Don’t let China’s outdated cybersecurity laws block cooperation on the digital economy
Michael Clauss says the promise of industrial modernisation won’t be realised if legislation remains at odds with German companies’ data security concerns
The world’s 20 largest economies will gather in Hangzhou ( 杭州 ) under the Chinese presidency on September 4 and 5 for their annual summit. In the light of sluggish world growth, finding new avenues for future growth will be high on the agenda. Following this logic, the G20 will focus on the digital economy as one of the prime motors for invigorating the global economy.
Enmeshing Germany’s “Industry 4.0” – shorthand for a fourth industrial revolution – with China’s industrial modernisation blueprint, “Made in China 2025”, may be the most important cooperation project between Germany and China. It is certainly the boldest: if it succeeds, our two economies and scientific establishments will achieve a quantum leap of integration.
‘German firms are having a hard time in China’: ambassador points to rising protectionism ahead of Hangzhou G20 summit
Germany’s Industry 4.0 plan aims to achieve an entirely new manufacturing process. It involves unhindered and enhanced data transfer not only between one company’s different manufacturing plants but also between different producers, suppliers and logistics providers along the entire value chain. This will create highly complex networks where processes are guided by machine-to-machine communication – that is, without human intervention. More and more, machines will “talk to each other” directly and, in a globalised world, it goes without saying that it will only develop its potential if these “conversations” take place unhindered across national borders.
China’s “Made in China 2025” is not identical to Germany’s Industry 4.0. Its aims are broader: it wants to propel China further where it already has a technological edge and also enhance China’s overall competitiveness by moving manufacturing up the value chain across the board. The digital economy is a core element of China’s plan, as well as Germany’s.
For this reason, Chancellor Angela Merkel agreed with President Xi Jinping (習近平) and Premier Li Keqiang ( 李克強 ) during her ninth visit to China in June to accelerate the pace of cooperation. This involves not only companies, but also research institutions and a raft of government departments and agencies. Politically, our cooperation in the digital economy received a further boost with our two countries reaching an agreement in June to oppose and combat state-sponsored or state-tolerated theft of commercial secrets in cyberspace and to set up a mechanism that deals with cases of infringement.
However, has the project moved beyond the declaratory phase? On the positive side, we can see that some German companies have set up facilities in China that can rightly be called Industry 4.0 operations, or come very close to it. German research institutions, such as the Fraunhofer Institute – a premier institution of applied sciences and a leading developer of crucial elements of Industry 4.0 architecure – have stepped up their activities in China.
However, there are also serious obstacles. In reality, many companies are hesitating to set up Industry 4.0 operations in China.
The main obstacle is that China’s current and planned legislation on cybersecurity so far fails to address data security concerns. Because of the widespread use of machine-to-machine communication in Industry 4.0 manufacturing processes, the integrity of data flows must be 100 per cent assured.
In order to avoid potentially dangerous consequences to the environment or the safety of operators and others, manufacturers must ensure data security in several areas. For example, they need to be able to detect false transmissions or distortions by third parties. They also need to be able to ascertain the sender of every transmission and to guard against intrusions with the possible intent to steal intellectual property or prepare an attack on IT systems. In addition to stringent standards of data integrity and authenticity, manufacturers depend on an uninterrupted flow of data at extremely high volumes; this will probably require 5G communication in the future.
Experts agree that these requirements can only be met with so-called asymmetric encryption methods with multiple keys. Many of our machines and installations constructed for Industry 4.0 contain built-in encryption systems.
To sum up: our industry needs unhindered and safe encryption for data flows. This is a challenge not only for China but for any other country. These security challenges are so daunting that a German consortium led by Fraunhofer is developing a new “Industrial Data Space”, which aims to achieve a secure flow of data between networks of companies.
Unfortunately, current Chinese legislation is at odds with the requirements of Industry 4.0. Recent and future planned legislation might make the situation even more difficult. First, a 1999 directive generally prohibits the import and domestic sale of encryption products.
Second, the new anti-terrorism law seems to oblige operators to hand over decryption keys and encryption schemes to the authorities. The scope of these provisions is unclear.
The new draft cybersecurity law contains even more far-reaching obligations on companies and operators. For example, a blanket obligation to store all Chinese user data exclusively domestically would effectively rule out processing data provided by Chinese employees in the manufacturing process.
Third, China has repeatedly linked investments with an obligation to hand over core technology such as source codes. This apparently has also happened in the case of Industry 4.0 and further contributes to hesitation by German companies to expand these activities.
The current focus on security, especially in cyberspace, gives little cause to be optimistic that these problems can be fixed in the short term. However, there are measures that could be taken to encourage faster progress without sacrificing perceived security needs. Chinese legislation has, in the past, taken into account that certain technologies must be exempted from restrictive legislation if they are to be widely accepted: China has made such exceptions for smart cards.
If the new industrial revolution is to take root in China, industrial data flows generated for the purpose of Industry 4.0 should be similarly exempted.
Michael Clauss is the German ambassador to China