Cecca newsletter on company and financial law (issue 1 october 2018)

Issue 1 October 2018
CECCA NEWSLETTER cecca.org.uk 1
CONTENTS
1. Special Observer
New Progress in the London-Shanghai Stock Exchanges
Connection Scheme…………………………………………………………3
2. E-commerce Law
Towards a Safer Commercial Environment: A Brief Review
of the E-commerce Law of the
P.R.C......................................................................................6
CECCA
China-Europe Commercial
Collaboration Association
Professional Consultancy on Legal,
Trade, Finance and Policy Matters.
London, United Kingdom
Contact
www.cecca.org.uk
contact@cecca.com.cn
CECCA LinkedIn Page
www.linkedin.com/company/cecca
CECCA on Twitter
twitter.com/CECCA_London?lang=en
CECCA on Facebook
ISSN 2631-7524
We sincerely invite our readers to visit
and subscribe at CECCA website and
follow us on LinkedIn to keep up-to-
date with our newsletter, events and
other information.
CECCA NEWSLETTER ON
COMPANY AND FINANCIAL LAW
Publisher: CECCA Editorial Department Publishing Directors: Dr Lijun Zhao, Shengnan Jia
Deputy Editor-in-Chief: Dr Chi Zhang; Editor: Shu-Chien Chen

3. Academic Frontier
Piercing the Veil of National Security: Does China’s Banking IT Security Regulation Violate the TBT
Agreement? (Ⅰ)……………………………………………………………………………………………………………………………10
4. News in Brief
4.1 China Proposes to Fully Open its Financial Markets to Foreign
Investors...………..……………………………………………………………………………………………………………………………30
4.2 New Amendment to China's Company Law is Proposed by the Securities
Regulator…………………………………………………………………………………………………………………………………………30
4.3 Strictness on Banning Virtual Currency in China is
Continued………………………………………………………………………………………………………………………………………30

1. Special Observer
New Progress in the London-Shanghai Stock Exchanges Connection Scheme
Authored by Dr Chi Zhang
It is only half a year left for the United Kingdom (UK) to prepare for coping with the potential
risk and economic loss triggered by Brexit after 19 March 2019. This may become the largest
loss in the UK’s economic history and it was accompanied by much uncertainty for the U.K.
economy and the financial markets in the City of London. In the meantime, for the UK, there
is the great opportunity to focus on establishing new ties with faster-growing parts of the
world like China. Currently, UK-China relation is experiencing a golden era and both the
authorities of the two countries are committed to delivering deep partnerships and working
together to tackle global challenges. Against this background, a particularly exciting
development for the financial markets of the UK and China is the pending link-up between
the London and Shanghai stock exchanges
that aims to enhance investment
opportunities between them greatly. The
British and Chinese governments have
reached a consensus to establish the
Shanghai-London Stock Connection (SLSC)
before the end of 2018. It follows up the
footsteps of the Shanghai-Hong Kong Stock
Connection that was enacted in November
2014 and the Shenzhen-Hong Kong Stock
Connection of December 2016.
Generally speaking, under the SLSC, British investors will be able to take advantage of new
opportunities in China just as mainland Chinese investors would be able to efficiently invest

Dr Chi Zhang is Deputy Editor-in-Chief of the CECCA, Lecturer of Commercial Law at The School of Law and
Humanities at China University of Mining and Technology (Beijing). E-mail: chi.zhang@cecca.com.cn
Editor’s Note: It has been confirmed by the officials of China Securities Regulatory
Commission that the mechanism of Shanghai-London Stock Connect Scheme under
promotion is proposed to adopt mutual market access by way of China Depositary
Receipts (CDRs). The proposal of establishing a free-trade connection between the
Shanghai Stock Exchange and London Stock Exchange was initiated by the Chinese and
British government as early as 2015 and it is expected to roll out in this year.

in equity portfolio outside of Asia. A major spur for the SLSC based on the fact that the City
of London has already become another major club for financial trading in the Chinese
currency, namely the RMB. London has become the most important external RMB market
other than Hong Kong since 2016. The City of London has also been home to significant
volumes of bond issues denominated in RMB. There is also a new opportunity for the SLSC
to tap into the growing influence of China in the financial markets of continental Europe.
For instance, Frankfurt’s China Europe International Exchange was established in November
2015, which is organized as a joint venture between the Shanghai Stock Exchange, Deutsche
Börse and China Financial Futures Exchange. It is not surprising that the new Shanghai-
London Stock Connect will make China access more readily available to other European
investors.
This is not to say that the new Stock Connect
does not face substantial challenges. Perhaps
the most obvious risk is the seven/eight-hour
time difference between London and
Shanghai. This problem can be successfully
copied by the use of special financial
instruments which are known as “depository
receipts”. Briefly speaking, depository receipt
involves claims on foreign shares that can be
freely traded on the domestic market in a
given country. Under the SLSC, depository receipts of equities listed in the London Stock
Exchange (LSE) would be legally traded on the Shanghai market and depository receipts of
Shanghai-listed companies can also be transacted freely on the London market. Moreover,
Chinese Depository Receipts (CDRs) traded in the LSE would be subject to the same terms
of settlement as other London-listed securities. In addition, however, different settlement
times across the two markets would be a problem as well, which needs to be properly settled
before the SLSC is officially launched and it also remains unclear whether the CDR would be
fully convertible into local Shanghai shares.
In this year, the preparation for the establishment of SLSC is moving ahead quickly, the
China Securities Regulatory Commission (CSRC) has issued an official administrative
regulation on issuing and trading depositary receipts on 6th June 20181, is a milestone laying
the groundwork for the SLSC. According to this regulation, CDRs are being permitted to be
issued to global investors to trade Chinese shares in the stock exchanges outside China.
Moreover, the CSRC drafted the Provisions on the Supervision and Administration of
Depository Receipts under the Stock Connect Scheme between the Shanghai Stock Exchange
and the London Stock Exchange (for trial implementation) in late August 2018. In
accordance with this regulatory proposal, detailed requirements will be put forward for the
listing, transaction, transparency and cross-border conversion, which contains four
dimensions:
At the first place, to build up efficient approval regime for CDR issuance. If the issuer of a
London-listed firm issues CDRs, it will be reviewed and approved by the CSRC and the
1
The full Chinese title: 中国证监会【存托凭证发行与交易管理办法（试行）】

Shanghai Stock Exchange. At the same time, the issuing price must be converted in
proportion to 90% of the average closing price of the underlying equity on the twenty trading
days before the pricing benchmark. Secondly, if cross-border conversion rules apply to the
issuance of CDRs, investors shall buy CDRs in the overseas market or obtain the basic stock
in other lawful ways and deliver it to the depositary. The depositary shall issue the
corresponding certificate of CDRs according to the relevant regulations and the depositary
agreement. Where a cross-border conversion institution applies to the redemption of the
CDR, the depositary shall cancel the corresponding CDR in accordance with the relevant
provisions and the depositary agreement, and deliver the corresponding basic stock to the
cross-border conversion institution.
Thirdly, in order to set up a regulatory framework for global depositary receipts (GDRs)
issuance at the LSE by listed companies from Chinese stock market, GDR issuers are subject
to laws and regulations applicable to overseas listing and LSE local rules. Finally, the
proposal drafted by the CSRC tends to clarify continuing regulatory and supervisory
requirements for CDRs. Generally, the continuing regulation and supervision of CDR are in
line with applicable provisions concerning overseas listed red-chip companies which have
been stipulated in the Implementing Measures for Ongoing Supervision of Innovative
Enterprises Following Listing of Domestically Offered Stocks or Depository Receipts.
CECCA’s Comments:
During the recent years, the diplomatic relationship between China and the United Kingdom
is enjoying their 'golden era'. Particularly, the economic co-operation is currently
progressing very quickly in the areas of financial investment. The establishment of the
Shanghai-London Stock Connection Scheme will offer new opportunities for the investors
in the two countries. It can be convinced that the advantages in financial regulation and
stock trading and listing in London and the growing demands in equity investment in China
will release great value in global economy jointly, and the investors in the two countries will
be benefited mutually.

2. E-commerce Law
Towards a Safer Commercial Environment:
A Brief Review of the E-commerce Law of the P.R.C
Authored by Shu-Chien Chen
& Dr Chi Zhang
1. Introduction to the New Legislation
It is undoubted that the digital economy has become the new paradigm of the current era.
In China, economic activities via the Internet grow extremely fast, and the pre-existing laws
and regulations cannot serve the need of the emerging digital economy. Therefore, new rules
for the digital economy are necessary.

Shu-Chien Chen is an editor at CECCA Editorial Departement. Currently, she is pursuing her PhD studies on EU
corporate tax law in Erasmus University Rotterdam and taking classes to qualify as a Dutch lawyer at the University
of Amsterdam, the Netherlands. She had been practising law in Taiwan, China and the Netherlands before her PhD
project. Her research interests include corporate tax, EU law, customs, comparative law, data protection law, company
law, human right law.

Dr Chi Zhang is Deputy Editor-in-Chief of the CECCA, Lecturer of Commercial Law at The School of Law and
Humanities at China University of Mining and Technology (Beijing). E-mail: chi.zhang@cecca.com.cn
Editor’s Note:
China’s first e-commerce law has been passed by the legislative body, which offers detailed
stipulations for future operators. In the recent decade, the e-commerce sector has rapidly developed
as one of the most influential economic powers in China. However, due to the lack of specific legal
rules regulating e-commercial dealings, the Chinese e-commercial industry is being increasingly
riskier. This newly passed statute will definitely improve the institutional environment of the e-
commerce sector in China and provide better protection for both investors and consumers.

The E-commerce Law of the P.R.C is adopted on 31/08/2018 and will enter into force on
01/01/2019. This legislation aims to regulate e-commerce in the digital economy era as well
as encourage the various business models. The traditional civil law, tax law and market
regulations nowadays can no longer effectively deal with emerging problems from the digital
economy. It is actually a universal problem, and China has taken a great and responsible
step. The E-commerce Law establishes a very comprehensive framework, so it could be a
bridging instrument of different legal fields. It codifies pre-existing practices and experiences
from foreign jurisdictions. It can be expected that it should increase the consistency of
different legal fields.
2. Basic Principle of The E-commerce Law of the P.R.C
The E-commerce Law emphasizes, “The state shall equally treat online and offline business
activities and promote integrated development online and offline”.2 There are multiple
stakeholders in the digital economy: the platform, the e-commerce businesses, and
individual customers. The E-commerce Law mainly involves enhanced administrative
obligations of the e-commerce businesses and protecting customers. Generally speaking, the
platform and e-commerce businesses are subject to stricter rules and individual customers
enjoy more intense protection.
The broad subjective scope and stricter registration obligations
The subjective scope of the E-Commerce Law is quite broad, including foreign cross-border
E-commerce business whose customers are in China.3 The E-Commerce Law has extended
the subjective scope of application to "natural persons, legal persons or organizations
without the status of legal person that engages in the commercial activities of selling
commodities, or providing services, through the Internet or any other information network,
including e-commerce platform businesses, in-platform businesses, and e-commerce
businesses that sell commodities or provide services through a self-built website or any other
network services." The E-Commerce Law also expressly excludes following industries:
"financial products and services nor services in the provision of news information, audio or
video programs, publication and cultural products, or any other content aspect."4
Furthermore, in principle, an e-commerce business shall register unless the business activity
only involves an individual's agricultural or low-value transactions. By fulfilling the
registration obligation, e-commerce businesses are under supervision and regulation from
the authorities. Tax avoidance or tax evasion opportunities would be reduced.5
Regulating dynamics between the e-commerce platform business, in-platform
business and customers
2
The Law of E-commerce of the P.R.C, Article 4.
3
Ibid., Article 26.
4
Ibid., Article 2.
5
Ibid., Articles 11 & 28.

