1. Internet Data Centre Value Added Telecom Services Permit (IDC VATS)
The Draft Notice clarifies that operators of cloud computing services which fall within “Internet-based resources collaboration services” must apply for and obtain an IDC VATS permit. Internet-based resources collaboration services is added as a sub-category of “Internet Data Centre” (IDC) services under the 2015 Telecom Services Catalogue. It covers the cloud computing technology and services that are based on data center facilities, that can be realized through the flexible deployment, sharing and collaboration of resources via the Internet.
It is well-known that cloud computing services are classified into three subcategories: Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS). On a plain reading, it seems that the Draft Notice refers to IaaS and PaaS types of cloud computing services, which - based on the nature of the services - fall within the description of Internet-based resources collaboration service.
It is arguably the case that SaaS may fall within the same category. If the final Notice makes clear that operators of all sub-categories of cloud computing services must apply for an IDC VATS permit, this could be of significant concern to SaaS providers. This may be particularly so because:
- the application thresholds for IDC VATS permit are quite high; and
- it could be impractical for SaaS providers to meet the site, facility and experience requirements (given the nature of SaaS is that it provides non-physical delivery of software services).
2. Restrictions in Technical Cooperation
The Draft Notice puts strict restrictions on technical cooperation in cloud computing services where the operator’s partners do not have IDC VATS permits, such as the following:
- a cloud computing service operator:
- and its partner(s) must report the proposed cooperation in writing to the telecom authorities;
- is not permitted to lease, lend, or transfer any telecom permits in any way, and nor is it permitted to provide funds, sites, facilities and other assistance to partners who illegally operate cloud computing services in China;
- shall not provide services under the a partner’s trademarks and brands or provide a partner with users’ personal data or network data illegally; and
- partners must not sign a service agreement with users directly.
These restrictions could have a potential impact on foreign investors because China has made no specific commitments to open up the IDC service market when it joined the WTO. As of today, only Hong Kong and Macau investors can apply for an IDC VATS permit (with a cap on foreign shareholding at 50%), and it has proved very difficult for foreign invested entities to obtain an IDC VATS permit.
The Draft Notice signposts the Chinese government’s intention to crack down on the practice of licence borrowing and any other behaviors that circumvent prescribed requirements. Foreign investors must therefore carefully consider the new requirements proposed by the Draft Notice in any technical cooperation with their Chinese IDC licence holders.
3. Technical and Industrial Requirements
The Draft Notice requires that cloud computing service platforms must be situated within the territory of China. When connected with an overseas network, the server of a cloud computing service must use MIIT-approved international network gateway channels (rather than a private network, virtual private network or other channels). The Draft Notice further requires that connection service providers of a cloud computing service, including network infrastructure facilities, bandwidth and IP address service providers, must all be licensed telecom services providers. Additionally, telecom service providers must not provide connection services to persons/entities who do not, in providing cloud computing services, have a corresponding VATS permit.