I’m struggling to understand the current China law on bringing encrypted devices into China. My current company is using Bitlocker, and it is important to understand what risks we have if any employee takes their laptop into China to work abroad. We would not want to decrypt / turn off Bitlocker temporarily to satisfy any requests.
there are articles such as: https://www.thetravelblogs.com/encrypted-laptop-travel-restrictions/ that mention the “Wassenaar Arrangement”, but I don’t understand the new law below if this has affected this. about the “Wassenaar Arrangement”, supposedly China doesn’t “subscribe” to it, and so maybe an import license is required? but, I’m thinking it’s old news (see older news from 2017 at end of this post).
- China enacted Encryption Law on 10/26/2019, which took effect on 1/1/2020: https://www.cov.com/-/media/files/corporate/publications/2019/10/china_enacts_encryption_law.pdf
- A write-up from a secure drive company on above bullet-point, but it didn’t clear it up for me: https://www.securedrive.com/blog/china-passes-regulations-on-data-encryption
- a PDF of https://www.chinalawtranslate.com/en/cryptography-law/ (PDF created since this required a login for me to read): https://docdro.id/dcafIlX
Some older news on this:
- from 2017: https://www.cov.com/-/media/files/corporate/publications/2017/10/china_revises_rules_on_commercial_encryption_products.pdf
- also from 2017: https://www.linkedin.com/pulse/can-i-travel-internationally-my-encrypted-phone-marco-mazzeschi