China Tightens Its Grip on Website Delivery

Reports surfaced recently of the Chinese Government enforcing tighter control over pre-existing telecom regulations.

Beijing is said to have ordered state-run telecommunication firms (including China Mobile, China Telecom and China Unicom) to prevent people from using VPNs, in keeping with President Xi Jinping’s ‘cyber sovereignty’ campaign. Until today VPNs operated in a legal gray area, used by individuals and corporations alike to access international websites.

But the new crackdown on illegal website delivery is said to affect a lot more services than just VPNs (that have grown accustomed to being regularly blocked by the Ministry of Industry and Information Technology, or MIIT). Now local Chinese CDNs have started sending alarming messages to customers warning of the risk of having their websites blocked in China for lack of a proper license.

In the past, delivering a website’s content in China could be achieved either through local or international hosting. In order to be hosted locally, however, publishers need to apply for a state-issued registration number (also known as an ICP license) at the local branch of the MIIT in the province where their business was registered. They must then display that ICP number on the website’s footers.

In November 2016, the National People’s Congress passed a new China Cybersecurity Law, which required network operators in critical sectors to store data inside China. Most notably, business information and data on Chinese citizens gathered within China would have to be stored on domestic servers for Chinese authorities to spot-check when needed.

Effectively, that meant most foreign businesses and their websites now required an ICP license in order to keep operating in China. Although that law came into effect on June 1st, 2017, it looks like internet regulators gave it a more aggressive push ahead of the National People’s Congress of the Communist Party in China (mid-October). That means more scrutiny is going into whether websites possess the mandatory ICP license – and more heat directed at the network operators that allow these ‘non-compliant’ websites to be delivered in China.

Until this weekend, a website that did not possess an ICP license could be hosted outside of mainland China (say, in Hong Kong) and delivered from there. Most Chinese and international CDNs even offered some type of ‘Near-China Delivery’ options, whereby they would host content on their own servers near China (Singapore, Hong Kong, etc.) and through their private lines get that content through the Great Firewall and more efficiently delivered to end-users in China.

And this is where the new Cybersecurity Law comes into play: VPNs are nothing but private lines operated to usher content in and out of China through the Great Firewall. And the CDN’s private networks fall squarely into that category. China Telecom, China Unicom and China Mobile have each now issued a notice to foreign businesses in China requiring these companies to obtain proper Private Line licensing from the government, and to block usage of those lines to connect to anything other than the company’s overseas headquarters.

Looking ahead, it is safe to assume Chinese network operators and CDNs will start enforcing the new Cybersecurity Law strictly: verifying the ICP licenses of all websites delivered in China through their services is likely just the tip of the iceberg. If you don’t have an ICP license yet, apply for it now or risk having your website blocked in China (as Lamborghini and Ferrari were this weekend) within the next few weeks.