- Extension of special VAT invoice pilot programme to attestation consulting services industry
- SAT announces guidelines for issuing general VAT electronic invoices
- SAT conducts stricter inspections on customs payment certificates for import VAT
- Implementation of new foreign work permit classification system nationwide
- Shanghai and Shenzhen increase minimum wage levels
On 7 November 2016, the Standing Committee of the National People’s Congress approved a new Cybersecurity Law (“CSL”), which will come into force on 1 June 2017. This new law is aligned with the Chinese government’s priorities of building secure and controllable information technology systems, strengthening local technology capabilities, and safeguarding national security. How will the new law affect relevant industries and business operators when it comes into force?
Scope of application
The CSL has a very broad scope of application in the area of cybersecurity, with articles that cover security requirements for network-related products, data security and privacy, and online content control.
It also applies to ‘Critical Information Infrastructure (CII)’ operators. CII operators are defined as those involved in ‘public telecommunications and information services, energy, transportation, irrigation, finance, public services, e-government, as well as other areas that may pose a risk to national security, the economy and public interest’. Network operators that fall outside the CII definition are encouraged to voluntarily implement CII protection systems as well.
To fulfil their responsibilities under the CSL, CII operators should pay close attention to the following 5 key requirements.
1. Personal data protection
According to current regulations, the law redefines personal data and restates the restrictions relating to collection, usage and disclosure of personal data. In short, any personal data should be collected and used with prior consent and within the limited scope of providing network operator services. No disclosure, tampering or destruction of personal data is allowed unless it has been properly anonymised.
Under current legislation, businesses are required to correctly recognise the personal data they handle in the course of operations, implement measures for effective protection of such personal data, and identify the risks of their leakage. Personal data refers to information by which an individual can be identified, including the name, date of birth and identity card number.
2. Critical information infrastructure
The concept of ‘critical information infrastructure’ is introduced as an important element under the CSL and there are several additional requirements for CII operators:
a. Data localisation: “CII operators shall store personal information and other important data gathered and produced during operations within the People’s Republic of China.” However, the definition of “other important data” remains unclear. We suggest that businesses conduct their security assessment according to the “Measures for Security Assessment of Personal Information and Important Data Transmitted Abroad” regulation that took effect on 11 April 2017.
b. National security: If an operator of critical information infrastructure purchases network products or services that can be deemed as a threat to national security, they will be subject to a national security review.
c. Inspection and assessment: CII operators should inspect and assess the stability of their network security and potential risks annually.
We suggest that businesses should do a preliminary assessment first to determine whether they are ‘CII operators’ (as defined by the law) according to the number of users, data leakage and other potential risks, and data centre size.
3. Internet operators
An internet operator refers to the owner or manager of a network or the provider of a network service. According to the law, internet operators should formulate internal security management systems and operation instructions to:
- Determine the person in charge of cybersecurity and define accountabilities for cybersecurity;
- Take technical measures to prevent computer viruses, network attacks, network intrusions and other activities that endanger cybersecurity; and
- Take measures such as data classification, backup and encryption of important data
4. Storage of critical information
The operator of key information infrastructure shall store personal information and important data collected and generated during its operation within the People’s Republic of China. If such information and data is required to be transferred abroad for business purposes, a security assessment shall be conducted according to guidelines by the Cyberspace Administration of China and State Council.
5. Key network equipment and specialised cybersecurity products
All “key network equipment and specialised cybersecurity products” should be certified by qualified entities according to relevant national standards before sales. The Cyberspace Administration of China, together with other government authorities, will issue a catalogue of the “key network equipment and specialised cybersecurity products” later on.
As most businesses rely on information technology and the internet, cybersecurity should be a top priority. The new legislation requires CII operators to assess their cybersecurity practices and business continuity plan in the event of a cybersecurity incident, and execute change if necessary.
To facilitate value added tax (VAT) reform, the State Administration of Taxation has extended its pilot programme for the issuance of special VAT invoices (“special invoices”) by small-scale VAT payers to the attestation consulting services industry since 1 March 2017.
Contents of pilot programme
1. If a small-scale VAT payer (“pilot taxpayer”) from the attestation consulting services industry engages in attestation consulting services, or sales of goods/other products (excluding sales of real estate), and gains a monthly sales income that exceeds RMB30,000 or quarterly sales income that exceeds RMB90,000 within China, the pilot taxpayer is allowed to issue special VAT invoices directly through a new VAT Invoice Management System and the relevant tax authority will no longer issue the invoice on behalf of the pilot taxpayer.
