The amendments do not, however, clarify the state secrets classifications themselves or the broad range of information that can be covered by the State Secrets Law.

Criminal and state security laws

The State Secrets Law’s ambiguity is of concern given the criminal implications of state secrets violations under China’s Criminal Law and Security Law. Article 111 of the Criminal Law provides for penalties ranging from public surveillance and deprivation of political rights to life imprisonment, depending on the severity of the act, for “whoever steals, spies into, buys, or unlawfully supplies state secrets or intelligence for an organ, organization or individual” outside China’s territory. For an especially severe act that endangers national security, the article states that individuals may receive the death penalty. Article 282 provides for up to three years imprisonment for a person who “unlawfully holds documents, material, or other objects classified as ‘strictly confidential’ or ‘confidential’ state secrets and refuses to explain their sources and purposes.” The Security Law addresses similar violations in the state security context.

Commercial secrets, corruption, and bribery provisions

PRC law also protects “commercial secrets.” The 1993 Anti-Unfair Competition Law protects commercial secrets of state-owned enterprises (SOEs), and the 2010 Provisional Regulations for the Protection of Commercial Secrets by Centrally Governed Enterprises clarify the treatment of commercial secrets for top-level SOEs. Though the provisional regulations introduce stricter requirements for classification decisions and the labeling of classified information, they do little to clarify the Anti-Unfair Competition Law’s ambiguous definition of “commercial secrets.” (Parties that enter into business dealings with SOEs should note that the provisions require SOEs to adopt precautionary measures to protect commercial secrets in dealing with third parties.)

Related to state secrets legislation, China’s Criminal Law and Anti-Unfair Competition Law are the basis for the state’s corruption and bribery legal regime. According to these laws, commercial bribery offenses involve securing an “improper benefit” through “improper means.” PRC authorities are likely to view a company that holds classified commercial information as having acquired an improper benefit, and the provision of such a secret by a company can easily be construed as improper means. Thus, corruption and bribery allegations often go hand in hand with alleged state or commercial secret disclosures.

Application of state secrets and related laws

The 2008 Rio Tinto case, in which four employees of the australian mining conglomerate Rio Tinto Group were accused of commercial espionage by Chinese authorities, illustrates how state and commercial secrets, corruption, and bribery can converge in real-life dealings and result in criminal responsibility. The Shanghai Intermediate People’s Court determined that Rio Tinto executive Stern Hu and his colleagues “enticed” the disclosure of information regarding a series of conferences convened by the Chinese Iron and Steel Association. Attended by representatives of key Chinese manufacturers, these conferences focused on the industry’s strategy for upcoming iron ore price negotiations with Rio Tinto. The court inferred that Rio Tinto employees “improperly obtained” conference information, even though sources volunteered the information without solicitation from Rio Tinto employees. This case suggests that the Chinese courts may infer impropriety in situations where Chinese companies volunteer commercially sensitive information to foreign companies, even when no agreement has been made for favors in return. Foreign companies must thus be aware that they could violate commercial secrets or bribery laws by passively accepting information in circumstances where they are in a position to bestow favors or exert influence.

In addition to facing direct compliance risks, foreign technology companies face the added challenge of handling PRC information requests related to state secrets investigations of others. The requirement in the 2010 State Secrets Law amendments that network operators and service providers in China cooperate with such investigations underscores what has been the reality for some time—that technology firms are under tremendous pressure to share information with Chinese authorities. To date, companies have tended to take one of two contrasting approaches to this struggle—conflict with PRC authorities and withdrawal from the China market, or cooperation with the government resulting in client alienation and potential human rights litigation. Both approaches present significant challenges to business expansion.

Practical implications for US business in China

In the past, foreign businesses in China focused primarily on complying with their home countries’ laws, such as the US Foreign Corrupt Practices Act, and regarded PRC state secrets laws as a concern for local firms. Foreign companies can no longer afford to take this approach, especially given the recent increase in cases that apply PRC state secrets law to foreign firms. The risk of state secret disclosure is particularly high in the approval process for equity investment and debt financing of foreign-invested projects in China. These projects necessitate the flow of highly detailed commercial and technical information as part of the planning and application process, and present numerous state secret-related risks for firms that pursue them.