The E-Commerce Law has precisely taken into account the distinctive feature of the digital
economy: data plays an important role. Customers inevitably provide a lot of data in the
process of online business by searching keywords and placing orders. Any e-commerce also
has the obligation to protect customers' personal data.6
Data from rating or feedback from previous customers will also constitute an influential
indicator for future customers. Therefore the e-commerce platform business should
establish and improve a credit rating system, publish credit rating rules, and provide
channels for consumers to make comments on the commodities sold or services provided in
the platform. An e-commerce platform business may not delete any comment made by a
consumer on the commodities or services sold or provided on its platform.” 7 An e-commerce
platform business shall show the search results of commodities or services to consumers
according to the price, sales volume, credit, and other factors; and conspicuously indicate
"advertisements" for commodities or services ranked as a result of pay for placement. An e-
commerce platform business has the main responsibility to make the platform a fair
marketplace for customers.
With the same rationale of protecting the online customers as a weaker party, The E-
Commerce Law also provides "Formation and Performance of E-Commerce Contracts
(Chapter 4)" and "Settlement of E-Commerce Disputes (Chapter 5)". Both chapters have the
same spirit of protecting the online customers' interests and are special rules to the current
civil law and civil procedural law.
Clarifying liability and obligation of the e-platform business to protect intellectual
property
As to protection of intellectual property right, the E-Commerce Law has implemented the
safe-harbour doctrine8 to e-platform businesses. The safe-harbour doctrine means that upon
receiving the notice from the intellectual property right owner regarding IP infringement,
the e-platform businesses have the obligation to take necessary measures, such as deletion,
blocking or disconnection of links and termination of transactions and services. Failing to
fulfil the obligation, the e-commerce platform business would be jointly and severally liable
with the infringer.9 Where an e-commerce platform business knows or should have known
such IP infringement, the platform cannot claim it having any liability.
3 The Serious Risk in Chinese E-commerce Sector: A Case of DiDi Chuxing Platform
DiDi Chuxing, China's ride-hailing tycoon has suspended its carpool service after police
reported a young female passenger had been raped and murdered by a DiDi driver in August.
Didi Chuxing is the world's largest ride-hail company by the number of trips. DiDi Chuxing
's recent company statement asserts that the incident showed there were essential
drawbacks in its processes and so it would suspend its online operation system for re-
evaluation. The company dismissed the head and vice-president of its high-tech department
6
Ibid., Articles 23-25.
7
Ibid., Article 39.
8
Ibid., Article 42-43.
9
Ibid., Article 45; It derives from the red flag doctrine.

in September. At the same time, China's transport ministry has also demanded action from
DiDi Chuxing to ensure passenger safety.
What Happened to the DiDi's Passenger?
According to the police's report, a twenty-year-old girl got into the taxi in the city of
Wenzhou at around 13:00 local time on 24 August. The 27-year-old driver was detained early
morning on 25 August and confessed to raping and murdering his passenger. A similar crime
had taken place in May in the Zhengzhou, a large city located in the central part of China
when a 21-year-old flight attendant was killed after using the taxi run by the same service
provider.
The above very severe crimes have exposed the gaping operational loopholes of the Didi
Chuxing platform, the like and safety of passengers have been under threat, and this problem
is not properly solved by the operator of the online platform. The Law of E-commerce of the
P.R.C is also promulgated against this background which will particularly focus on clarifying
and increasing the legal liability of online service providers' monitoring responsibility in
providing services.
4 CECCA's Comments:
There is no doubt that the e-commerce industry has essentially contributed to the
development of the Chinese economy in the recent two decades. However, the potential risk
even the dangers accumulated in this area is also increasing along with its expansion. The
promulgation of the Law of E-commerce of the P.R. China is to do an effort to the healthy
development of the e-commerce sector of China and providing better protection for
consumers. Whether this new legislation can function well, it still remains to be observed in
future.

3. Academic Frontier
Piercing the Veil of National Security:
Does China’s Banking IT Security Regulation Violate the TBT Agreement? (Ⅰ)
Authored by Dr Nan-Xiang Sun
I. INTRODUCTION
Cyberspace is frequently being regarded as the fifth domain of human being. However,
globally, the propositions for how to regulate the Internet are diversified based on nations’
individual preferences (e.g., national security, trade liberalization, civil autonomy).10 The
Chinese Government expressed its concern about the wide adoption of foreign information
technology (hereinafter “IT”) products in critical infrastructure and key industries
domestically, particularly after the Edward Snowden incident.11

Ph.D., Assistant Professor of Institute of International law, Chinese Academy of Social Sciences. Thanks for the
valuable comments from the reviewers, and the great help from the editors. All errors and omissions are the authors.
The author could be reached at yean35_1@hotmail.com and sunnanxiang@cass.org.cn. The full article has been
published in the Asian Journal of WTO & International Health Law and Policy (2016) (2): pp. 394-436. The rest of
this article will be successively published in the next issue of the CECCA Financial Newsletter.
10
The regulation in cyberspace would go beyond the traditional jurisdictional paradigms, namely, personal jurisdiction
and territorial jurisdiction. In the international or global domains, the national interests may diversify substantially
according to the power and controllable resources of the given nations. For example, the United States advocates the
freedom of data transmission transnationally, whereas the European Union adopts the Data Privacy Directive that sets
a high level in the principles of privacy protection. See Gehan Gunasekara, Paddling in Unison or Just Paddling?
International Trends in Reforming Information Privacy Law, 22(2) INT’L J. L. & INFO. TECH. 141, 150-166 (2014);
Gregory Shaffer, Globalization and Social Protection: The Impact of E.U. and International Rules in the Ratcheting
Up of U.S. Privacy Standards, 25 YALE J. INT’L L. 1, 1-38 (2000).
11
Since 2010, a number of legal instruments have been promulgated intending to enhance national security in China.
For instance, on 8 May 2012, the People’s Bank of China published the industrial standards, named General
Specification for Information Security for Online Banking Systems (Wangshang Yinhang Xitong Xinxi Anquan
Tongyong Guifan). Moreover, in February 2014, China’s President, Xi Jinping headed the Central Internet Security and
Informatization leading Group to address the strategic issues concerning China’s security and development. See Xi
Jinping Leads Internet Security Group, CHINA DAILY (Feb. 27, 2014, 8:58 PM), http://www.china
daily.com.cn/china/2014-02/27/content_17311358.htm.
Abstract: The first decade of the 21st century witnessed disputes about IT products' regulation
between China and the Western world. Currently, China's banking IT security regulation has spurred
a heated debate among international lawyers. More specifically, the critical issue is how to strike a
balance between the wants of free trade and the needs of national security. Under WTO jurisprudence,
China's banking IT security regulation would be a trade barrier for not only foreign IT products but
also domestic products: however, China would defend its measure on the ground of national security
in the TBT Agreement. Theoretically, China would not shoulder the responsibility to adopt the
Common Criteria as a basis for technical regulations. It should be noted that the real risk of treaty
violation is the de facto discrimination created by China's regulations. In order to address the issue of
cybersecurity regulations, multilateral or bilateral co-operation, or good practice guidance, may be
feasible and practical.

Doubtless, security is a major concern for financial institutions. Broadly speaking, the
entire financial system is characterized by strict data confidentiality, without which the
whole system would collapse.12 Thus, in order to stabilize the economy, reduce the risk of
banking information leakage, and detect Internet espionage, the China Banking Regulatory
Commission (hereinafter “CBRC”) issued two legal documents in September and December
2014, entitled the Opinions on the Use of Secure and Controllable Information Technology to
Strengthen Network Security and Informatisation of the Banking Industry (hereinafter “the
Opinions”) and the 2014-15 Guidelines on Promoting Secure and
Controllable Information Technology in the Banking
Industry (hereinafter “the Guidelines”) respectively.13 The
documents’ release stirred up debates about their
legitimacy, as well as their compliance with the World
Trade Organization (hereinafter “WTO”) Agreement.
Arguably, technical regulations and standards can
constitute formidable impediments to market access, but
some measures, indeed, aim at genuine non-economic
purposes, such as national security.14
Characterized by the compulsory jurisdiction and available sanction mechanism, the
WTO system is deemed to be an amenable forum to address the divergences on technical
regulations of IT products. Firstly, the WTO Agreement as such, especially the articles of the
domestic regulations,15 prescribes compulsory jurisdiction for the trade barrier disputes
linked with the members’ measures.16 Secondly, non-economic factors, such as national
security,17 could be scrutinized in the WTO regime. Thirdly, a fraction of disputes involving
IT equipment has been successfully settled before the WTO Dispute Settlement Body
(hereinafter “DSB”). For example, the US — Gambling Services case targets the conflicts
between domestic online regulations and international free trade, along with a
comprehensive examination of public moral exception in the age of the Internet.18
12
Harris Shane, The Cyberwar Plan, NAT’L J. (Nov. 14, 2009), available at http://conflictsincy
berspace.blogspot.tw/2009/11/shane-harris-cyberwar-plan.html.
13
See generally Guanyu Yingyong Anquan Kekong Xinxi Jishu Jiaqiang Yinhangye Wanglu Anquan He Xinxihua
Jianshe De Zhidao Yijian [Opinions on the Use of Secure and Controllable Information Technology to Strengthen
Network Security and Informatisation of the Banking Industry] (promulgated by China Banking Reg. Comm’n, Sept.
3, 2014), CHINA BANKING REG. COMM’N, Sept. 3, 2014,
http://www.cbrc.gov.cn/govView_EE29BABB27EB4E51A43435176 91438F9.html (China). [hereinafter the
Opinions]; Yinhangye Yingyong Anquan Kekong Xinxi Jishu Tuijin Zhinan (2014-2015 Niandu) [2014-15 Guidelines
on Promoting Secure and Controllable Information Technology in the Banking Industry] (promulgated by China
Banking Reg. Comm’n, 2014), CHINA BANKING REG. COMM’N, 2014.
14
STEFAN ZLEPTNIG, NON-ECONOMIC OBJECTIVES IN WTO LAW: JUSTIFICATION PROVISIONS OF GATT, GATS, SPS
AND TBT AGREEMENT 118 (2010).
15
Such as the General Agreement on Trade in Services, art. 6, Apr. 15, 1994, Marrakesh Agreement Establishing the
World Trade Organization, Annex 1B, 108 Stat. 4809, 1869 U.N.T.S. 183.
16
Most of the Internet regulations are also linked with trade disputes, which can be governed by WTO law. See Tim
Wu, The World Trade Law of Censorship and Internet Filtering, 7(1) CHI. J. INT’L L. 263, 263-64 (2006).
17
The non-trade factors mainly reflected in Article XX and XXI of GATT 1994, Article XIV of GATS, the SPS
Agreement and the TBT Agreement. See ZLEPTNIG, supra note 14, at 125-384.
18
Briefly, the panel and the Appellate Body show a positive attitude, which is reflected in, see generally, US —
Gambling services and China — Audio-visual Product cases, towards new technology and free trade. See generally
Appellate Body Report, United States —Measures Affecting the Cross-Border Supply of Gambling and Betting Services,
WTO Doc. WT/DS285/AB/R (adopted Apr. 20, 2005); Appellate Body Report, China — Measures Affecting Trading
Rights and Distribution Services for Certain Publications and Audiovisual Entertainment Products, WTO Doc.
WT/DS363/AB/R (adopted Jan. 19, 2010) [hereinafter China — Audio-visual Products].

