top of page

XL INSIGHTS+
Legal Alerts and News Updates

Writer's pictureAnne Wilder, XL Law & Consulting

What China’s Broadening of its Anti-Espionage Law Means for U.S. Colleges and Universities

  • China revised its Anti-Espionage Law, broadening both the definition of espionage activities and the authority of national security agency staff to investigate persons or entities suspected of espionage.

  • Changes took effect July 1, 2023.

  • U.S. institutions of higher education should consider the law’s potential impact on any collaborations or other activities that take place in China and take steps to ensure compliance.

Background and Summary

On April 26, 2023, the Standing Committee of the People’s Republic of China passed significant amendments to its Anti-Espionage Law. Amendments to the law, which has not been amended since its inception in 2014, took effect July 1, 2023. Of note for U.S. institutions of higher education or other entities with employees, partnerships, collaborations, offices, or other activities in China, the amendments significantly broaden the definition of espionage and provide more authority to national security agency staff to investigate individuals or entities suspected of espionage.


Definition of Espionage

The revised law expands the scope of espionage activities to include “[j]oining an espionage organization or accepting a task by an espionage organization or its agent, or seeking refuge with an espionage organization or its agent.” The law, which has both domestic and extraterritorial application, applies if an espionage organization or its agent “engages in espionage activities against a third country within the territory of the [PRC] or by taking advantage of any citizen, organization, or other conditions of the [PRC], which compromises the national security of the [PRC].”


Espionage activities are also expanded to include:

  • “Stealing, spying, purchasing, or illegally providing any state secret or intelligence, and other documents, data, materials, and items relating to the national security and interest or causing a state employee to betray his or her country by instigation, inducement, threat, or bribery, which is committed by an overseas institution, organization, or individual other than an espionage organization and its agent or by any other person as instigated or funded by the aforesaid or committed by a domestic institution, organization, or individual in collusion with the aforesaid” (emphasis added); and

  • “Attacking, intruding into, interfering with, controlling, or destructing the network of a state organ, entity involving confidential information, or critical information infrastructure, among others, which is committed by an espionage organization and its agent or by any other person as instigated or funded by the aforesaid or committed by a domestic or overseas institution, organization, or individual in collusion with the aforesaid.”

Although the law does not define “national security,” Article 2 of the National Security Law provides the following broad definition: “National security means a status in which the regime, sovereignty, unity, territorial integrity, welfare of the people, sustainable economic and social development, and other major interests of the state are relatively not faced with any danger and not threatened internally or externally and the capability to maintain a sustained security status.”


Under the revised definition of espionage activities, national security authorities could potentially interpret activities that are common to foreign (including U.S.) enterprises (such as conducting business intelligence activities) or U.S. academic research collaborations (such as analyzing PRC economic or financial data, or working with human genetic resources) as constituting “espionage activities” if the institutions conducting the research are classified as “espionage organizations.”


Investigative Authority

The new law also grants national security agency staff the authority to “inspect” the personal articles carried by “any unidentified person who is suspected of espionage,” including both Chinese citizens and foreign nationals. To conduct such an investigation, national security agency staff need only present their work credentials. The law does not include any criteria for determining when an individual is “suspected of espionage.”


Investigations may also include examination of “electronic equipment, facilities, and relevant programs and tools of a relevant individual or organization,” so long as the national security agency staff members are “executing a counterespionage work task in accordance with the law,” have approval from the person in charge of the national security authority at or above the districted city level, and have presented their work credentials. In some cases, the national security authority can seize or impound the equipment.


Penalties

Penalties may be imposed for espionage activities “committed by an overseas institution, organization, or individual or by any other person as instigated or funded by the aforesaid or committed by a domestic institution, organization, or individual in collusion with an overseas institution, organization, or individual[.]”

