Yan Luo advises clients on a broad range of regulatory matters in connection with data privacy and cybersecurity, antitrust and competition, as well as international trade laws in the United States, EU, and China.
Yan has significant experience assisting multinational companies navigating the rapidly-evolving Chinese cybersecurity and data privacy rules. Her work includes high-stakes compliance advice on strategic issues such as data localization and cross border data transfer, as well as data protection advice in the context of strategic transactions. She also advises leading Chinese technology companies on global data governance issues and on compliance matters in major jurisdictions such as the European Union and the United States.
Yan regularly contributes to the development of data privacy and cybersecurity rules and standards in China. She chairs Covington’s membership in two working groups of China’s National Information Security Standardization Technical Committee (“TC260”), and serves as an expert in China’s standard-setting group for Artificial Intelligence and Ethics.
As tensions continue to rise between China and the United States, the Chinese government has taken a step forward in actualizing the “Unreliable Entity List,” first announced by China’s Ministry of Commerce on May 31, 2019, following the addition of Huawei and affiliates to the U.S. Commerce Department’s “Entity List.” Now, as the U.S. government … Continue Reading
China has set out on an ambitious agenda of aiming to become the world leader in artificial intelligence by 2030. Policy experiments for a critical part of China’s AI development strategy, and to that end multiple government think tanks have set out formulating standards that may impact AI innovation in China. The China Electronics Standardization … Continue Reading
On June 27, 2018, China’s Ministry of Public Security (“MPS”) released for public comment a draft of the Regulations on Cybersecurity Multi-level Protection Scheme (“the Draft Regulation”). The highly anticipated Draft Regulation sets out the details of an updated Multi-level Protection Scheme, whereby network operators (defined below) are required to comply with different levels of … Continue Reading
On January 2, 2018, the Standardization Administration of China (“SAC”) released the final version of the national standard on personal information protection, officially entitled GB/T 35273-2017 Information Technology – Personal Information Security Specification (GB/T 35273-2017 信息安全技术 个人信息安全规范) (hereinafter “the Standard”). The Standard will come into effect on May 1, 2018.As highlighted in our previous coverage … Continue Reading
In the past three weeks, China’s State Council and the State Cryptography Administration (“SCA”) issued two documents that reveal a major change in the regulatory regime governing commercial encryption products in China, potentially paving the way for the draft Encryption Law to establish a uniformed encryption regime. This development and its practical implications will be … Continue Reading
For years, the foreign business community has called for greater transparency and opportunities to provide more input into China’s legislative and regulatory rule-making processes. In a small step forward, on July 19, the Legislative Affairs Office of the State Council (“SCLAO”) released draft revisions to the Regulations on Procedures for Formulating Administrative Regulations (“Draft Revisions”) … Continue Reading
On July 11, 2017, the Cyberspace Administration of China (CAC) released the draft Regulation for the Protection of the Critical Information Infrastructure (“Draft Regulation”) for public comment (official Chinese version available here). The comment period ends on August 10, 2017. Aiming to add greater clarification to the Cybersecurity Law, which took effect on June 1, … Continue Reading
On May 16, 2017, the Legislative Affairs Commission of the National People’s Congress (NPC) Standing Committee of China released for public comment a draft of the National Intelligence Law (“the Draft Law”). The Draft Law, if enacted as drafted, would be the first Chinese statute to systematically address national intelligence related issues, including institutional structures, … Continue Reading
When China’s Cybersecurity Law was enacted last November, one question (among many) that surfaced was how the government would implement the “national security review” that the law requires for certain network products and services. The law, which takes effect this June, provides that any network products and services that might affect national security procured by … Continue Reading
On October 31, the Xinhua news agency reported that the Standing Committee of China’s National People’s Congress (“NPC”) is conducting the third reading of the draft Cybersecurity Law (“the Law”). NPC released two previous drafts of the Law for public comment in July 2015 and July 2016 (see Covington e-alerts here and here), but the … Continue Reading
In recent years, the business community in China has been abuzz with talk of various market access “negative lists” — lists of exceptions to what would otherwise be open market access. China has now introduced a new market access negative list for all forms of investment in the country, both domestic and foreign. Before describing … Continue Reading
On December 27, 2015, the Standing Committee of the National People’s Congress (NPC), China’s top legislative body, enacted a Counter-Terrorism Law (see the Chinese version here), which took effect on January 1, 2016. The adoption of this law, a year after the first draft was released for public comment, followed closely the adoption of a … Continue Reading
Close on the heels of a sweeping new National Security Law, the Standing Committee of the National People’s Congress released last month for public comment a very significant draft Network Security Law (“Draft Law”), also referred to as the draft Cybersecurity Law. Since it came into power in 2012, China’s current leadership has attached an … Continue Reading
The Chinese government made headlines around the world on July 1 when the Standing Committee of the National People’s Congress passed a sweeping new national security law (see official Chinese version here). The scope of the law, China’s most comprehensive piece of national security legislation to date, is broad. It covers issues of political security, … Continue Reading
Acquisitions of China assets by US companies have plummeted to their lowest level since 2002, according to recent data from Dealogic reported by the Wall Street Journal (“WSJ”) MoneyBeat blog. The news that only 25 deals to buy Chinese assets were made by US companies in the first half of 2014 stands in stark contrast … Continue Reading