Thus, the United States, the European Union, and Canada argued that China’s banking
IT regulation violates de facto the Agreement on Technical Barriers to Trade (hereinafter
“TBT Agreement”), and then goes beyond the usual global practice of the IT products
regulation in the commercial banking sector.19 Furthermore, the U.S. argued that China’s
banking IT regulation aims at boosting domestic IT manufacture with a discriminatory effect
on foreign products.20 As Dieter Ernst complained, China's policy on information security
would create unintended disruptive side effects, leading to no-trade protectionism.21
According to John H. Jackson, GATT/WTO cases have powerful precedential effects.22
Though the precedence effect is not staring decisis in sensu stricto, the panel and Appellate
Body will follow the legal reasoning of previously adopted reports, whenever it is
appropriate, as to enhance the security and predictability of the multilateral trading
system. 23 Therefore, the methods adopted by WTO jurisprudence, together with the
interpretive approaches of Article 31 and 32 of Vienna Convention on the Law of Treaty
(hereinafter “VCLT”),24 will be employed in this Article.
In short, the key issue of this Article is whether China’s banking IT regulation,
particularly the IT products’ secure and controllable requirements, does violate the Chinese
obligations under the TBT Agreement. If not, is there any suitable alternative to address the
regulatory disparity between China and the West? Following a brief overview of the history
of China’s IT security measures, Part II will analyze the development of China's banking IT
regulation and scrutinize its applicability in the TBT Agreement. Part III will examine, by a
reference to WTO jurisprudence, whether China's banking IT regulation would constitute
an unnecessary barrier to international trade. Subsequently, with a comprehensive
consideration of Article 2.4 of the TBT Agreement, Part IV intends to probe China's
obligations as regards using international standards in establishing and enacting technical
regulations. Finally, the author argues that China's banking IT regulation does not de jure
violate the obligations under Article 2.2 and 2.4 of the TBT Agreement. Accordingly, the TBT
is not the most suitable forum to address the discrepancies in security protection between
China and the West in the short term.
II.CHINA’S BANKING IT REGULATION AND ITS APPLICABILITY FOR THE TBT AGREEMENT
A. A Historical Review of China’s IT Security Measures
19
For instance, the encryption requirement and the disclosure of source code are the main concerns of China's banking
IT regulation. See WTO Members Discuss IT Security Regulations in Banking, WTO (Mar. 18-19, 2015),
https://www.wto.org/english/news_e/news15_e/tbt_17mar15_e.htm.
20
Paul Mozur & Jane Perlez, China Halts New Policy on Tech for Banks, THE NEW YORK TIMES (Apr. 16, 2015),
http://www.nytimes.com/2015/04/17/business/international/china-suspends-rules-on-tech-companies-serving-
banks.html?_r=0. The E.U. complained about the Chinese standardization strategy and the broad definition of “national
security”. See European Commision, Report from The Commission to the European Council: Trade and Investment
Barriers Report 2015, at 6, COM (2015) 127 final (Mar. 17, 2015).
21
See DIETER ERNST, INDIGENOUS INNOVATION AND GLOBALIZATION: THE CHALLENGE FOR CHINA’S
STANDARDIZATION STRATEGY 104 (2011).
22
JOHN H. JACKSON, SOVEREIGNTY, THE WTO, AND CHANGING FUNDAMENTALS OF INTERNATIONAL LAW 177 (2006).
23
Appellate Body Report, United States — Final Dumping Determination on Softwood Lumber from Canada, ¶¶109-
12, WTO Doc. WT/DS264/AB/R (adopted Aug. 31, 2004).
24
Articles 31 and 32 of the Vienna Convention on the Law of Treaties have become a fundamental part of WTO law.
See DAVID PALMETER & PETROS C. MAVROIDIS, DISPUTE SETTLEMENT IN THE WORLD TRADE ORGANIZATION:
PRACTICE AND PROCEDURE 80 (2004).

China’s banking IT regulation is not the first trade dispute focusing on IT technical
regulations between China and the developed world. Since the start of the new Millennium,
China has adopted a series of security policies to boost indigenous development in IT
products’ standardization. Scott Kennedy even suggested that there exists a high-technology
standards war between China and Western countries.25
Take the dispute over the WLAN Authentication and Privacy Infrastructure standard
(hereinafter “WAPI standard”) for instance: 26 China attempted to mandate the WAPI
standard nationally against the adoption of the Wireless Fidelity standard (Wi-Fi standard),
which is financially supported and developed by the U.S. government. In practice, Japan, the
U.S. and the UN launched a joint complaint regarding China’s WLAN standard in the TBT
Committee in 2011.27 Unfortunately, after the WAPI standard failed to be admitted in the
international standard-setting organisation, China announced an indefinite delay for the
mandatory adoption of the WLAN standard on domestic IT products.
The Third-generation Mobile standard (3G standard) is another example spurring an
intensive debate on IT technical regulations. To be specific, there existed only two
international standards initially, the U.S.’s CDMA standard and the European W-CDMA
standard in the third-generation mobile standard-setting domain. 28 But later, China
promoted domestically a new TD-SCDMA standard. Although there are some criticisms, the
TD-SCDMA standard was successfully adopted as an international standard by the
International Telecommunication Union.29 As an international standard, China’s technical
regulation could no longer be challenged as constituting a trade barrier, according to Article
2.5 of the TBT Agreement.30
Not surprisingly, China has accelerated its enactments of security regulations and
policies in the last decade. In February 2006, the State Council of China issued the Outline
for the National Medium- to Long- Term Plan for the Science and Technology Development
(2006-20), which indicated that information security, which functions as a guardian of
25
See Scott Kennedy, The Political Economy of Standards Coalitions: Explaining China’s Involvement in High-Tech
Standards Wars, 2 ASIA POL’Y 41, 45-47 (2006).
26
The WAPI standard is a standard directly competing with the WIFI standard. See generally USTR Lists Outcomes of
Commission Meeting on U.S.–China Trade, USTR Fact Sheet on JCCT Meeting, IIP DIGITAL (Apr. 22, 2004),
http://iipdigital.usembassy.gov/st/english/article/2004/04/ 20040422145000bpuh0.8467981.html#axzz3b8bo2ftS. The
relevant analyses are as follows: See generally Dong-Hyu Kim et al., China’s Information Security Standardization:
Analysis from the Perspective of Technical Barriers to Trade Principles, 38 TELECOMM. POL’Y 592 (2014); Baisheng
An, Intellectual Property Rights in Information and Communications Technology Standardization: High-Profile
Disputes and Potential for Collaboration Between the United States and China, 45 TEXAS. INT’L L.J. 175 (2009);
Christopher S. Gibson, Globalization and the Technology Standards Game: Balancing Concerns of Protectionism and
Intellectual Property in International Standards, 22 BERKELEY TECH. L.J. 1403 (2007); Stephen Bell & Hui Feng, Made
in China: IT Infrastructure Policy and the Politics of Trade Opening in Post-WTO China, 14(1) REV. INT’L POL. ECON.
49, 53-55 (2007).
27
Committee on Technical Barriers to Trade, Note by the Secretariat: Minutes of the Meeting of 10-11 November 2011,
39-42, WTO Doc. G/TBT/M/55 (Feb. 9, 2012); Committee on Technical Barriers to Trade, Note by the Secretariat:
Minutes of the Meeting of 20-21 March 2012, 237-41, WTO Doc. G/TBT/M/56 (May 16, 2012); Committee on
Technical Barriers to Trade, Note by the Secretariat: Minutes of the Meeting of 13-15 June 2012, 204-9, WTO Doc.
G/TBT/M/57 (Sept. 18, 2012).
28
See Han-Wei Liu, International Standards in Flux: A Balkanized ICT Standard-Setting Paradigm and its Implications
for the WTO, 17(3) J. INT’L ECON. L. 551, 591 (2014).
29
See ERNST, supra note 21, at 69.
30
Article 2.5 of the TBT Agreement stipulates that whenever a technical regulation is prepared, adopted or applied for
one of the legitimate objectives explicitly mentioned in paragraph 2, and is in accordance with relevant international
standards, it shall be presumed not to create an unnecessary obstacle to international trade.

