Up in the clouds: Impact of the EU-China CAI
The EU-China Comprehensive Agreement on Investment (CAI) offers EU companies a valuable and unique breakthrough into China's enormous cloud market. Prior to the CAI, only investors from Hong Kong, China and Macao, China were allowed to directly enter this market based on the Mainland and Hong Kong Closer Economic Partnership Arrangement and the Mainland and Macau Closer Economic Partnership Arrangement. Under the CAI, China has agreed to exempt EU investors from the investment ban for cloud services, although EU investors would still be subjected to a 50% equity cap. This means that EU investors could set up joint ventures with Chinese partners and the joint ventures would be eligible to obtain the required licenses for providing cloud services in the Chinese market. Furthermore, if the CAI is ratified, China should not be able to backtrack on opening up its cloud market to EU investors.
In recent years China has experimented with gradually lifting the cap on foreign shareholding in foreign invested entities that provides value-added telecommunication services in Shanghai Free Trade Zone and Beijing Comprehensive Pilot Program, and Hainan Free Trade Port. However, internet data center (IDC) services are not yet open to foreign investors in Shanghai and Beijing, while Hainan has recently started to open up to foreign investors. The Overall Plan for the Construction of the Hainan Free Trade Port (海南自由贸易港建设总体方案) that was announced by the Chinese government on 1 June 2020, has promised to "open up the sector of value-added telecommunication services and gradually remove the restriction on foreign shareholding". In addition, the newly released Hainan Free Trade Port Foreign Investment Negative List (海南自由贸易港外商投资准入特别管理措施(负面清单) (the Hainan Negative List), has allowed foreign investors to register entities and set up service facilities in Hainan Free Trade Port (Hainan FTP), which are allowed to provide IDC services to Hainan FTP and international market. However, since the enterprises that are set up according to the Hainan Negative List cannot provide IDC services to other locations in China except Hainan, the commitment that China has made under the CAI still offers EU investors access to a larger Chinese market than the regional Chinese market that is offered by the Hainan Negative List.
Currently, foreign tech companies are greatly disadvantaged by Chinese laws and regulations, which limit market access for foreign cloud service providers. As a result, China's cloud computing market is dominated by domestic players, including Alibaba Group Holding Ltd., Tencent Holdings Ltd., Huawei Technologies Co. and China Telecom Corp., which collectively control nearly 70% of China's IaaS and PaaS markets, according to the Wall Street Journal.
Nevertheless, the Chinese cloud market still holds opportunities for foreign companies. McKinsey & Company has found in its survey of 500 Chinese enterprises that Chinese cloud market is wide open, offering opportunities to any qualified supplier, regardless of its size or country of origin. The expansion of China's cloud market is also facilitated by a strong policy-push from the Chinese government. The central and local governments have been encouraging the use of public cloud services. For example, on 13 January 2021, the MIIT released the “Industrial Internet Innovation and Development Action Plan (2021 – 2023) (工业互联网创新发展行动计划(2021-2023年) , which vowed to speed up the cloud migration of industrial software and further increase the use of cloud services by industrial enterprises.
The final legal text and annexes to the CAI are still being revised which may result in specific limitations and conditions that directly or indirectly affect when and how EU companies can access China's cloud computing market. More importantly, even if the CAI is successfully ratified by the European Parliament despite political opposition, it remains to be seen how and how quickly the CAI would be implemented in practice, especially at local levels in China.
The joint venture requirement for most foreign cloud service providers can be a double-edged sword. On one hand, partnering up with Chinese companies can help European companies to localise their services and better integrate into China's distinct digital ecosystem. On the other hand, the equity cap for European investors in such joint ventures limits the influence and control that these investors can have over their Chinese partners. As a result, European companies need to carefully assess and manage the risks and disputes that might arise from such partnerships.
Another issue of concern is China's strict requirements on data storage and security assessment. According to China's Cybersecurity Law (中华人民共和国网络安全法) and the Security Assessment Measures of Cloud Computing Services (云计算服务安全评估办法), cloud infrastructure must be located in China and cloud service providers are under "continuous supervision" by China's cyberspace authorities and should go through regular security assessment organised by the country's Cyberspace Administration.
EU tech companies that are ready to expand into China's cloud market are encouraged to take advantage of the new opportunities that the CAI is likely to offer. When doing so it is critically important for EU companies to structure their business and assets in China in accordance with Chinese laws and regulations. Before entering China's cloud market, EU investors are therefore advised to take these five steps: 1) Understand industry-specific laws and regulations; 2) Set up a comprehensive strategy for protecting high-value IP assets, including trademarks, patents, copyright and trade secrets; 3) Conduct due diligence on local partners and draft partnership agreement; 4) Review data security standards; and 5) Evaluate and minimize compliance risks.