This chapter builds on the understanding of fuzzy logic regulatory practice, but re-focuses on the main topic of the book: the policy contradictions between the emergence of a seemingly more restrictive cyber regime in China since 2014 and simultaneous announcements of new top-down policies for encouraging entrepreneurial activity. It argues that China’s data and cyber security laws cannot be understood without first understanding both the Chinese government’s Informatisation drive (which includes the Internet Plus policy) and the concept of Network Sovereignty. The chapter is also necessary to understand China’s unique system of governance that is well suited to promote innovations proposed by private Chinese tech companies.

Open-source platforms are an increasingly popular business model for AI development for global technology companies. This chapter examines why a restrictive (non-fuzzy) interpretation of the data localisation provisions within the Cyber Security Law would harm the growth of China’s entrepreneurial ecosystem, focusing on recent Chinese government plans to grow its own domestic open-source AI ecosystem. Accordingly, this chapter reinforces the reasons why fuzzy logic lawmaking in China is so effective. It also queries whether the increased popularity of open-source platforms in China during 2017–2019 may have been another reason why data localisation was not comprehensively enforced.

This chapter analyses the policy and regulatory developments leading up to the enactment of the Cyber Security Law, including China’s Anti-Terrorism Law and how enforced source code ‘backdoor provisions’ were removed from the final draft of this law to protect China’s innovation policy goals. The discussion of China’s Network Sovereignty push is continued by explaining the significant debate about Network Sovereignty-related ideological thinking in China’s Anti-Terrorism Law. This law is yet another example of how problematic laws are delayed, as further consultation is sought. Comparisons are also made with a similar policy debate on ‘backdoor provisions’ in the United States, to show that the initial Chinese approach was not so different from universal debates, at that time, and ultimately reflects international practice. Similar approaches are now finding more widespread acceptance globally including in Australia and the United Kingdom.

This chapter contributes to understanding the possible impacts of China’s Cyber Security Law once that law is fully implemented, as it concludes that Chinese authorities conduct an ongoing cost–benefit analysis in evaluating data localisation policies and practices, and that this partly explains China’s delay in implementing the data localisation provisions within the law. This is also consistent with the longstanding practice of the Chinese government to create fuzzy logic laws in areas of rapid change in order to allow for flexibility in implementation depending on the milieu. The costs and benefits of data localisation vary over time, requiring continual re-evaluation; hence, the laws can be implemented and reinterpreted in line with fuzzy logic. In particular, what is meant by ‘important data’ can be changed according to the policy considerations outlined in this chapter.

This chapter explains the extent of fuzzy logic law surrounding the legal structure of technology companies in China. The chapter provides a profound illustration of the environment in which Chinese entrepreneurs must operate and remains an ongoing story. From the outset, Chinese technology entrepreneurs must decide how to legally structure their companies in order to account for vague conceptions of legality.

Fuzzy logic is used by the Chinese government to balance its competing interests in creating an environment that is conducive to innovation and assisting its Network Sovereignty agenda. The book concludes that data localisation laws, which form part of China’s Cyber Security Law, will not (once the law is finalised) have a major impact on open-source AI innovation. This is because the ‘fuzzy logic’ regulatory approach, consistent with prior Chinese regulatory practice, is being employed by the Chinese authorities in selectively implementing these laws to avoid negatively affecting AI development. In short, the Chinese authorities, in presiding over contradictory policy and regulatory decisions that may inhibit technological advancement in China, apply this approach to flexibly navigate those policies – and frequently to defer any conclusive decision-making to a future time (perhaps indefinitely). This is why many legal documents, including both the Cyber Security Law and its implementing rules and regulations, use intentionally vague language around data transfers and security verification and testing; this gives the government broad discretion, allowing for a spectrum of enforcement actions between promoting innovation and maintaining control.

This chapter demonstrates the extent of the data protection problems in China, and the public’s growing concern about loss of privacy and abuse of their personal data. It proceeds to show that under China’s Cyber Security Law, the government has responded to this issue by strengthening ‘data protection’ from abuse by private companies but without shielding ‘data privacy’ from government intervention. In particular, enforced real-name user registration for online services potentially allows the Chinese government to demand access to the local data of any person who uses an online service in China, for national security or criminal investigation purposes. The chapter argues that this internal contradiction within the Cyber Security Law – increased data protection while demanding real-name user registration – may also benefit AI development. This is due, in part, to the vagueness of key terms within the Cyber Security Law, and the accompanying fuzzy logic within the Privacy Standards issued under that law, which allow both tech firms and government regulators considerable discretion in how they comply with and enforce data protection provisions. In the final part of the chapter, it is argued that due to the potential benefits of AI in solving serious governance problems, the Chinese government will only selectively enforce the data privacy provisions in the Cyber Security Law, seeking to prevent commercial abuse without hindering useful technological advances.

Do China’s data localisation laws, which were introduced as part of China’s Network Sovereignty policy, adversely affect – or are they likely to adversely affect – open innovation in Chinese AI firms, which is a key goal of China’s Internet Plus policy?

China’s approach to innovation is unique. To analyse the main features of economic innovation and entrepreneurship in contemporary China, it is first necessary to dispel some common misconceptions. In addressing that topic, this chapter focuses on explaining: (1) technological innovation and how it has been conventionally understood in the literature; (2) China’s distinctive approach to technological innovation; (3) in particular, the complex role of the government, and regulation, in innovation in China; and (4) how China’s distinctive approach to innovation may actually be better at promoting innovation in AI technologies, and other rapidly developing technologies, than other approaches.

The key provisions of China’s Cyber Security Law relating to data localisation and data exits still allow for competing interpretations by regulators, which makes compliance difficult, even in 2021. The further attempt to include ‘backdoor’ keys to encryption in this law is also noted, although foreign companies have managed to exert some influence on this point and other implementation issues. The Cyber Security Law is an important and high-profile development in Chinese cyber policy history. It created much more controversy than the Anti-Terrorism Law explained in the previous chapter. In recent years, China has gradually adopted a series of laws, regulations and macro policies in the field of cyber security and data protection aimed at turning the country into a ‘cyber superpower’ and boosting its digital economy. The Cyber Security Law, which came into partial effect from 1 June 2017 (with an official 18-month phase-in period for the data localisation provisions), is a milestone in the development of China’s legal framework for cyber security and data protection. The law also provides further evidence of the inherent tensions underlying the innovation policies described in Chapter 3. However, vague regulations allow regulators leeway to adjust their aims in response to broader economic and political trends by means of implementing rules. Finally, clarifying the vaguest provisions in the Cyber Security Law through more transparent rules may provide an opportunity for the Chinese government to decide which way it is heading: towards further innovation or further restriction beyond the ongoing US–China trade war.

China’s fuzzy logic system and government support for pilot petri dishes is perfectly suited to the current state of AI research. This has enabled the rapid development of world-class AI applications, particularly in image recognition. This is due, in part, to the regulatory environment facilitating the development of AI pilots. Yet it is further argued that this suitability is due to a combination of three factors: (1) the current state of AI research and its applicability to numerous real-world applications; (2) the open nature of AI research culture globally; and (3) the complex emerging role of public–private petri dishes in China for testing innovative applications. The chapter also explains how public–private connections are formed, including how top-down government signalling is important to the trajectory of private companies.