HONG KONG — In August, business groups around the world petitioned China to rethink a proposed cybersecurity law that they said would hurt foreign companies and further separate the country from the Internet.

On Monday, China passed that law — a sign that when it comes to the Internet, China will go its own way.

The new rules, which were approved by the country’s rubber-stamp Parliament and will go into effect next summer, are part of a broader effort to better define how the Internet is managed inside China’s borders.

Officials say the rules will help stop cyberattacks and help prevent acts of terrorism, while critics say they will further erode Internet freedom. Business groups worry that parts of the law — such as required security checks on companies in industries like finance and communications, and mandatory in-country data storage — will make foreign operations more expensive or lock them out altogether. Individual users will have to register their real names to use messaging services in China.

Restrictions on the flow of data across borders “provide no security benefits but will create barriers to Chinese as well as foreign companies operating in industries where data needs to be shared internationally,” James Zimmerman, chairman of the American Chamber of Commerce in China, wrote in an e-mailed statement.


He added that by creating such restrictions, China risked isolating itself technologically from the rest of the world.

But in many ways, the regulations are not likely to have a major impact on how business is done. Most of the rules are already in effect but not codified. Other parts are vague enough that the government will determine their meaning on the fly.

The law, however, is an important statement from Beijing on how the Internet should be run: with tighter controls over companies and better tracking of individual citizens.


Calling it a “basic law,” Chen Jihong, a partner at the Zhong Lun law firm in Beijing, said the rules were set up to deal with the growing number of legal issues regarding the Chinese Internet and to seek to strike a balance between privacy and security.

“The law only stipulates principles; it would take follow-up laws or interpretations to specify the standards,” he said.

Human Rights Watch said Monday that it was concerned about several aspects of the law, including that it calls for real-name registration for users of Chinese instant messaging services.

“The already heavily censored Internet in China needs more freedom, not less,” the group’s China director, Sophie Richardson, wrote in a statement. “Despite widespread international concern from corporations and rights advocates for more than a year, Chinese authorities pressed ahead with this restrictive law without making meaningful changes.”

The final law did soften a few elements. In particular, a second draft of the law said foreign businesses did not need to keep all of their data inside China — just important business data collected within China or about Chinese consumers.

The law is also part of a broader set of policy steps to streamline regulation of the Internet. Analysts say the regulations seem to indicate that the Cyberspace Administration of China, a relatively new regulatory body created during President Xi Jinping’s tenure, ultimately is in charge of setting the agenda.