Foreign businesses operating in China can take steps to better protect their interests and employees. In particular, companies should:

  • Develop robust compliance policies  Policies should include a mandate for employees to avoid exposure to classified or potentially classified information without proper permission from appropriate PRC authorities. The mandate should make clear that any information that could result in an unfair competitive advantage in a commercial transaction should be avoided without appropriate authorization. The policies should also include a zero-tolerance policy for corruption and bribery in every aspect of commercial activity in China, including strict limits on gift-giving and the extension of other perks.
  • Ensure through regular training sessions that all staff are well-versed in PRC state secrets laws and in the firm’s compliance policy  The training should provide details of classification standards and labeling requirements under PRC law, as well as guidance on what types of unlabeled information could still be considered sensitive. Potentially sensitive unlabeled information includes raw market or industry data that is not publicly available, and processed or analyzed data whose underlying raw data is publicly available. Training is especially important for Chinese or Chinese-speaking employees who are most likely to be on the “front lines” in negotiations and other dealings with local partners and are most vulnerable to inadvertent exposure.
  • Obtain explicit assurances from Chinese counterparties prior to information exchanges  The assurances should confirm that no information provided will constitute state or commercial secrets or, to the extent it does, that the Chinese counterparty has obtained appropriate authorization to share the information with the firm’s representatives. These assurances are particularly important in connection with foreign direct investment approval processes and due diligence exercises.
  • Be aware of the precautionary measures SOEs are required to take to protect commercial secrets  Such measures include entering into confidentiality agreements for all information exchanges and clearly labeling classified information. Companies should also ensure that any SOE the firm is working with complies with these procedures. If an SOE does not appear compliant, the foreign company should raise the issue and express its desire to fully comply with all PRC laws.

Practical implications for US and Chinese businesses in the United States

China’s state secrets laws can also burden Chinese enterprises that seek to expand internationally. Efforts made by Chinese enterprises operating in the United States to comply with PRC state secrets laws can create difficulties in complying with US regulations and disclosure requirements. Given that US regulations and case law allow few exceptions for foreign enterprises based on home country legal commitments, some Chinese businesses may be forced to limit their US expansion plans.

Foreign banks that wish to expand in the United States, for example, must make available to the Board of Governors of the Federal Reserve System all information on bank operations that the Federal Reserve deems necessary to enforce compliance with applicable US laws. PRC banks that refuse to comply with this requirement run the risk of losing their licenses to operate in the United States. If, for example, US regulators request information about a PRC bank or one of its customers that could be considered a state or commercial secret (a likely scenario given the United States’ expansive antimoney laundering and antiterrorism laws), the PRC bank may find itself in an impossible situation.

Conflicts between US law and PRC state secrets laws also arise through US courts’ civil litigation discovery processes. US courts generally decide such conflicts by weighing factors such as national interests, hardship of compliance, importance of the laws at hand, and good faith of the parties. But even if a US court compels compliance, PRC authorities may not absolve the Chinese company from home country obligations. China’s state secrets regime and the conflicts it creates with US law may increasingly concern Chinese executives at the front of China’s outbound direct investment drive. Future Chinese executives that lead outward investment expansion programs could find themselves on the wrong side of these laws in the bidding, negotiation, or transaction execution phases of a project.

The way forward

The control of sensitive information has been a focus of China’s legislation and regulation since the founding of the People’s Republic. Government reforms have refined some aspects of state secrets law over time, but other aspects of the laws remain ambiguous in scope and intended application. As such, Chinese and foreign businesses must be vigilant when dealing with sensitive information and implement effective and pragmatic policies, procedures, and internal controls to manage the regulatory risk presented by the flow of information in today’s cross-border business environment.

[author] Mitchell A. Silk ([email protected]) is a partner and Jillian S. Ashley ([email protected]) is an associate with Allen & Overy in New York. [/author]

Posted by Mitchell A. Silk and Jillian S. Ashley