China is close to codifying a new controversial cyber security law most foreign business are going to have a tough time swallowing:

The draft law would require companies to “comply with social and business ethics” and “accept supervision by both government and the public,” according to the state news agency Xinhua.

It would also stipulate that Chinese citizens’ personal information and other data collected in China must be housed in the country.

A new provision would also order Beijing to “monitor and deal with threats from abroad to protect the information infrastructure from attack, intrusion, disturbance or damage.”

This should not come as a surprise, and I wonder what makes it so controversial in the first place. Looked at from the obvious Chinese perspective, many highly popular cyber security businesses are from the United States. As far as China is concerned, any American business is tied up with the American government, and thus merely an extension of the NSA, CIA, and other intelligence agencies. This law allows China to maintain some semblance of control of the cyber security being provided in their country.

Of course foreign business are going to complain. This law is being codified in public, with the Chinese government basically admitting bias. Contrast that to how the United States handles this same issue, whereby there is no official written law on the books, but rather, a de-facto ban against Chinese cyber security firms.