How to launch your optimal compliant China SaaS Cloud business

For SaaS and Cloud providers seeking to successfully — and compliantly — launch and scale their business in China many challenges need to be managed.  

The good news is that doing business in China can be very profitable when done right.  Some initial questions to answer:

• Are any of your products or features illegal or restricted in China for Western companies that operate?
• Will any of your products or features require licenses or certifications that may be harder or take longer to obtain than planned or require model adjustments?
• Will any of your products or features require licenses or certificates that may not be obtained by foreign-controlled or foreign-invested companies within an acceptable time frame or cost or without onerous partner models?

While a good attorney is important in all phases of your plans to do business in China, they may struggle to apply their knowledge in the context of your company’s strategy, IT architecture timing, and expectations. This is what we’ve been focusing on at ADG China — having helped over 100 global software companies in China since 2001.

Several layers of help are needed as areas considered mundane in other markets often have major impact in China due to the regulatory environment and without a clear understanding of the implications, companies can misunderstand them causing major delays and costs.

Not understanding what aspects of your IT architecture needs to be deployed in China or not can lead to businesses unnecessarily designing and operating an entire independent Cloud in China when the regulatory requirements allow cross-border alternative approaches, saving valuable time and resources.

Other companies often incorrectly believe they need a China JV (joint venture) partner or to license their full technology stack to a local operating partner when a much simpler solution could be used.

With an understanding of the compliant alternatives, software company executives can quickly identify the needed implementable adjustments – which often provide permanent solutions or postpones larger investments until sufficient traction and success in China justifies them. Match your investment with real market traction as the market fit is proven — better to not build the full foundation for over a year or two and then find out.

Here are some of the areas that have the potential to materially impact SaaS/Cloud companies and should be considered in the early stages of developing the China product, GTM, and operations strategies.

Value-Added Telecom Services (VATS)

Companies operating a cloud business in China are either a Basic Telecom Service (BTS) or a Value-Added Telecom Service (VATS). When possible, companies will look to design their IT architecture and find partnering models that allow them to classify themselves as a BTS.

Why does this matter? A VATS license, with a few exceptions, cannot be directly obtained by foreign companies and therefore will require a JV, a local operating partnership, or complicated legal structures to address the inherent regulatory barriers. Better to avoid this if possible.

There are over 30 types of VATS licenses in China. Some are virtually impossible for foreign or domestic companies to obtain, while others are very common and most any company can obtain one in a few weeks. VATS license requirements should be reviewed with an experienced lawyer.

PIPL

Personal Information Protection Law (PIPL) applies to all companies processing Chinese citizen data and cannot be ignored by any business with clients or customers in China, whether they are domestic or international businesses or have legal presence in China.

PIPL is similar to GDPR in many ways where individual data privacy and rights lie at the heart of the protection policies. Both laws use the concept of consent as a primary legal requirement for the use of individual data. However, the introduction of PIPL in China has been driven more by the government’s concerns around national security and preserving social order.

Customers As Critical Information Infrastructure Operators (CIIOs)

Another key concept that executives need to be aware of is related to serving companies that are considered CIIOs. The concept involves the company, the type of data being touched, and the service being provided.

For example, a company that processes the data of a CIIO in a black box sitting inside of a company’s core infrastructure will have a much higher compliance burden then a similar company that provides the same customer with a “scored” response.

CIIOs are required to take responsibility for the data they want to send overseas. This means in practice that certain customers, even if legally allowed to send data overseas, may be unwilling to go through the approval process and will make a business decision not to work with global software companies that cannot provide local processing and storage of data.

Other traditional legal, compliance, and preparatory areas to review

As part of a standard China entry program, companies need to do their homework in a number of areas.

• Trademark filings: China is a first to file country, so this should be done early.
• Acquisition of .cn domains.
• Software copyrights.
• Patent strategy and freedom to operate.
• Legal entity structures, operating licenses, and required product certifications.
• Regulations regarding sales, VAT, and import taxes and duties.
• Intercompany contracts, including transfer pricing, finance, and accounting arrangements.

Interested in understanding your company’s China “go - no-go” decision? Happy to share thoughts and experience - reach out anytime growth@adgchina.co.