  • Non-criminal espionage: An individual who commits espionage that does not constitute a crime may be given a warning, subjected to administrative detention of up to 15 days, fined up to 50,000 yuan (or up to five times their illegal income), and subject to disciplinary actions. (The same actions may be taken against anyone who provides support or assistance to the individual committing espionage.) When an entity is charged with committing espionage, the entity may be given a warning, fined up to 500,000 yuan (or up to five times the illegal income), and the executive and other “directly liable persons” may be subject to individual liability measures. The national security authority may also demand that the entity cease its business operations or revoke the entity’s license or registration.

  • Criminal espionage: Under the following circumstances, individuals or entities may be held criminally liable if the conduct constitutes a crime or, if it does not, may be subject to a warning or administrative detention of up to 10 days and a fine of up to 30,000 yuan: (1) divulging a state secret involving the espionage work; (2) refusing to provide relevant information or evidence related to an espionage investigation; (3) intentionally obstructing the national security authority in its execution of the law; (4) concealing, transferring, selling, destroying, or damaging any property seized by the national security authority; (5) knowingly harboring, transferring, purchasing, selling, or otherwise disguising or concealing any property involved in espionage; or (6) retaliating against any individual or entity supporting the national security authority’s work.

The property involved in a case is dealt with according to China’s Criminal Procedure Law, and will be confiscated, destroyed, or returned to the owner, depending on the circumstances.


Foreign nationals who are found to have violated the law may be ordered to leave China for a specified period of time. If a foreign national is deported based on a decision of the national security department of the State Council, the individual may not reenter China within ten years from the date of deportation.


Finally, the law provides that affected parties may appeal an adverse administrative decision.


Implications for U.S. Colleges and Universities

Even before the recent amendments were passed, high profile incidents—including a raid on the Chinese offices of U.S. companies Bain & Company, the Mintz Group, and Capvision and the detention of a Japanese pharmaceutical executive working at the company’s office in China—have raised concerns among foreign businesses with operations in China. The new law has amplified these concerns. The U.S. government, through the National Counterintelligence and Security Center (NCSC), on July 30, 2023 issued a bulletinwarning that the 2023 updates have the “[p]otential to create legal risks or uncertainty for foreign companies, journalists, academics, and researchers” and that “[a]ny documents, data, materials, or items could be considered relevant to PRC national security due to ambiguities in the law.” The NCSC further stated:


“These laws provide the PRC government with expanded legal grounds for accessing and controlling data held by U.S. firms in China. U.S. companies and individuals in China could also face penalties for traditional business activities that Beijing deems acts of espionage or for actions that Beijing believes assist foreign sanctions against China. The laws may also compel locally-employed PRC nationals of U.S. firms to assist in PRC intelligence efforts.”

In order to mitigate risks related to the new law, some companies—according a recent Financial Times article—have begun to separate their IT systems, with one for China and one for the rest of their global operations, and are localizing all data related to their China operations within the country’s borders.


Although we are unaware of any raids or detentions involving the educational activities of U.S. colleges and universities in China, it is important for U.S. institutions of higher education to be aware of the law’s provisions in order to consider the law’s potential impact on any collaborations or other activities that take place in China and to ensure compliance.


U.S. institutions of higher education may want to consider the following:

  • Reviewing the scope of their activities in China and cataloging their portfolio of programs to ascertain which, if any, might be considered to involve sensitive information;

  • Engaging in detailed data flow mapping to ensure key institutional stakeholders have a clear understanding of how data is flowing between the institution and Chinese partners;

  • Reviewing data carefully to determine what data can be localized (i.e., stored within China’s borders) and only transferring data outside of China when necessary;

  • Ensuring that the institution has adequate measures in place to transfer data securely between the U.S. and China and within PRC borders;

  • Updating their due diligence on potential partners in China to include the Chinese entity’s compliance with the new law; and

  • Implementing training on the new law for any faculty or other staff who will be teaching, conducting research, or engaging in other activities in China that may be considered sensitive.



bottom of page