Tweet Cybersecurity, Global Markets

When “Security” Regulations Overreach

Cybersecurity has justifiably become a front-burner policy concern for governments around the world. But what happens when security regulations are effectively used to bolster the prospects of local firms at the expense of foreign competitors?

We are starting to find out, especially in emerging markets, where many governments have recently begun implementing security-related measures that stray far into the commercial sphere. The development of these overreaching security-related regulations is one of several IT-focused market barriers detailed in BSA’s latest policy report, “Lockout.” They not only create barriers to foreign IT products, but also have the unintended consequence of denying local consumers and businesses access to the best security solutions. And in some instances, they actually undermine security rather than bolster it.

Take the current restrictions on procurement in China’s Multi-Level Protection Scheme (MLPS). The MLPS classifies information networks in China based on their relative importance to national security, social order, and economic interests. Any network that is considered “sensitive” is subject to certain limitations, including requirements that all IT security products used in the network are owned by Chinese citizens and have core technology and key components that are based on domestic intellectual property. The problem is that the MLPS take a highly expansive view of what should be considered “sensitive” networks — far out of step with global norms. It includes within its scope Chinese enterprises in the areas of finance, transportation, health and education. The end result is that foreign suppliers of IT security products are excluded from selling to a significant segment of the Chinese economy.

Similarly, there are policies in India that when fully implemented will require products sold to telecommunications networks to be tested and certified in Indian laboratories, and will force technology vendors to submit to onerous facility-inspections requirements. This imposes significant costs and burdens on foreign IT suppliers, particularly those whose products have already been certified in non-Indian labs as meeting global standards for security assurance. This will lead many foreign IT companies to stay out of the Indian market while local suppliers reap the benefits.

But that “benefit” comes with a steep cost: These kinds of security policies can actually undermine security by denying government and private-sector purchasers that ability to choose the best IT solutions to meet their needs.

That’s why BSA is urging leading IT economies to address this and other IT-focused trade barriers through a comprehensive new trade agenda for the digital economy — a trade agenda that provides a fair global playing field for IT products and enhances security at the same time.

Robert Holleyman


As President and CEO of BSA | The Software Alliance from 1990 until April 2013, Robert Holleyman long served as the chief advocate for the global software industry. Before leaving BSA to start his own venture, Cloud4Growth, Holleyman led the most successful anti-piracy program in the history of any industry, driving down software piracy rates in markets around the world.

Named one of the 50 most influential people in the intellectual property world, he was instrumental in putting into place the global policy framework that today protects software under copyright law. A widely respected champion for open markets, Holleyman also was appointed by President Barack Obama to serve on the President’s Advisory Committee for Trade Policy and Negotiations, the principal advisory committee for the US government on trade matters.

Holleyman was a leader in industry efforts to establish the legal framework necessary for cloud-computing technologies to flourish. He was an early proponent for policies that promote deployment of security technologies to build public trust and confidence in cyberspace. And he created a highly regarded series of forums for industry executives and policymakers to exchange points of view and forge agreements on the best ways to spur technology advances and promote economic growth.

Before heading BSA, Holleyman was a counselor and legislative adviser in the United States Senate, an attorney in private practice, and a judicial clerk in US District Court. He holds a bachelor’s degree from Trinity University in San Antonio, Texas, a J.D. from Louisiana State University, and has completed the Stanford Executive Program at the Stanford Graduate School of Business.

Leave a Reply

Your email address will not be published. Required fields are marked *

nine + 13 =