The law redesign can be viewed as an aspect of the current administration’s focus on national security and concerns over the flow of data across China’s borders. China has indicated an emphasis on building a more comprehensive legal system for national security with perhaps broader ramifications for legal reform and efforts at greater transparency in national security legal developments. In terms of the legislative history of the revisions to the PRC Counter-Espionage Law, legislative planning for revisions to the law were disclosed in China’s 2022 version of the Legislative Work Plan of the Standing Committee of the National People’s Congress (NPCSC Legislative Plan) (approved in December 2021 and publicly released in or about May 2022). The proposal for revising the law appeared in section 3 of the plan as a preparatory legislative item. Proposed revisions to the law were not suggested in either the 2021 or the 2020 NPCSC Legislative Plans, but that is not particularly unusual in legislative planning in China. 

Official commentary suggest that at some point in 2021/2022, revisions to this law became a Central Government policy and legislative priority and the first draft of the revision was publicly released in December 2022. In the 2023 NPCSC Legislative Plan (approved in December 2022, amended in April 2023, and released in or about May 2023), revisions to the PRC Counter-Espionage Law were slotted for further reading by the legislators in April 2023. The revised law was adopted and promulgated on April 26.

The revised law is set to become effective on July 1, 2023. The law:

• Brings under one heading various disparate counter-espionage rules that have been enacted since the first counter-espionage law in 2014.
• Provides express penalties, including fines and cancellation of business licenses, for foreign-invested and other domestic companies engaged in non-criminal espionage.
• Expands the scope of espionage activities to include cyber-intrusion.
• Cautions that the provision to parties abroad of unmarked items that concern national security or interests in various forms is illegal.
• Provides more detail on the investigative powers of state security organs, but with additional balancing language to suggest some legal restraints on those powers.

For a deeper dive into the weeds on the changes to the new law, please see below.

Given this judicial interpretation, even before the revisions to the PRC Counter-Espionage Law, both expressly marked items as well as unmarked items could be found to be punishable as state secrets. The standard for this is whether the person providing the information/document knew or should have known that the information related to national security or interests. The new language contained in Article 4(3) addresses the provision of documents, data, information or materials which, although they may not have been specifically marked as being classified, are still to be treated as classified from the perspective of the 2001 SPC Interpretation. Under Article 5 of the 2001 SPC Interpretation, such unmarked documents could still be afforded protection similar to those for state secrets (and thus their provision could amount to a violation of Article 111 of the PRC Criminal Law) if they related to national security and the proper level of intentionality was reached. For an intentional mens rea (criminal culpability), there would need to have been actual knowledge that the documents related to national security or the national interests or the party providing the information should have known the document related to national security or the national interests. So from the perspective of criminal espionage, the new language regarding “documents and data” arguably has not really changed those sorts of activities which could be punished under Article 111 of the PRC Criminal Law.

For a state of mind less than intentional and thus penalized with an administrative sanction, perhaps something more like negligence would be required, but the PRC Counter-Espionage Law does not expressly provide the standard for administrative sanction. As such, how the new provision will be implemented in practice, and whether the provision overseas of certain documents, data, materials, etc. relating to national security could also lead to an administrative sanction for non-criminal espionage in the right circumstances and state of intentionality, remains to be seen.

Cyber-intrusion – Article 4(4)

In addition to Article 4(3), Article 4(4) is a new subsection manifesting the importance of cybersecurity in the context of espionage law. The subsection has undergone a substantial change compared to the earlier draft for comments (in December 2022). Whereas the earlier draft contained narrower language that only concerns “disclosing security loopholes of critical information infrastructure”, the enacted Article 4(4) now addresses cyberattacks on “state organs, units involved with secrets, or critical information infrastructure.” Consequently, the state security authorities may now prosecute cyberattacks on a range of entities with espionage charges.

Investigative powers of the state security organs nore specifically expressed

The revised PRC Counter-Espionage Law has an updated chapter detailing the powers of the state security organs in investigating espionage. 

Most of these powers had been provided in the original PRC Counter-Espionage Law (2014) and/or the accompanying Implementing Rules, such as accessing electronic devices, etc. The revisions largely reiterate these powers, with some fine-tunings, such as the express language authorizing “inquiries into the relevant property information of persons suspected of acts of espionage” (Article 29). 

The provisions concerning exit restrictions (which some have labelled “exit bans”) contained in Article 33 do not look particularly new in our view, at least from the perspective of criminal investigations of espionage acts. The Implementing Rules in place already provided an exit restriction mechanism for personnel (??, in Chinese) suspected of criminal espionage. And more broadly, under the existing PRC Exit and Entry Law of 2013 (Article 28(1)), foreigners who have been named as a suspect of crimes may be refused exit from PRC borders.

Notably the revisions contain some expanded balancing language, which is meant to circumscribe the investigative powers of the state security organs. Multiple provisions now imply a principle of necessity and relevance. For example, Article 26 provides that accessing the relevant information “must not exceed the scope and extent necessary to carry out tasks of counter-espionage efforts.” Article 27 caps the time for questioning an alleged perpetrator to eight hours, or twenty-four hours for a detainable/criminally prosecutable perpetrator; it also requires the state security authorities to notify the perpetrator’s family in a timely manner. How these provisions will be implemented in practice is an open question, particularly in investigations for non-criminal espionage or for activities which might not be viewed as espionage if they were to take place in other jurisdictions.

Conclusion

Cases in China and in Western countries that may implicate national security concerns have become commonplace in global business today. In such an environment, it is important for businesses to keep changes to legislation in perspective. While there have been changes to the PRC Counter-Espionage Law, and questions remain as to how the new law will be implemented in practice, on balance, the revisions suggest that China continues to support advances to its version of the rule of law, which at the end of the day, may help promote a more transparent environment for business in China. The law is, in some respects, less opaque than the earlier 2014 version and consolidates under one heading many of the developments that have taken place in the decade since.