national security, is the main target of domestic technological advancement.31 Thereafter,
China promulgated a systemic multi-level national protection scheme for information
security, which is known as the programme Information Security Multi-Level Protection
Scheme (hereinafter “MLPS”).32 On 22 June 2007, the Regulation on Classified Protection of
Information Security (hereinafter “the RCPIS”) was published and soon became a backbone
of the MLPS.33 Under the RCPIS, China-based corporations, which are categorized within
the Grade III group or above grade level, must comply with an extensive array of secure and
controllable requirements, aiming at protecting national security.34 Although many western
scholars complained about the whole information security system in China,35 the MLPS, as
well as the RCPIS, have been binding in force since 2007.
Most recently, China announced new banking IT regulations, which powerfully provoked
a highly-contested debate on the legality and legitimacy of the security measures. The main
body of China’s banking IT regulation is composed of two documents, the Opinions and the
Guidelines, released separately in 2014.
Established in March 2003, the CBRC is a competent government agency to oversee all
the banking activities under the guidance of China’s State Council. Thus, China’s banking IT
regulation is mandatory in character for all the banks established within the territory of the
People’s Republic of China. Moreover, the regulation pinpoints two quantitative objectives
in promoting security measures: the first is increasing the use of products with secure and
controllable information technologies since 2015, while the second is to achieve a high level
of security and controllability in banking IT products and services by 2019.36 As to secure and
controllable requirements, the Opinions regard the compulsory guideline by China’s
authorities and the use of national standards in banking procurement as the main
measures.37
Pursuant to the Opinions, the relevant technical requirements will be further defined
during the period from 2015 to 2019. In the years from 2014 to 2015, the Guidelines regulate
domestic standards, safeguarding measures and administrative regulations in a broad
perspective, while the detailed requirements can be found in its Annex, i.e., the Categorised
Catalogue and Secure and Controllable Index of Banking Industry’s Assets on Information
31
Guojia Zhongchangqi Kexue He Jishu Fazhan Guihua Gangyao (2006-2020 Nian) [The Outline for the National
Medium to Long-Term Science and Technology Development Plan (2006-20)] (promulgated by the St. Council, Feb.
9, 2006), ST. COUNCIL GAZ., Feb. 8, 2006, http://www.gov.cn/jrzg/2006-02/09/content_183787.htm.
32
See Scott J. Shackelford & Amanda N. Craig, Beyond the New “Digital Divide”: Analyzing the Evolving Role of
National Governments in Internet Governance and Enhancing Cybersecurity, 50 STAN. J. INT’L L. 119, 160 (2014).
33
Xinxi Anquan Dengji Baohu Guanli Banfa [The Regulations on Classified Protection of Information Security]
(promulgated by the Ministry of Pub. Sec. of China, June 22, 2007, effective June 22, 2007) (China), P.R.C. LAWS &
REGS [hereinafter RCPIS].
34
Under the RCPIS framework, any information system is classified within Grade I to Grade V. Although the security
grades depends on the system of self-determination, the owners shall base this on the objective criteria, such as how
important the systems are to national security, economic development, and social life, what is the effect on national
security, social order, public good, and the level of harm potentially posed to the rights of citizens and legal entities if
the information system is destroyed, pursuant to Article 6 of the RCPIS.
35
See, e.g., NATHANIEL AHRENS, NATIONAL SECURITY AND CHINA’S INFORMATION SECURITY STANDARDS, A REPORT
OF THE CSIS HILLS PROGRAM ON GOVERNANCE 13 (2012).
36
See the Opinions, supra note 13, 3.3.
37
See generally the Opinions, supra note 13.

Technology (Year 2014-5) (hereinafter “the Catalogue”),38 which divides banking IT products
into ten groups (from Group A1 to Group J6).39
According to the Catalogue, each product shall meet a set of secure and controllable
technical requirements. For instance, additional software for Wireless LAN equipment
(Group B5) shall have indigenous intellectual propriety. Besides this, the source codes of the
software attached to certain IT products, such as backbone routers and storage FC switches,
must be reported to the Technology and Information Department of the CBRC for recording
purposes.40
It should be noted that although China announced its temporary suspension of the
implementation of the Banking IT regulations for revision, the analysis of whether those
kinds of measures are inconsistent with the TBT obligations is still of great academic value.
First, the suspension of the regulation is temporary.41 Naturally, China will not abandon its
cybersecurity measures.42 On 6 July 2015, China released the Cyber Security Law (Draft),
which restates the significant value of cybersecurity.43 Interestingly, if banks were using IT
products that fall within the scope of "key network facilities and special network safety
products" as governed by the Article 19 in Cyber Security Law (Draft), the requirements,
which are similar to that of China's banking IT regulation, would still be applicable. That is
why some experts predicted that the new version on the regulation might still be problematic
to multinational technology companies.44
Second, the secure and controllable requirements are not entirely a novelty for national
security protection of IT products. Even though China’s banking IT regulation is suspended,
the banking IT products are still being governed by the strict security measures from the
MLPS, particularly the RCPIS. Accordingly, for information systems, if classified as Grade III
risk level or above, the application of the strict security requirements is compulsory.45
According to Georg Kerschischnig, although there is no universally accepted definition of
critical infrastructure, it generally refers to certain key assets and sectors, such as banking
and finance, telecommunications, etc.46 Thus, there is little doubt that the IT products in
China’s banking industry will quite like being categorized as the critical infrastructure and
subjected to the security requirements in the RCPIS.47 Together with other members, the
E.U. and the U.S. launched a TBT trade concern regarding China’s MLPS system in March
38
Yinhanye Xinxi Jishu Zichan Fenlei Mulu He Anquan Kekong Zhibiao (2014-15 Niandu) [The Categorised Catalogue
and Secure and Controllable Index of Banking Industry’s Assets on Information Technology (Year 2014-15)]
(promulgated by China Banking Reg. Comm’n, 2014) [hereinafter the Catalogue].
39
The Catalogue is set out in ten groups as follows: computer devices, Internet devices, storage devices, security
devices, universal software, professional software, infrastructure, self-service equipment, terminal equipment and
technical service.
40
See the Catalogue, supra note 38.
41
Mozur & Perlez, supra note 20.
42
On 20 May 2015, China's President, Xi Jinping, reasserted the significance of Information Security. See Mimi Lau,
Chinese President Xi Jinping Demands Loyalty from State Security Agencies, SOUTH CHINA MORNING POST (May 20,
2015, 2:28 PM), http://www.scmp.com/ news/china/policies-politics/article/1804134/chinese-president-Xi-Jinping-
demands-loyalty-state.
43
See Zhonghua Renmin Gongheguo Wangluo Anquan Fa Caoan [the Cyber Security Law of the People’s Republic of
China (Draft)] (promulgated by the Standing Comm. Nat’l People’s Cong., June, 2015), NAT’L PEOPLE’S CONG. OF
CHINA, July 6, 2015, http://www.npc.gov.cn/npc/ xinwen/lfgz/flca/2015-07/06/content_1940614.htm.
44
See Mozur & Perlez, supra note 20.
45
The products under the Grade III level are those which may incur serious harm to social order and public interest or
cause harm to national security if they are damaged. See the RCPIS, supra note 18, art. 7.3.
46
GEORG KERSCHISCHNIG, CYBERTHREATS AND INTERNATIONAL LAW 41 (2012).
47
The RCPIS is promulgated by the Public Security Department of China, thus the RCPIS shall be applied to all the
activities in the territory of China.

2011.48 During the TBT Committee meeting recently, the E.U. also requested that a link is
established between the MLPS and China's banking IT regulation.49
Third, it is within the realms of possibility that such banking policy could be rolled out
to other critical information sectors in China, such as insurance, e-commerce and
automotive,50 due to China’s practices of policy experimentation, according to Sebastian
Heilmann.51
In short, China’s banking IT regulation is a behind-the-border regulation, targeting
tradable products, with the aim of enhancing national security. Therefore, the next sections
will probe whether the secure and controllable requirements of IT products, in pursuit of
legitimate objectives, would violate the TBT obligations. Broadly speaking, the measures
investigated in this article could also be applied to the analysis of similar technical
regulations with security purposes, such as those measures adopted by the U.S. government
against Chinese Huawei’s and ZTC’s IT products.52
III. Applicability of The TBT Agreement: China’s Banking IT Regulation Does
Constitute a Technical Regulation
Theoretically, the General Agreement on Tariffs and Trade 1994 (hereinafter “GATT
1994”) governs international trade in goods generally, but the preparation, adoption and
application of technical regulations and standards for products will be subject to the TBT
Agreement.53 In the view of the Appellate Body, the duties in the TBT Agreement are
different from, and additional to, the obligations under GATT 1994. 54 Thus, the TBT
Agreement shall prevail if the measure at issue is determined as “a technical regulation”
within the meaning of the TBT Agreement. Therefore, the analysis hereinafter would be
limited to the TBT obligations.
48
See China Requirements for Information Security Products, http://tbtims.wto.org/web/pages/ search/stc/Search.aspx
(last visited May 20, 2016).
49
Committee on Technical Barriers to Trade, Note by the Secretariat: Minutes of the Meeting of 18-19 March 2015,
2.65, WTO Doc. G/TBT/M/65 (May 28, 2015) [hereinafter Minutes of the Meeting of 18-19 March 2015].
50
See Mark Schaub, Securing China’s Banking IT – CBRC Makes Life Much Tougher for MNC Vendors, CHINA LAW
INSIGHT (Feb. 12, 2015), http://www.chinalawinsight.com/2015/02/ articles/corporate/mergers-acquisitions/securing-
chinas-banking-it-cbrc-makes-life-much-tougher-for-mnc-vendors/. See generally E-mail from Business Europe et al.
to Mogherini, Vice-President of European Commission et al. (Feb. 25, 2015) (on file with author),
https://www.bitkom.org/Pub likationen/2015/Positionspapiere/Joint-EU-Industry-Letter-China-Banking-
Regulation/20150224-Joint-EU-Industry-Letter-China-Banking-Regulation-Final.pdf.
51
See Sebastian Heilmann, Policy Experimentation in China’s Economic Rise, 43 STUD. COMP. INT’L DEV. 1, 1 (2007).
52
See H.R. REP., 112TH CONG., INVESTIGATIVE REPORT ON THE U.S. NATIONAL SECURITY ISSUES POSED BY CHINESE
TELECOMMUNICATIONS COMPANIES HUAWEI AND ZTE 44-46 (2012).
53
See Agreement on Technical Barriers to Trade art. 1.6, Apr. 15, 1994, Marrakesh Agreement Establishing the World
Trade Organization, Annex 1B, 1868 U.N.T.S. 120 [hereinafter TBT Agreement].
54
Appellate Body Report, European Communities — Measures Affecting Asbestos and Asbestos-Containing Products,
80, WTO Doc WT/DS135/AB/R (adopted Apr. 5, 2001) [hereinafter EC — Asbestos].

