China’s VPN providers face harsher punishment for scaling the Great Firewall under new data regulation
- The Cyberspace Administration of China drafts detailed new rules prohibiting the provision of tools for accessing censored overseas websites
- The regulation marks the country’s strictest attempt so far to clamp down on unauthorised VPN services
Titled “Network Data Security Management Regulations”, the proposal by the Cyberspace Administration of China stipulates that no individual or organisation shall provide “programs, tools, routes” or services, including internet access, server hosting, technical support, promotion, app downloads, payment and settlement for “penetrating and bypassing the cross-border data security gateway”.
Any violation may result in a fine no more than 10 times the amount of money made from the offence, or up to 500,000 yuan (US$78,362) if the offender is in a management position. Any offending organisation may have its business license revoked.
The regulation, which is expected to pass without much challenge, raises fresh questions for multinational companies operating in China, many of which rely on VPNs or similar services to reach overseas headquarters, or access websites blocked by the country’s censorship apparatus, such as Google, Facebook and most major English-language news sites.
While China’s telecommunication regulator allows certain big multinational companies to apply for special permission to leap over the Great Firewall, the approval threshold is high, forcing the great majority of individuals and businesses to rely on VPN services operating in grey areas.
China’s earliest official attempt to ban unauthorised internet access dates back to a 1997 document named “Temporary Regulations Governing International Computer Information Networks”, which simply states that anyone who wants to access foreign websites must use government-designated channels, with offenders facing fines up to 15,000 yuan and the possibility of having their internet access cut off.
An amendment to the criminal law in 2009 added a line that says anyone “providing programs or tools to intrude or illegally control computer information systems” faces up to seven years in prison.
A large crackdown on VPNs did not happen until 2017, when the Ministry of Industry and Information Technology carried out a major inspection on internet service providers. That year, Apple removed 674 VPN apps from its app store in China, the Californian company told US senators in 2017.
While regulations have so far targeted VPN developers and providers, users have also been punished. In 2019, a man living in Shaoguan, Guangdong province was fined 1,000 yuan for using a VPN app.
“Individual VPN users should be cautious, as there are legal risks to bypassing the wall for whatever reason,” said an article published by Shanghai-based Wintao Law Firm in January this year.