China's revised Counterespionage Law is part of a broader plan to combat threats to state and Party power, presaging greater reputational and data privacy risks for foreign companies, particularly as Beijing's willingness to economically retaliate against the West slowly grows. On April 26, the Chinese legislature revised the Counterespionage Law of the People's Republic of China, originally passed in 2014. The revised law will restrict the transfer of information related to national security and state interests and expands the definition of espionage to include documents, data or any other material related to national security. It also empowers state authorities to inspect facilities and electronic devices related to suspected espionage cases. The law does not specifically define national security or state interests, but previous Chinese Communist Party documents have defined these concepts as including physical, economic, political and ideological security as well as preserving China's technological edge and social stability. The new draft also sets up a hotline for citizens and mandates that they report suspected espionage. It requires logistics companies to assist the state's counterespionage efforts with technical support and to provide evidence of suspected espionage, and it empowers local governments to conduct their own counterespionage efforts. It also obliges local governments, national media outlets and "internet information service" operators (e.g., social media platforms like WeChat) to conduct campaigns to teach Chinese citizens about the risks of espionage. 

• The Counterespionage Law's passage comes after a number of high-profile cases in March related to alleged espionage. These include the detention of five local Chinese employees of the U.S. corporate due diligence company Mintz Group in Beijing who have yet to be charged with anything, though a senior employee for the company had previous high-level connections to the CIA; the indictment of a former top editor of the Chinese newspaper Guangming Daily suspected of leaking information to Japanese diplomats; and the detention of an employee of Japanese pharmaceutical company Astella Group on charges related to the previous Counterespionage Law.

Changes to its law on counterespionage are part of a broader effort by Beijing to protect the Party from internal and external threats during a turbulent time, with economic competition with the United States prominent among these. Beijing is attempting to expand China's laws for rooting out alleged threats to justify the growing state presence in the private sector and to expand societal participation in state efforts to protect all aspects of China's national power (economic, ideological, technological, etc.) and Party legitimacy. The Counterespionage Law changes go hand-in-hand with Beijing's efforts to expand anti-foreign sanctions legislation, a key priority of the current legislative session, and redefine national security threats as anything that jeopardizes Beijing's goal of achieving China's national rejuvenation as a top global power unconstrained by the West's rules. These efforts also include bolstering the Party's grip on power. As threats to China's economic development mount internally (like rising youth unemployment and concomitant risks of labor unrest) and externally (like U.S., Japanese and Dutch chip restrictions on China), the ability of the authorities to define myriad activities as giving away state work or commercial secrets as defined by the Counterespionage Law will allow Beijing to do its utmost to protect China's competitive advantages and combat what Beijing calls "foreign discriminatory trade practices" (e.g., sanctions, export restrictions, customs laws, etc.).

The Counterespionage Law will pose data privacy, reputational and, in rare cases, personal security risks to Western firms, particularly as Beijing's hesitance to economically retaliate against the West dissipates amid growing tensions with the United States. The Counterespionage Law plus the country's Data Security Law, Cybersecurity Law and Personal Information Privacy Law all give Beijing better control over corporate data management practices, further empowering the authorities to intervene in the activities of private enterprises when espionage is suspected — threatening data privacy and intellectual property protection. Moreover, the law's requirement that civil society, local governments and private enterprises participate in counterespionage will deepen already high nationalist, anti-foreigner sentiment in China, which Beijing often stokes at the same time as it stifles dissenting voices. This will worsen the business environment, forcing companies to make contingency plans for various scenarios. One of these is mitigating reputational risks from media and online smear campaigns against their corporate activities. Another scenario involves having their employees detained, as happened with Astella Group and Mintz Group. Even as Beijing expands the reach of its Counterespionage Law, various data laws and many other similar regulations, its willingness to actually use these laws remains to be seen. It has largely not used other options at its disposal, like the Anti-Foreign Sanctions Law and Unreliable Entity List — which allow Beijing to impose fines, criminal charges and business restrictions on companies implementing so-called foreign discriminatory trade practices. But China's recent opening of a cybersecurity review into U.S. memory chip maker Micron — largely seen as retaliation against U.S. chip export restrictions on China — suggests Beijing's reticence to use such tools may be fading as countries including Japan and the Netherlands begin joining U.S. trade restrictions against China.

• In July 2021, Beijing opened a cybersecurity review into Chinese ride-hailing firm Didi after the company listed on the New York Stock Exchange despite warnings from regulators that Beijing had unspecified data security concerns related to the listing. This review led to a $1.2-billion fine against the company, Didi's delisting from the NYSE in June 2022, lengthy on-site inspections at Didi's offices by numerous regulators, and an 18-month ban from Chinese app stores for Didi's mobile apps, which prevented the company from registering new users and allowed competitors to gain market share.