The People’s Republic of China has officially bestowed legitimacy to Blockchain and Cryptography. The country’s enchanted Blockchain industry will now be regulated as per China’s Password Law. The world’s first Password Law has come into effect on 1 January 2020, following the Chinese government’s initiative to regulate how government agencies and private companies use data to run their cryptography management systems. From the start of this New Year 2020, the Office of State Commercial Cryptography Administration (OSCCA), and only approved products are sanctioned for use in China.

In this article, we are providing a quick overview of China’s Password Law and what it entails for the blockchain ecosystem globally.

Decoding China’s Password Law 

Though a very unique development in the global Blockchain scenario, the Password Law is completely home-grown and blossoming affaire de coeur.

Within weeks of its Seventieth anniversary of the People’s Republic of China (1 October 2019), the government led by President Xi Jinping passed a resolution to regulate cryptography for multiple industries. A Chinese daily had reported that the 14th Session of the 13th National People’s Congress Standing Committee voted to pass the ‘crypto law’ on 26 October 2019.

See:  President Xi Says China Should ‘Seize Opportunity’ to Adopt Blockchain

It adopted the Password Law to facilitate the development and management of Crypto-based technologies and to secure their use in the digital, IT and other miscellaneous industries, including in banking, eCommerce, Telecom, and Military. The law is also determined to reward companies that have fair China Blockchain Strategies and that adhere to the new regulation, as much as it is to enforce strict punishments to individuals and agencies that breach the policy.

IDC reported Blockchain spending in China was US$79.5 million in 2017. It is projected to reach US$1.67 billion by 2022. An independent research group reported the global Blockchain market was worth $700+ million in 2017.

Types of Cryptography

According to the Chinese Cryptography law, the applications are classified into –

• Core
• Common
• Commercial

Core and Common Cryptography platforms and their management are strictly restricted and can be accessed by a limited number of Chinese authorities only. The dereliction or breach into these platforms would lead to the country’s exposure to cybercrimes, data hacks, and frauds. In short, core and common cryptography are ‘state secrets’.

The country now has a systematic procedure to examine, authenticate, and prosecute every cryptography operation. Failing to adhere to these provisions would lead to warnings, fines, or getting the properties confiscated. 

For Commercial cryptography, companies that leverage the technology would be guided to set up management, supervision and information exchange systems to check administration and governance. It’s a non-state institution, but it would still require the Chinese government’s approval to run the systems safely within the country’s geographical and socio-economic boundaries.

See:  UK and World Economic Forum to lead regulation revolution to foster industries of the future

Currently, encrypted products belonging to the hardware and software industry fall under the purview of Chinese Crypto laws, while it may exclude standard OS, and internet browsers from the regulation. Non-Chinese companies and their products have to seek approval from OSCCA. In addition, China’s Custom body would work with the OSCCA to check and prevent the import, and sale of encryption technology in China. JVs involving Chinese enterprises are specifically approved to import and use encryption products that are manufactured/developed abroad. There are restrictions to their use beyond enterprise communications and overseas coordination. Encrypted telephones, fax machines, instant messaging dashboards, and Video Conferencing tools would require approvals from the Custom and the OSCCA.

Passwords and their Encryption Practices

Encryption is a technical term referred to as the method of digitally converting any information into a secret code. The science of encryption and decryption of any such information using ciphers is called cryptography. Cryptographic encryption ensures the confidentiality, authenticity, and integrity of any information that needs to be protected. It also prevents information senders and recipients from denying their role in the cryptography process.

Deloitte* had found out enterprise organizations prefer Blockchain technology to secure their IT solutions. 71% of enterprise organizations acknowledge that blockchain is a higher security model compared to conventional IT solutions.

The world’s first state-regulated cryptography law categorically divides the types of passwords, their applications and the mechanisms in the various institutions that are meant to deploy them. In a total of 5 chapters and 44 articles, the Chinese Password Law explains the extent of authority on core and common password usage, their legal requirements, security management system and so on.

See:  Congress Considers Federal Crypto Regulators In New Cryptocurrency Act Of 2020

For Commercial password platforms, the law directs users and supervisors to standardize the password standardization system, their testing, and authentication. In addition, these systems would also meet the guidelines on the market access management system, their use requirements, import and export of the Crypto management system, and so on.

The users are required to register through an electronic government electronic certification service management system, whose post-mortem supervision would be carried out in case any incident is reported in the future.

In addition to statutory guidelines on the definition, deployment, management and the use of encryption systems, the Cryptography Law stipulates that the state strengthens the cultivation of cryptographic talents and team building. The law shall identify and reward organizations and individuals who have invested their resources and talent in making the Chinese Cryptography industry better and secured, and in accordance with the state-guided regulations.

As per the provisions of the Password Law, China is accelerating the adoption and research in Commercial Cryptography markets through academic exchanges and conferences. However, it has been explicitly mentioned that the crypto operations and departments wouldn’t be used to harm the country’s security, national interest, and people’s rights and privacy.

The law protects cryptography practitioners in the country to keep their business secrets and privacy. It’s their duty to follow and to maintain duties in a ‘strictly confidential’ manner.

What are the legal liabilities if you breach?

China’s Password Law concerning cryptography enshrines a chapter on legal liability related to infringements and misconduct.

Chines Password Law has the right to monitor, investigate and prosecute an individual or a business unit that is found to engage in illegal activities and against state policies. It includes cyber warfare, social media bullying, hacking, frauds, and infringements into public rights and interests. All cases would be held accountable as per the Chinese Cybersecurity Law.

Last year, in November, the official Weibo account of blockchain project Tron was suspended due to a report filed against the social media platform. 

See:  Can Blockchains Give You Competitive Advantage?

We are yet to be confirmed if the promotional and brokerage services dealing with the Initial Coin Offerings (ICO) projects that are registered outside of the country could be regularized as per the new Chinese Password Law.

Interestingly, the law also intends to protect those who spot illegal acts and inform the Core and Common cryptography authorities in time. Those who fail to spot or inform agencies in time; or, who knowingly fail to report incidents despite spotting illegal activities would be punished.

Continue to the full article --> here