China is taking a more inclusive tack in imposing cybersecurity standards on foreign technology companies, allowing them to join a key government committee in an effort to ease foreign concerns over planned domestically-set controls.

The committee under the government's powerful cyberspace administration is in charge of defining cybersecurity standards. For the first time, the body earlier this year allowed select foreign companies—Microsoft Corp., Intel Corp., Cisco Systems Inc. and International Business Machines Corp.—to participate as working group members, letting them actively take part in drafting rules, rather than as observers, said people familiar with the discussions.

How much influence the foreign firms will have over committee deliberations remains to be seen, these people said. Over the past few months, the committee's seven working groups—which focus on encryption, big data and other cybersecurity issues—have each met at least once.

Representatives from Microsoft and Cisco confirmed the companies are members. IBM and Intel didn't immediately comment.

Taking a more consultative approach marks a shift in tactic for Beijing after nearly two years of battling the U.S. and other Western governments, as well as foreign business groups, over efforts to tighten controls on information technology—in part by pressuring suppliers to transfer technology and disclose proprietary information.

"It's still early days, but there are encouraging signs that China is recognizing the international nature of the tech supply chain and working more broadly to align its strategy with the market realities," said Bruce McConnell, a former U.S. Department of Homeland Security cybersecurity expert who is vice president of the EastWest Institute, a New York-based think tank, and isn't involved with the Chinese committee.

Beijing has been intensifying efforts to secure its technology supplies since Edward Snowden's revelations in 2013 about the U.S. government's use of American products for espionage. U.S. trade groups and other critics have said that China is using security issues as a way to favor domestic tech companies.

China's new approach isn't likely to vent the heat over technology controls. Earlier this month, 46 trade associations sent a joint letter to Chinese Premier Li Keqiang saying a draft law on cybersecurity that would increase government monitoring and mandate data be stored locally would "weaken security and separate China from the global digital economy," according to a copy of the letter reviewed by The Wall Street Journal.

The committee the foreign firms are a part of is at the front of the struggle over whether China will adopt standards that are separate or blend with international norms.

Known as Technical Committee 260, or TC260, has the task of defining what technologies are "secure and controllable," said the people familiar with the committee.

The term "secure and controllable" appears in a number of recently adopted and proposed security regulations, but has yet to be defined in detail.

U.S. companies are concerned that the term will be used to discriminate against non-Chinese products. Western companies have already found it harder to sell to Chinese government agencies and state-owned companies since the cybersecurity push began a few years ago.

Other standards TC260 is grappling with include those for rapidly evolving sectors like cloud computing and big data, according to the people familiar with the discussions.

Originally comprised of 48 members, TC260 was expanded in January to 81 members, mainly consisting of Chinese officials and representatives of domestic technology companies.

The Cyberspace Administration of China, the internet regulator that TC260 reports to, signaled a change in tone in its latest cyber directives, issued Monday. As with previous ones, the new guidelines urge stricter controls on cybersecurity, but they place new emphasis on setting common standards across China's national and local governments and in influencing global rule making.

"We should energetically participate in the development of international rules and standards for the internet space, to strengthen our power of discourse and our influence," the administration said.

Aside from opening up the committee, Beijing has tried to show it's responsive to foreign concerns on cybersecurity in other ways. It suspended rules that would have required the financial sector to prove their equipment is "secure and controllable" through intrusive testing and information disclosure.

National security and counterterrorism laws that were passed last year and that require tech companies to support government security efforts rolled back some requirements such as encryption code handover. In July, China took the unusual move of releasing its draft Cybersecurity Law for a second round of public comment.

Yang Jie, Don Clark and Jay Greene contributed to this article.

Write to Eva Dou at eva.dou@wsj.com and Rachael King at rachael.king@wsj.com

 

(END) Dow Jones Newswires

August 25, 2016 10:15 ET (14:15 GMT)

Copyright (c) 2016 Dow Jones & Company, Inc.
Microsoft (NASDAQ:MSFT)
Historical Stock Chart
From Feb 2024 to Mar 2024 Click Here for more Microsoft Charts.
Microsoft (NASDAQ:MSFT)
Historical Stock Chart
From Mar 2023 to Mar 2024 Click Here for more Microsoft Charts.