As noted previously, China’s banking IT
regulation can be regarded as a behind-the-border
technical regulation to address security concern.
However, the regulation in dispute has been under
criticism from the moment it was published. To be
specific, the criticisms may be summarized as
follows. Firstly, China’s banking IT regulation
discriminates against foreign products; secondly,
the regulation is an unnecessary trade barrier that
goes beyond the usual commercial practice; and thirdly, the Chinese
authorities do not make technical regulations in compliance with the relevant international
standards.55 All these concerns shall be closely scrutinized.
Before challenging the violation of the TBT obligations, the first step is to address the
threshold question, i.e., whether China’s banking IT regulation could be found to be a
“technical regulation” within the ambit of the TBT Agreement. Accordingly, Annex 1.1 of the
TBT Agreement defines a technical regulation by reference to a “document”,56 which shall
lay down product characteristics or the related processes and production methods,57 such as
terminology, symbols, packaging, marking or labelling requirements.58
In practice, the Appellate Body in EC — Sardines case set out explicitly “three-tier
criteria” for the determination of technical regulations, as follows: 59 The measure “must
apply to an identifiable product or group of products”; the measure “must lay down one or
more characteristics of the product”; and “compliance with the product characteristics must
be mandatory”.
Inevitably, the identification of “an identifiable group of product”, as well as the
“mandatory” character, depends on factual evidence, whilst the finding of the “products’
characteristics” deserves to be further explained according to the interpretative methods in
VCLT.60 In EC — Asbestos case, the Appellate Body found that the “characteristics” includes
“objectively definable ‘features’, ‘qualities’, ‘attributes’, or other ‘distinguishing mark’ of a
product”.61 Notably, these product characteristics would not be limited to intrinsic features
and qualities, also including the “related processes and production methods of products”.
Arguably, the reference to “related processes and production methods” indicates that the
55
Others may complain about the enacting procedures which lack transparency, as well as the burdensome conformity
procedure, such as the requirement related to encryption and the disclosure of source code. See WTO Members Discuss
IT Security Regulations in Banking, supra note 19.
56
The use of the term “document” could “cover a broad range of instruments or apply to a variety of measures”. See
Appellate Body Report, United States — Measures Concerning the Importation, Marketing and Sale of Tuna and Tuna
Products, 185, WTO Doc. WT/DS381/AB/R (adopted June 13, 2012) [hereinafter US — Tuna II (Mexico)].
57
See id. 184.
58
See TBT Agreement, supra note 53, Annex 1.1.
59
See Appellate Body Report, European Communities — Trade Description of Sardines, 176, WTO Doc.
WT/DS231/AB/R (adopted Oct. 23, 2002) [hereinafter EC — Sardines]. Moreover, Annex 1.1 of the TBT Agreement
defines a technical regulation as a document that lays down product characteristics or their related processes and
production methods, including the applicable administrative provisions, with which compliance is mandatory. It may
also include or deal exclusively with terminology, symbols, packaging, marking or labelling requirements as they apply
to a product, process or production method.
60
The finding of “products characteristics” arose from an intense debate among WTO members previously. For
instance, see Appellate Body Report, European Communities — Measures Prohibiting the Importation and Marketing
of Seal Products, 5.2, WTO Doc. WT/DS400/AB/R (adopted June 18, 2014) [hereinafter EC — Seal Products].
61
EC — Asbestos, supra note 54, 67.

subject matter of a technical regulation consists of a process or production method that is
having a sufficient nexus linking it to the product’s characteristics.62
Accordingly, China’s banking IT regulation constitutes a technical regulation under the
TBT Agreement. First, the Catalogue clearly distinguishes nine groups of IT products, from
computer devices to Internet devices; all of them are subjected to the Harmonized System,63
which is widely prescribed in the WTO members' Schedules of Commitments. Thus, the
documents at issue, in fact, apply to a group of identifiable products.
Second, China’s banking IT regulation is involuntary in character. The regulatory
documents are issued and executed by Chinese government authorities, including the CBCR,
the Ministry of Industry and Information Technology, the National Development and
Reform Commission, and the Ministry of Science and Technology, all of which belong to the
branches under the State Council of China.64 Take the CBCR for instance: the CBCR is a
competent authority that administers and monitors all the banking activities in China.
Doubtlessly, the regulation bases its legitimacy on security governance. Hence, the
regulation is inevitably being endowed with a compulsory nature.
Third, the determination of a technical regulation must be made in the light of the
characteristics of the measures at issue, by taking account of the circumstances.65 To be
specific, the secure and controllable requirements in the Catalogue establish specific
characteristics of products, e.g., that the products shall be met with a Chinese code testing
and certification,66 the products incorporate a reliable TPM/TCM platform,67 the devices
shall reduce the uncontrollable risks68, and the devices shall support Protocol 802.11,69 etc.
To sum up, the Catalogue employs the characteristics, such as "with controllable technical
risks, as well as the risks in the supply chain", to safeguard security. In particular, those
characteristics are also reflected in the processing or producing procedure. Additionally, the
requirements focus on the attributes on the products, rather than merely a prohibition on
the materials "in the natural state".70 To conclude, the regulations, indeed, could easily be
identified as being applicable to product characteristics or the related processes and
production methods.71 Thus, the author argues that China’s IT banking regulation might
pass the given “three-tier criteria” and then constitutes “a technical regulation” in the context
of the TBT Agreement accordingly.
62
The Appellate Body noted that the dictionary meaning of “process” is “a course of action, a procedure, a series of
actions or operations directed to some end, as in manufacturing”, while “production” is “[t]he process of being
manufactured commercially.” See EC — Seal Products, supra note 60, 5.12.
63
See Harmonized System Database Online, WORLD CUSTOMS ORGANIZATION, http://www.wcoo
md.org/en/topics/nomenclature/instrument-and-tools/hs-online.aspx (last visited May 15, 2016).
64
The State of Council is the highest administrative authority in China. See XIANFA art. 85 (1982) (China); see generally
Lifa Fa [The Legislation Law of China] (promulgated by the Standing Comm. Nat’l People’s Cong., Mar. 15, 2000,
effective July 1, 2000) 2000 STANDING COMM. NAT’L PEOPLE’S CONG. GAZ. 112 (China).
65
See US — Tuna II (Mexico), supra note 56, 188; EC — Asbestos, supra note 54, 64; EC — Sardines, supra note 59,
192-93.
66
See the Catalogue, supra note 38, Groups A1, A2.
67
See the Catalogue, supra note 38, Group A2.
68
See the Catalogue, supra note 38, Group A1.
69
See the Catalogue, supra note 38, Group B5.
70
Take Asbestos fibres in EC — Asbestos case or Seal in EC — Seal Products case for instance. In principle, what can
be inferred from the Appellate Body is that the prohibitions on products, which are subject to GATT 1994 obligations,
should be distinct from the regulations on products, which are subject to the TBT obligations. See EC — Asbestos, supra
note 54, 71; EC — Seal Products, supra note 60, 5.25.
71
Conversely, the requirement of the Ingenious Innovation Policy for IT products falls outside of technical regulations,
because of a lack of product’s characteristics.

B. China’s Banking IT Regulation Does Not Violate the Non-discriminatory
Obligations De Jure
Pursuant to Article 2.1, WTO members shall prohibit any discrimination through
technical regulations among like products imported from different jurisdictions, as well as
between domestic and imported like products. 72 As argued by some scholars, China’s
banking IT regulation may favour domestic products over foreign products, which imposes
an extra advantage for Chinese producers. The proposition is worth reconsideration.
The essence of Article 2.1 of the TBT Agreement is that like products must not be treated
differently. In practice, the Appellate body adjudicated several cases before involving
national treatment duties,73 which reflect a relatively coherent modus operandi in WTO
Jurisprudence.
Specifically, the Appellate Body in the US — Clove case found that,74
[F]or a violation of the national treatment obligation in Article 2.1 to be established,
three elements must be satisfied: (i) the measure at issue must be a “technical
regulation”; (ii) the imported and domestic products at issue must be like products;
and (iii) the treatment accorded to imported products must be less favourable than
that accorded to like domestic products.
China’s banking IT regulation constitutes a “technical regulation” as stated supra.
Unquestionably, it seems that foreign IT products are “like” China’s product, after
considering physical characteristics, consumer preferences, end-uses of the product, and
tariff classification.75 Therefore, it is crucial to define the term “no less favourable treatment”
in Article 2.1 of the TBT Agreement.
The key issue with regards to "no less favourable treatment" is an assessment of whether
the technical regulations modify the competitive conditions in the relevant market to the
detriment of the group of imported products vis-à-vis the group of like domestic products.76
Under the relevant guidance from the legal reasoning for Article III:4 of GATT 1994, the
obligation of "no less favourable treatment" prohibits de jure and de facto discrimination
against the group of imported products. 77 More clearly, a measure can be de facto
inconsistent with Article 2.1 even when it is origin-neutral on its face.78 So the assessment
shall begin with whether the measure de jure discriminates between “like” imported and
domestic products; if not, whether this measure operates in a way that discriminates de facto
against such “like” products.79
72
See Appellate Body Report, United States — Certain Country of Origin Labelling (COOL) Requirements, 267, WTO
Doc. WT/DS384/AB/R (adopted July 23, 2012) [hereinafter US — COOL].
73
See WTO, CHRONOLOGICAL LIST OF DISPUTES CASES, https://www.wto.org/english/tratop_e/
dispu_e/dispu_status_e.htm (last visited May 15, 2016).
74
Appellate Body Report, United States — Measures Affecting the Production and Sale of Clove Cigarettes, 168, WTO
Doc. WT/DS406/AB/R (adopted Apr. 24, 2012) [hereinafter US — Clove Cigarettes].
75
For further analysis on the “like products”, see US — Clove Cigarettes, supra note 74, 108-20.
76
See US — COOL, supra note 72, 268; US — Clove Cigarettes, supra note 74, 180; US — Tuna II (Mexico), supra
note 56, 215.
77
US — Clove Cigarettes, supra note 74, 181.
78
See US — Tuna II (Mexico), supra note 56, 225.
79
Lawrence A. Kogan, REACH Revisited: A Framework for Evaluating Whether a Non-tariff Measure Has Matured
into an Actionable Non-tariff Barrier to Trade, 28 AM. U. INT’L L. REV. 489, 585 (2013).