2. The pilot taxpayer shall declare the taxable amount of the special VAT invoice that it issued directly to the relevant tax authority within the tax filing period. When filling in the VAT Declaration Form, the VAT payable for “Pre-tax Sales Income of Current Period” should be calculated and stated in the second row using a tax rate of 3% and in the fifth row using a tax rate of 5%.
1. The relevant tax authority shall step up training of pilot taxpayers to ensure that they issue special VAT invoices correctly. At the same time, the tax authority shall pay more attention to risk prevention and control, analysis of VAT invoice issuance data and comparison of such data with its official records, as well as monitoring the pilot programme’s effectiveness.
2. The pilot taxpayers shall safekeep special VAT invoices and issue them correctly according to relevant regulations for managing such invoices.
Since 1 December 2015, the State Administration of Taxation (SAT) has introduced a VAT invoice management system for issuing general VAT electronic invoices as an alternative to their paper counterpart traditionally issued by the tax authority. To further facilitate issuance of such invoices, SAT recently announced the following guidelines:
- The VAT invoice management system’s purpose is to reduce the operating cost of taxpayers and the tax authority, and facilitate invoice data management.
- Based on an assessment of the system’s performance during its trial period, it is particularly useful for issuing general VAT electronic invoices in key industries such as the e-commerce, telecommunications, finance, courier, and public utility sectors.
- The system should be implemented by the taxpayer or a third-party service provider. SAT’s responsibility is to formulate technical standards and management rules for the platform, and establish a monitoring system for it.
- The system should be able to provide some relevant basic services, such as generating a hard copy of the electronic invoice whose legal effect and function are the same as the traditional paper counterpart.
- Tax authorities within China are required to compile digital serial numbers of general electronic VAT invoices, register them in the VAT invoice management system and make them available to taxpayers.
- Tax authorities within China should also simplify the process of issuing tax control machines, and strengthen supervision of service providers that supply and install such machines for taxpayers. However, under no circumstances should the tax authority exert its influence in the selection of service providers.
To curb economic crime and protect taxpayers’ rights, the State Administration of Taxation (SAT) has conducted stricter inspections on customs payment certificates for import VAT and managed customs import VAT deduction or credit more vigorously since 13 February 2017.
The new measures include ensuring that the enterprise name is entered correctly into the customs system and consistent with the tax registration record of the general VAT taxpayer for the import of goods.
In addition, SAT will compare payment information in customs payment certificates with customs registration records to check for consistency. It will also obtain payment information from the customs system for deducting or crediting VAT of imported goods. If no discrepancies are found, the VAT listed in the customs payment certificate can be deemed as the input tax for the purpose of VAT deduction. Otherwise, the tax authority will seek to verify other information provided by the general VAT taxpayer.
China’s State Administration for Industry and Commerce (SAIC) has proposed the implementation of an online registration system for all relevant procedures and updates.
SAIC proposed for the system to be launched by the end of October 2017 and applicable to all types of enterprises. If implemented, this would serve as an alternative to the current on-site registration process and cover procedures such as incorporation, modification of organisational details and deregistration.
Following successful implementation of its pilot programme in major Chinese cities, a new foreign work permit classification system has been implemented nationwide since 1 April 2017.
According to the State Administration of Foreign Expert Affairs, the old work permit version and relevant certificates remain valid.
Shanghai and Shenzhen have announced increases in their minimum wage levels with effect from 1 April and 1 June 2017 respectively.
In Shanghai, the minimum monthly wage of full-time employees will be raised from RMB2,190 to RMB2,300, while the minimum hourly wage of part-time employees will increase slightly by RMB1 to RMB20.
The minimum monthly wage of full-time employees in Shenzhen will increase from RMB2,030 to RMB2,130, while the local minimum hourly wage of part-time employees will go up from RMB18.5 to RMB19.5.
Minimum wage standards in Shanghai and Shenzhen are separate from other allowances and benefits, such as social insurance, housing provident fund, and overtime payment.
Serving growing businesses since 1985, RSM in Singapore is the largest accounting, business advisory and solutions group outside the Big 4, with a total staff strength of over 950 in Singapore and 320 in China.
Our China Practice is dedicated to helping you venture into China smoothly and supporting you in navigating its complex regulatory and business environment.
Chan Weng Keen, Partner & China Practice Leader
T +65 6594 7864
Ng Thiam Soon, Partner, China Practice
T +65 6594 7809
Tan Lee Lee (Ms), Director, China Practice
T +86 21 6186 7602
Yeo Lee Soon, Director, China Practice
T +86 10 8591 1900