Intelligence

China’s National Intelligence Law of 2017 is central to concerns about Chinese technology companies and data sovereignty. Article 7 requires all organizations and citizens to ‘support, assist, and cooperate with state intelligence work’ while Article 14 allows intelligence agencies to demand assistance. This creates inherent security concerns for any technology, software, or service originating from China: companies may be compelled to provide access or build backdoors without disclosure. The law applies extraterritorially to Chinese entities and citizens abroad. Combined with the Cybersecurity Law, Data Security Law, and PIPL, it forms a comprehensive framework where data protection coexists with broad state access requirements. For organizations assessing supply chain risk, the National Intelligence Law is a key factor when evaluating Chinese-origin technology.

FISA Section 702 authorizes intelligence agencies to conduct surveillance targeting non-US persons reasonably believed to be located outside the US for foreign intelligence purposes. Unlike traditional FISA, Section 702 does not require individual court orders for each target. The FISA Court approves annual targeting and minimization procedures, but not individual targets. Major tech companies including Google, Microsoft, Facebook, and Apple must comply with directives to provide access to communications. The PRISM program operates under Section 702 authority. For EU data protection, Section 702 is problematic because it enables bulk collection of Europeans’ data with no meaningful judicial oversight or individual rights. The Schrems II ruling cited Section 702 as a key reason for invalidating the EU-US Privacy Shield. Recent reauthorizations have expanded some authorities while adding limited safeguards.