As regards China’s banking IT regulation, an assessment of de jure discrimination is
related to the question whether the regulation distinguishes the products with indigenous
intellectual property (hereinafter “IP”) from the foreign ones.80 Although the statement in
the Catalogue is not clear to a certain extent,81 the Instruction of Categorized Catalogue and
Secure and Controllable Index of Banking Industry's Information Technology Asset (the Year
2014-15), published by the CBRC on 12 February 2015, illustrates that the Opinions and the
Guidelines apply to all companies without regard to nationality.82
By the lex posterior derogat priori principle, China’s banking IT regulation does not
distinguish the IT products with Chinese-owned IP rights from foreign products. Since there
is no explicit reference to any regulatory distinction between domestic products and the
imported ones, it is hard to challenge the legitimacy of China’s banking IT regulations on
the ground of de jure National Treatment obligations. In short, the regulation does not divide
the products into imported and domestic groups, which means it applies uniformly towards
all products without considering their origins. To be brief, China’s producers are not being
afforded an extra “advantage” according to the plain text and its ordinary meaning from the
regulation.
The question should be reversed to ask whether or not the regulation factually
discriminates against imported products. Most recently, the de facto discrimination against
National Treatment obligations invoked the Appellate Body’s attention. Although the
majority of trade disputes deal with national regimes containing a reference to the origin, a
series of current cases suggest the origin-neutral measures might have a similar effect on
unlawful discrimination. 83 As indicated by Lothar Ehring, when the regulatory
differentiation does not follow the line between domestic and imported but is distinguished
according to an origin-neutral criterion (physical characteristics, price, sale modalities, etc.),
its scrutiny becomes more complicated.
As regards the investigation of the origin-neutral discrimination, the Appellate Body in
the US — COOL case explained, as follows,84
80
According to the US Representative, the Guidelines required “tests and certification” to be conducted by state
regulators and laid out product requirements that were based on design and descriptive characteristics (e.g., equipment
that had intellectual property rights (IPR) owned and/or developed by Chinese-invested enterprises or “indigenous IPR”)
rather than performance requirements. Minutes of the Meeting of 18-19 March 2015, supra note 49, 2.16.
81
The Catalogue illustrates that the indigenous IP rights must be with full ownership or control in China. To be specific,
indigenous IP shall be owned by domestic citizens, business entities or non-corporate business entities in China. As to
trademark, it shall be owned by a Chinese company and registered in China. See the Catalogue, supra note 38,
illustration 1, at 9.
82
The detail of the Instruction is as follows: the providers shall only need to provide the IP rights Certificate or a Proof
of a legitimate source, in order to meet the requirement of an additional software with indigenous IP rights in the banking
sector, and the Instruction above further admits there are no national differences as regards the secure and controllable
requirements. See Guanyu “Yinhangye Yingyong Anquan Kekong Xinxi Jishu Tuijin Zhinan (2014-15 Niandu)” De
Xiangguan Shuoming [An Instruction of Categorised Catalogue and Secure and Controllable Index of Banking
Industry’s Information Technology Asset (Year 2014-15)] (promulgated by China Banking Reg. Comm’n, Feb. 12,
2015), CHINA BANKING REG. COMM’N, Feb. 12, 2015,
http://www.cbrc.gov.cn/chinese/home/docView/D2260BFA66A24A2D976E1B8D88746A1B.html. In the TBT
Committee’s meeting, China's representative stated that China only required proprietary intellectual property rights,
instead of indigenously-developed technologies, with respect to intellectual property rights. The suppliers only needed
to provide proof of independent intellectual property rights or legal proof of the origin of their software. Minutes of the
Meeting of 18-19 March 2015, supra note 49, 2.20.
83
“[T]he Appellate Body in Japan — Taxes on Alcoholic Beverages case stated that it is irrelevant that protectionism
was not an intended objective if the particular tax measure in question is nevertheless, to echo Article 3.1, applied to
imported or domestic products so as to afford protection to domestic production.” Appellate Body Report, Japan —
Taxes on Alcoholic Beverages, at 28, WTO Doc. WT/DS8/AB/R (adopted Nov. 1, 1996).
84
US — Clove Cigarettes, supra note 74, 182.

[W]here a technical regulation does not discriminate de jure, a panel must
determine whether the evidence and arguments adduced by the complainant in a
specific case nevertheless demonstrate that the operation of that measure, in the
relevant market, has a de facto detrimental impact on the group of like import
products.
To be specific, in order to adjudicate the de facto discrimination, the panel must consider
all the available facts and circumstances before it, such as all the relevant features of the
market, the relative market share in a given industry, consumer preferences, and historical
trade pattern.85 Unfortunately, China has suspended its banking IT regulation since April
2015, thus it is hard to establish a prima facie case of violations de facto of national treatment
obligations in the complaint, without any further information. 86 To conclude, the
examination of de facto discrimination becomes a trivial issue; the author nonetheless just
reiterates here that the regulation may run afoul of the national treatment obligation if the
additional adverse information has sprung up.
IV. A TECHNICAL BARRIER WITH A NATIONAL SECURITY OBJECTIVE
Even if China’s banking IT regulation should not be viewed as being discriminatory
between domestic and foreign products, it may also be challenged on the ground that it
constitutes an unnecessary obstacle and thus is inconsistent with Article 2.2 of the TBT
Agreement. A report disseminated by the European Commission holds the same view that
the secure and controllable requirements, such as the compulsory and unique cryptography
regulation, are trade barriers in essence.87 Hence, this section will examine the obligations
of Article 2.2.88
A. A Systematic Structure of Article 2.2 of the TBT Agreement
The text of Article 2.2 of the TBT Agreement reads as follows:
Members shall ensure that technical regulations are not prepared, adopted or
applied with a view to or with the effect of creating unnecessary obstacles to
international trade. For this purpose, technical regulations shall not be more trade-
restrictive than necessary to fulfil a legitimate objective, taking account of the risks
non-fulfilment would create. Such legitimate objectives are, inter alia: national
security requirements; the prevention of deceptive practices; protection of human
health or safety, animal or plant life or health, or the environment. In assessing
such risks, relevant elements of consideration are, inter alia: available scientific and
technical information related processing technology or intended end-uses of
products.
85
See US — COOL, supra note 72, 269.
86
It is the complaining party that shall show the treatment accorded to imported products is less favourable than that
accorded to like domestic products. See US — Tuna II (Mexico), supra note 56, 216.
87
See, e.g., Trade and Investment Barriers Report 2015, supra note 20, at 6.
88
See generally Gibson, supra note 26, at 1461-64.

Arguably, the obligations of Article 2.2 could be divided into two kinds of components.
On the one prong, the first two sentences establish the fundamental but relatively general
obligations, i.e., “without the effect of creating unnecessary obstacles to international trade”
and “without more trade-restrictive effect than necessary to fulfil a legitimate objective”
when preparing, adopting and applying technical regulations. It is noted that of importance
in interpretation is the linking phrase “[f]or this purpose” between the first sentence and the
second. Accordingly, the Appellate Body directed that the latter informs the scope and
meaning of the obligation contained in the first sentence. 89 On the other prong, the
remaining two sentences in Article 2.2 further elaborate on the terms “legitimate objectives”
and “risks”.
Theoretically, a systematic interpretation of Article 2.2 shall prevail. The first sentence
lays down the baseline of prohibiting "unnecessary obstacles in international trade", whereas
the following sentences function as to expatriate the general duty. Overall, none of the
sentences is to be read in isolation.
Article 2.2 of the TBT Agreement requires that the technical regulations not be more
restrictive than necessary to fulfil a legitimate objective.90 Arguably, a central problem before
the panel is to define the concepts of “legitimate objectives” and their potential scope. In
other words, the first step is to scrutinize the given measure’s objective, whilst the second is
to determine whether the objective is legitimate, or is instead to obstruct imports or to
protect the domestic producer.91
As to the burden of proof, rather interestingly, while taking account of the risks non-
fulfilment created, the complainant must proffer arguments and produce evidence to
establish that the measure challenged is more trade restrictive than is necessary to achieve
the objective.92 In most cases, a complainant also seeks to identify a possible alternative
which is less trade restrictive, makes an equivalent contribution to the relevant objective,
and is reasonably available.93
B. The Interpretation of Three Key Concepts in Article 2.2
Before applying the analysis above to the circumstances of the case, the author shall
elaborate on the relevant concepts, i.e., “legitimate objectives”, “the fulfilment of a legitimate
objective”, and “unnecessary obstacles to international trade”, in line with WTO
jurisprudence.
First, as to the definition of “legitimate objectives”, Article 2.2 states that such legitimate
objectives are, inter alia, "national security", "the prevention of deceptive practices", "the
protection of human health or safety, animal or plant life or health, or the environment".
Broadly speaking, by using the term "inter alia”, the list of legitimate objectives in Article 2.2
89
US — Tuna II (Mexico), supra note 56, 318.
90
See TBT Agreement, supra note 58, art. 2.2.
91
Joshua Meltzer & Amelia Porges, Beyond Discrimination? The WTO Parses the TBT Agreement in the US — Clove
Cigarettes, US — Tuna II (Mexico) and the US — COOL, 14(2) MELB. J. INT’L L. 699, 719 (2013).
92
See US — COOL, supra note 72, 379. The burden of proof in Article 2.2 of the TBT Agreement exactly differs from
the examination of the GATT 1994 Article XX, which requests the respondents to offer evidence and facts.
93

is not a closed one.94 To a large extent, even the protection of data privacy could be some
kind of legitimate objective.95
Practically, the panel shall assess, independently and objectively, the texts of statutes,
legislative history, and other evidence regarding the structure and operation of the measures
in order to clarify the objectives claimed by the parties.96 It should be noted that a panel is
not bound by members’ characterization of such objectives:97 The adjudicators, therefore,
could take any other legitimate objectives, rather than the same objective presented by the
disputing parties, into account where they consider this feasible and reasonable.
The second prong is what the phrase “the fulfilment of a legitimate objective” means.
According to the Appellate Body in the US — Tuna II (Mexico) case, the criteria of the
fulfilment shall be understood as “the complete achievement of the legitimate objective”,
concerning “the degree of contribution by the challenged technical regulation”.98 However,
without a case-by-case analysis, setting a threshold level of fulfilment numerically is
infeasible.99 Generally, though the exact degree of complement to the legitimate objectives
is hard to attain, WTO Jurisprudence requests the panel to observe “the design, structure,
and operation of the technical regulation, as well as the evidence relating to its
application”.100
Third, in order to understand the phrases “unnecessary obstacles to international trade”
and “no more trade-restrictive effect than it needs”, it is of utmost importance to interpret
the notion of “necessity”.101 Drawing on the “weighing and balancing” approach in the
application of Article XX of GATT 1994 in particular, the Appellate Body in US — Tuna II
(Mexico) case found that an assessment of “necessity” involves a “relational analysis” of the
following factors:102
(i) the degree of contribution made by the measure to the legitimate objective at
issue; (ii) the trade-restrictiveness of the measure; and (iii) the nature of the risks
at issue and the gravity of consequences that would arise from non-fulfilment of
the objective(s) pursued by the Member through the measure. In most cases, a
comparison of the challenged measure and possible alternative measures should
be undertaken.
The subsequent cases, such as US — COOL case, invoked the criteria supra without any
modification. In short, the necessity test, inherently, incorporates a relational analysis of the
above-mentioned factors. The test involves a comparison of the trade-restrictiveness of the
measure at issue, and the degree of achievement of the objective, in the light of the risks that
94
Accordingly, the preamble and the recitals of the TBT Agreement, as well as the provisions of other covered
agreements, would be considered to be a legitimate objective under Article 2.2. See US — Tuna II (Mexico), supra note
56, 313.
95
See Ioanna Tourkochoriti, The Transatlantic Flow of Data and the National Security Exception in the European Data
Privacy Regulation: In Search for Legal Protection Against Surveillance, 36(2) U. PA. J. INY’L L. 459, 459 (2015).
96
97
98
See US — Tuna II (Mexico), supra note 56, 315-17.
99
100
101
It is closely linked between the necessity analysis and the unnecessary obstacles analysis. Both of them incorporate
the analysis on trade-restrictiveness, the degree of contribution and the risks of non-fulfilment. See US — Tuna II
(Mexico), supra note 56, 318, 322.
102
US — Tuna II (Mexico), supra note 56, 322.

non-fulfilment would create. 103 Theoretically, the comparative analysis may reflect the
principle of proportionality between the contribution and the restrictiveness, with due
consideration of the potential risks.104
To sum up, for the purpose of trumping the respondents under Article 2.2, the
complainant is supposed to identify the measure’s legitimate objectives and demonstrate
how limited a contribution the measure has made and to what extent it restricts trade. In
addition, the same parties shall identify a feasible and reasonably available alternative, which
would better accomplish the given objectives but with less trade-restrictive influences.105
Correspondingly, the defendant will ultimately demonstrate the inadequacy of the
complainant’s prima facie arguments before the panel and the Appellate Body.106
C. Applying Article 2.2 to the Circumstances of China’s Banking IT Regulation
1. National Security Is the Legitimate Objective in Article 2.2 — In WTO Jurisprudence,
identifying the legitimate objective of the given measure is the primary task in applying
Article 2.2 of the TBT Agreement. Before the analysis, it is beneficial to distinguish national
security and information security. According to the National Cybersecurity Strategy Guide
promulgated by the International Telecommunication Union, information security typically
focuses on confidentiality, while cybersecurity focuses more on integrity and availability,
thus it belongs to the arena of national security.107 Nowadays, cybersecurity, which used to
refer to information or data security, has become a matter of national security, because the
illicit use of cyberspace could hamper economic, public health, and national security
activities.108 In practice, governments and domestic sensitive industries process and store a
great deal of confidential information on computers and transmit that data across networks
to other computers, and unauthorized actors routinely access, steal, and corrupt sensitive
information. 109 Such a threat, when severe, can destabilize the economy, undermine
sovereignty and disrupt the operation of vital services, and thus can constitute a direct threat
to national security.110 In other words, only the information security, without some risks on
the sovereignty, might not be a national security issue.
It should be noted that China’s banking IT regulation targets exactly the financial
institutions. Although there is no universally accepted definition of critical infrastructure, it
generally refers to certain key assets and sectors, such as banking and finance,
telecommunications, etc. 111 As Georg Kerschischnig said, any attacks on critical
103
US — COOL, supra note 72, 376
104
See Axel Desmedt, Proportionality in WTO Law, 4 J. INT’L ECON. L. 441, 444-45, (2001).
105
See Meltzer, supra note 91, at 725.
106
See Jan McDonald, Domestic Regulation, International Standards, and Technical Barriers to Trade, 4(2) WORLD
TRADE REV. 249, 265 (2005).
107
FREDERICK WAMALA, INT’L TELECOMM. UNION, ITU NATIONAL CYBERSECURITY STRATEGY GUIDE 13 (2011),
http://www.itu.int/ITU-D/cyb/cybersecurity/docs/ITUNationalCybersecurity StrategyGuide.pdf. Furthermore, it shall
be noted that, theoretically, the member needs a higher level of necessity when its measure only involves the security
of private parties' commercial interests, comparing to invoking the protection of national security. For instance, Article
14 (c) of GATS separately states that those measures relating to the protection of the privacy of individuals and safety
shall be construed to prevent the adoption or enforcement. However, national security exceptions, which set a lower
threshold for treaty application, located in Article 14 of GATS.
108
Shin-Yi Peng, Cybersecurity Threats and the WTO National Security Exceptions, 18 J. INT’L ECON. L. 449, 469
(2015).
109
INT’L TELECOMM. UNION, GLOBAL CYBERSECURITY INDEX AND CYBERWELLNESS PROFILES, 31 (2015),
http://www.itu.int/dms_pub/itu-d/opb/str/D-STR-SECU-2015-PDF-E.pdf.
110
See Peng, supra note 108, at 470.
111
KERSCHISCHNIG, supra note 46, at 41.

infrastructure could not only cause substantial damage, but can also lead to losses of civilian
lives, and in the worst case, a country’s destabilization.112 In other words, if the hackers target
nationally sensitive information, rather than private information, then the threats are posed
directly or indirectly against national security.
When it comes to China’s IT banking regulation, it is arguable that the enactment and
implementation of the regulation aims at enhancing national security. Firstly, exactly as the
names of the Opinions and the Guidance suggest, as well as their preambles, emphatically
pointed out, that the purpose of the regulation is to safeguard the sovereignty of national
cyberspace and Chinese national security.
Secondly, as described in the preamble and the main text of the Opinions, China’s
banking IT regulation is designed to encourage and support the domestic banks to use more
secure information technology. 113 At the same time, the regulation intends to reduce
markedly the risks imposed by suspicious IT products and services, which are probably not
to prevent the leakage of sensitive data.114
Lastly but by no means least, the legislative history of China’s banking IT regulation, as
well as the standard strategies, reflects that national security is the utmost concern of the
Chinese government nowadays. China has been consistently highlighting the national
sovereignty and essential security interests in cyberspace, both in bilateral and multilateral
forums. For instance, in the TBT Committee meeting on 18-19 March 2015, the official
representative of China stated as follows:115 “China explained that the rapid development of
global information technology and financial innovation had brought new challenges to the
banking sector. It was necessary for all governments to strengthen security to protect public
interests.”
China’s banking IT regulation emphasizes decreasing the risks of the loss of sensitive
information. According to the investigation by the Chinese Ministry of State Security, a
Japanese company, Hitachi Limited, has stolen sensitive financial data by embedding
“backdoors”116 into IT products procured by Chinese banks until 2012. In order to confront
the challenges, the technical regulations are to be employed. Thus, it is safe to infer that the
protection of national security, as depicted repeatedly in the text of China’s banking IT
regulation, is what China’s government intends to do. According to the previous cases, a
panel will end the inquiry if the objective of national security is present.117
2. A Comprehensive Scrutiny of the “Necessity” Test — The “necessity” test intrinsically
requests an evaluation of the measures’ contributions that is closely related to the
investigation of the fulfilment of the objective. In view of the systematic structure of Article
2.2, this subsection would explore whether China’s banking IT regulation is a necessity in
the light of the balancing and weighting method. Even though Article 2.2 does not specify
112
Id. at 7-8.
113
See the Opinions, supra note 13, preamble.
114
Id.
115
See WTO Members Discuss IT Security Regulations in Banking, supra note 19.
116
Commonly, a backdoor is a secret or undocumented means of getting into a computer system. It is a potential risk of
IT products. See ERNST, supra note 21, at 32.
117
A panel will end the inquiry if the object provided is among those listed in Article 2.2. See US — COOL, supra note
72, 372.

the sequence and order of the “necessity” analysis,118 arguably, the steps of the following
assessment might be tailored to gauge the specificity in the given case.119
(a) China’s Banking IT Regulation Has a Restrictive Impact on Trade Flows — Regarding
the notion of trade-restrictiveness, the Appellate Body explained it as something having a
limiting effect on trade.120 Indeed, a distortion of a competitive market or an additional
expense could be deemed as something with a negative influence on trade flows. In
theoretical perspective, José-Daniel Reyes developed an econometric model concerning the
influences on trade by the differences of technical regulations across the markets.121 The
empirical data show it is probable that even a slight difference will affect business’s entry
decisions.
As previously discussed, China’s banking IT regulation may distort, or even hinder,
international trade by increasing additional costs for both domestic and foreign producers.
It is unquestionable that the involuntary regulation, such as the requirements for the secure
certification and the conformity of China’s standards, will add extra costs for IT producers
and businesses alike. In fact, numerous foreign corporations complain about the
aforementioned unique requirements of banking IT products in China. Therefore, the
requirement of secure and controllable technology would certainly have a negative impact,
as a form of increasing the observable costs, on the internal sale of banking IT products in
China. Briefly speaking, the Chinese banking IT regulation has a restrictive impact on trade
flows.
(b) China’s Banking IT Regulation Can Contribute to the Objective to a Given Degree —
Following the legal reasoning above, the ensuing step is to assess the degree that technical
regulations can contribute to the objective pursued. In principle, there shall be “a genuine
relationship between ends and means” between the legitimate objective and the measure at
issue, according to the adopted reports.122
Although identifying the exact degree of contribution by the measure is, purely, a
technical or an a priori estimative issue, fortunately, WTO Jurisprudence shows that of the
utmost importance in such determination is whether the measure adopted does contribute
to the objective pursued. In addition, it is plausible that the greater the contribution a
measure makes to the objective pursued, the more likely it is to be characterized as
“necessary”.123
China’s banking IT regulation, theoretically, is directly capable of achieving the
legitimate objective, at least to a large extent.124 Arguably, the measures could contribute to
the purpose of protecting national security. In April 2015, the Shanghai Academy of Social
Sciences released a Blue Paper, called the Report on China’s Cyber Security Improvement
118
Appellate Body Report, United States — Certain Country of Origin Labelling (COOL) Requirements, Recourse to
Article 21.5 of the DSU by Canada and Mexico, 5.202, WTO Doc. WT/DS384/AB/RW (adopted May 29, 2015)
[hereinafter US — COOL (Article 21.5)].
119
The sequence of the steps in this analysis draws on the previous cases, such as the US — COOL case. See China —
Audio-visual Products, supra note 18, 247; US — COOL (Article 21.5), supra note 118, 5.205.
120
121
See José-Daniel Reyes, International Harmonization of Product Standards and Firm Heterogeneity in International
Trade 18-19 (World Bank Pol’y Res. Working Paper No. WPS5677, 2011).
122
Panel Report, United States — Measures Affecting the Production and Sale of Clove Cigarettes, 7.417, WTO Doc.
WT/DS406/R (adopted Apr. 24, 2012).
123
The interpretation of Article 2.2 of the TBT Agreement draws on a wealth of experience from adjudicating Article
XX of GATT 1994. See China — Audio-visual Products, supra note 18, 251.
124
See US — Tuna II (Mexico), supra note 56, 317 n. 640.

(2015). This report clearly indicates the urgent demands to safeguard China’s IT industries.125
Specifically, the adoption of foreign software and products is likely the proximate cause of
information leakage or hacking, after the full investigation of the data from China National
Vulnerability Database of Information Security.126
Technologically, the product's regulation could be an effective method to significantly
address the issues of national security. For instance, in the WLAN standard (ISO/IEC 8802-
11) there exists a security loophole relating to Wired Equivalent Privacy,127 therefore, the
WAPI standard initiated by China aims to resolve this security problem.128 In China’s IT
Banking regulation, the software shall be met with standard GB/T 20275-2013, which states
that the IT products are to be equipped with an additional sensor to automatically detect all
online activities, and with a special firewall against hackers, or even internet intruders.129
In practice, the compulsory technical regulation is an efficient and feasible method,
recognised by almost all nations, to increase the security of IT equipment. For instance,
South Korea promulgated its IT standards, i.e., WIPI and WiBro, for the purpose of
safeguarding national security.130 Even the U.S. Federal Trade Commission requested its
financial institution to develop, implement and maintain a comprehensive security program,
including administrative, technical or physical safeguarding measures.131
Furthermore, China has discretion on the determination of the level of protection. As
reiterated by the Appellate Body in current cases, according to the principles reflected in the
sixth preambular recital of the TBT Agreement, any member shall not be prevented from
pursuing a legitimate objective “at the levels it considers appropriate”132 The application of
the term “it considers appropriate” reflects, in character, the so-called “self-judging” or “self-
interpretation” paradigm. One significant feature for such “self-judging” clauses is the
attempt to reserve the right to unilaterally declare a certain obligation under the treaty to be
non-binding.133 Turning to the case, the Appellate Body was of the view that only the
measures adopted to implement the chosen level of protection shall be reviewed.134 In other
125
Ching-Wen Chao & Hung Chang, Shoubu Wangluo Kongjian Anquan Lanpishu Zaijing Fabu [The Frist Blue Paper
on Cyber-security Publishes in Beijing], RENMIN WANG [PEOPLE’S DAILY ONLINE] (Apr. 27, 2015, 1:48 PM),
http://world.people.com.cn/n/2015/0427/c1002-26911520.html.
126
Id.
127
For more information on the weakness of Wired Equivalent Privacy, see Latha P. H. & Vasantha R., Review of
Existing Security Protocols Techniques and their Performance Analysis in WLAN, 7(2) INT’L J. EMERGING TECH. IN
COMPUTATIONAL & APPLIED SCI. 162, 164-65 (2014).
128
Sensagent Corporation: Online Encyclopedia, Thesaurus, Dictionary Definitions and More: Definition — WLAN
Authentication and Privacy Infrastructure, http://dictionary.sensagent.com/
WLAN_Authentication_and_Privacy_Infrastructure/en-en/ (last visited July 28, 2016).
129
See generally Xinxi Anquan Jishu Wangluo Ruqin Jiance Xitong Jishu He Ceshi Pingjia Fangfa [Information
Security Technology—Technical Requirements and Testing and Evaluation Approaches for Network-based Intrusion
Detection System] (promulgated by the Gen. Admin. Quality Supervision, Inspection and Quarantine of the People’s
Republic of China & Standardization Admin. of the People’s Republic of China, Dec. 31, 2013, effective July 15, 2014)
at 61-63 (China).
130
See Heejin Lee & Joon (Chris) Huh, Korea’s Strategies for ICT Standards Internationalisation: A Comparison with
China’s, 10(2) INT’L J. IT STANDARDS & STANDARDIZATION RES. 1, 7 (2012).
131
See Section 314.2 (c) and 314.3(a) in Title 16—Commercial Practices, Code of (US) Federal Regulations, 16 C.F.R.
§314 (2006).
132
US — COOL (Article 21.5), supra note 118, 5.201.
132
Panel Report, United States — Measures Concerning the Importation, Marketing and Sale of Tuna and Tuna
Products, 7.460, WTO Doc. WT/DS381/R (adopted June 13, 2012) [hereinafter Panel Report, US — Tuna II].
133
Stephan Schill & Robyn Briese, “If the State Considers”: The Self-judging Clauses in International Dispute
Settlement, in 13 MAX PLANCK YEARBOOK OF UNITED NATIONS LAW 61, 89 (A. von Bogdandy & R. Wolfrum eds.,
2009).
134
ZLEPTNIG, supra note 14, at 134.

words, China has the right to determine for itself the level of protection which it considers
appropriate in a given situation.135 In summary, the adoption of secure and controllable
requirements for IT products does arguably contribute, at a chosen level defined by China,
to the purpose of national security.
(c) The Real Risks of Non-fulfilment of National Security — The risk corresponding by the
non-fulfilment of security is another element to be considered. The Chinese government will
certainly propose the argument that the framework of American cyber espionage across the
globe, disclosing by Edward J. Snowden, a former National Security Agency contractor, is
undoubtedly reasonable enough to wean off foreign technology.136 More recently, both the
Austrian High Court and the European Court of Justice found that the revelations made by
Snowden demonstrate a “significant overreach” for the United States’ agencies,137 which pose
a serious threat to international peace and security. Ironically, President Obama issued
several policy reforms of intelligence activities, but most of these reforms are only cosmetic
changes.138
From the microscopic point of view, China’s banking industry also confronts various
kinds of threats, imposed by the multinationals and foreign agencies, on national security.
According to the investigation, all the activities in the Automatic Teller Machine, which
locate outside of Japan but manufactured by Japanese corporations, would be under the
surveillance of that government.139 The leakage of sensitive information and national secrets,
such as the amount of currency in circulation, as well as the “backdoor” of IT products, risks
national economic and financial stability.
Banking and financial systems are strongly dependent on safe electronic
communication.140 The banking IT products thus have an observable influence on national
security. Interestingly, the U.S. also recognised the risks in the IT products manufactured by
the Chinese companies, Huawei and ZTE.141 In 2012, the Permanent Select Committees on
Intelligence of the United States asserted that the Chinese IT products seem to have been
inserted with backdoors, system loopholes, or Trojan horses.142 Doubtlessly, the real risks of
non-fulfilment of national security in China’s banking industry shall not be overlooked in
the age of the Internet.
135
See Panel Report, United States — Measures Affecting the Cross-Border Supply of Gambling and Betting Services,
6.461, WTO Doc. WT/DS285/R (adopted Apr. 20, 2005); Appellate Body Report, Korea — Measures Affecting Imports
of Fresh, Chilled and Frozen Beef, 176, WTO Doc. WT/DS161/AB/R (adopted Jan. 10, 2001).
136
Mozur & Perlez, supra note 20.
137
Court of Justice of the European Union, Maximillian Schrems v. Data Protection Commissioner, Case C-362/144,
Judgement of the Court (Grand Chamber), 30 (Oct. 6, 2015).
138
See Daniel Severson, American Surveillance of Non-U.S. Persons: Why New Privacy Protections Offer Only
Cosmetic Change, 56 HARV. INT’L L.J. 465, 466 (2015).
139
See Cancan Jin, Richan Shebei Buduan “Chupeng” Woguo Jinrong Anquan [Japanese Devices Continue to Touch
China’s Financial Security], Jiang Su Jing Ji Bao [Jiangsu Economic News] (July 22, 2013). More cases will be
available at ZHONGGUO YINHANYE JIANDU GUANLI WEIYUANHUI XINXI ZHONGXIN [THE INFORMATION CENTER IN
CHINA BANKING REGULATORY COMMISSION], YINHANYE KEJI FENGXIAN JINGSHILU [WARNING BELLS ON BANKING
INDUSTRY’S IT RISKS—CASE STUDIES ON BANKING INDUSTRY’S IT RISKS] 21-126 (2011).
140
Fredrik Erixon & Hosuk Lee-Makiyama, Digital Authoritarianism: Human Rights, Geopolitics and Commerce 11
(ECIPE Occasional Paper No. 5/2011, 2011).
141
H.R. REP., 112TH CONG., supra note 52, at iv.
142
Id. at 11.

D. A Short Summary
The TBT Agreement does not limit the necessary regulatory autonomy for protecting
national security; however, what shall be prohibited are the non-tariff measures used as a
pretext for disguised trade protectionism or those that are over-regulated without a
consideration of the doctrine of necessity.
Practically, China's banking IT regulation does have a trade-restrictive effect on the IT
producers. However, for the sake of the legitimate objective, the regulation in question is
probably justified, with its real contribution to national security and a substantial reduction
of risks. Regarding the comparative test in Article 2.2 of the TBT Agreement, the same level
of protection, which defined by China in the regulation at issue, shall not be attained if the
complainants suggest the voluntary regime as an available alternative. The voluntary
measure, even if it was able to achieve the same objective, would entail greater risks of non-
fulfilment, and would not be a valid and feasible choice in view of the WTO Jurisprudence.143
In other words, additional evidence is necessary to support a prima facie claim against China
under Article 2.2 of the TBT Agreement, if the United States files a complaint before the
WTO DSB.
143
Panel Report, US — Tuna II, supra note 132, 7.467.

4. News in Brief
4.1 China Proposes to Fully Open its Financial Markets to Foreign Investors
'While maintaining financial stability, China is determined to further open up its financial
services, fully implement the pre-establishment national treatment and the negative list
system', Keqiang Li, the Prime Minister of the P.R.C expressed at the Summer Davos which
was held in Tianjin during 18-20 September 2018. On 31 August, just no longer than one
month before the Summer Davos, China Banking and Insurance Regulatory Commission
have removed the caps on the foreign ownership of commercial banks. Foreign ownership
caps on insurance and securities sectors in China will also be cancelled in a foreseeable future.
4.2 New Amendment to China's Company Law is Proposed by the Securities Regulator
The China Securities Regulatory Commission (CSRC) issued a series of advice on amending
Article 142 of The Company Law of the P.R.C in relation to share repurchases by companies
listed in domestic securities markets. The existing regulation and law are described as
allowing an excessively narrow set of options for listed companies to buy back their own
equities, however, the existing procedures are considered as being too slow-paced and
complicated. If this proposed amendment to the Chinese company law can be approved by
the legislator, the efficiency of Chinese capital markets will be essentially improved.
4.3 Strictness on Banning Virtual Currency in China is Continued
In order to stabilize China financial system, The People's Bank of China carries out new
regulatory measures to ban initial coin offerings of virtual currencies in September 2018. The
regulators will continue to strictly monitor over one-hundred internet-finance platforms
which are established abroad and particularly some of those providing virtual currency
services to mainland China, will be banned by the Chinese regulator. Owing to the strictness
on prohibiting virtual currencies, the global share of virtual currency transactions within the
Chinese mainland has declined from to less than five per cent in recent two years.
Acknowledgment:
Thanks to the support of Middlesex University School of Law during the preparatory
work of the CECCA Newsletter on Company and Financial Law (Issue 1). Further
information can be found at https://www.mdx.ac.uk/about-us/our-faculties/faculty-of-
professional-and-social-sciences/school-of-law

CECCA’s Partners
(In Alphabetical Order)

Cecca newsletter on company and financial law (issue 1 october 2018)

Recommended

Recommended

More Related Content

What's hot

What's hot (8)

Similar to Cecca newsletter on company and financial law (issue 1 october 2018)

Similar to Cecca newsletter on company and financial law (issue 1 october 2018) (20)

More from André Mendes 安德烈

More from André Mendes 安德烈 (12)

Recently uploaded

Recently uploaded (20)

Cecca newsletter on company and financial law (issue 1 october 2018)