A string of reports this week have described foreign businesses’ preparations for and anxieties about an anticipated March 31 deadline for adoption of government-approved VPNs. (VPNs, or virtual private networks, use encrypted connections between computers to provide secure access to corporate systems, as well as unfiltered access to the internet beyond China’s Great Firewall.) A 14-month crackdown on VPNs was announced in January last year by the Ministry of Industry and Information Technology. Since then, domestic VPN providers have been shut down, domestic companies like Alibaba and foreign firms such as Apple and Amazon pressed into action against the sale or operation of unapproved VPN services, and VPN vendors sentenced to as much as five years in prison. A court statement from November shows at least one of these vendors given a three-year suspended sentence not for operating an unlicensed business, but for distributing illegal hacking tools.

On the eve of the reported deadline, however, it remains unclear where foreign businesses and other users stand. From Joanna Chiu at AFP:

The Ministry of Industry and Information Technology has dismissed concerns that using state-approved providers could jeopardise the security of private data, saying they "are not able to see information related to your business". A member of China-based anti-censorship group GreatFire.org, which tracks internet restrictions, said the new rules are aimed at wiping out low-cost Chinese VPN providers and increasing control over access to information. "Are foreign companies at the mercy of Chinese regulators? Yes, probably. Will there be more surveillance? Absolutely," said the member, who uses the alias Charlie Smith. […] "We will probably see selective enforcement. So far, there have not been many foreign companies that have experienced problems with their company VPNs," [the Center for Strategic and International Studies’ Samm] Sacks said. "It just adds a new layer of uncertainty at a time when foreign companies are already facing a host of challenges to doing business in China," she said. [Source]

From Reuters:

Businesses say they have not received directives from authorities about the ban and say the lack of transparency around the rules is cause for concern. “We’re not expecting a sudden impact, but at the same time there is no clarity, it’s not helpful” said a Beijing-based executive at a U.S. tech firm who declined to be identified because of the sensitivity of the subject. “We have products that have been removed or reviewed in the past under similar laws … we are fairly confident that there will be a discussion before there are any rash moves,” the executive said. […] In January, Lester Ross, head of a policy committee at the American Chamber of Commerce in China, told reporters the VPN rules could put a burden on small businesses forced to pay for expensive international private leased circuits (IPLC) to get beyond the Great Firewall. […] “It’s all part and parcel of the party’s emphasis on data control and information control. This is likely to be an even bigger concern as we go forward.” [Source]

And from The Wall Street Journal’s Liza Lin and Yoko Kubota:

Before the changes, the VPN rules “were extremely vague with little to no enforcement,” said the American Chamber of Commerce in Shanghai and consulting firm Control Risks in a recent report, adding that China is moving to ban “everything that is not approved, registered, or reviewed by the government.” […] Complying with the cybersecurity law, along with adapting to new technologies in China, contributed to companies in mainland China and Hong Kong exceeding their global counterparts by almost 25% last year in spending on cybersecurity, said industry researcher PwC. […] Harley Seyedin, the president of the American Chamber of Commerce in South China, said businesses might be spending more than they need to but don’t want to run the risk of violating the law. “Just to be safe, you do this; to be safe, you do that,” he said. “If things were more clear, you wouldn’t be spending that money.” [Source]

The uncertainty even extends to what, if anything, March 31 is actually a deadline for, as Jeremy Daum explained on Twitter in February, with an update on Thursday:

So it is starting to look like the only reason for this VPN ban scare is a year old document that I translated here when it was new and scary. The main and essentially only content about VPNs is here: pic.twitter.com/tEPo4XsOUy — China Law Translate (@ChinaLawTransl8) February 6, 2018

We are talking about it again (they talked a lot when it came out last year too) because it contains a date in 2018 in one line, but that seems to be when they will stop emphasizing this work… so unless for some reason they are waiting for a last minute surprise. pic.twitter.com/jdKL93pS8Q — China Law Translate (@ChinaLawTransl8) February 6, 2018

Even at first, it was pretty questionable whether the provisinos even applied to individuals visiting foreign websites, or just business operations of some sort, but after a year it seems there was some crackdown on VPN sales, but folks are mainly unaffected in their daily use. — China Law Translate (@ChinaLawTransl8) February 6, 2018

Moreover, every response from officials on this seems desperate to indicate that they are not going to impact people's normal access. Credibility being what it is, this seems to have convinced people a ban is imminent. https://t.co/KEpQO2MAHD — China Law Translate (@ChinaLawTransl8) February 6, 2018

Unless I'm missing something, In which case I won't be on twitter in a few weeks.? — China Law Translate (@ChinaLawTransl8) February 6, 2018

This is a link to the doc in question https://t.co/phopZFLmqE — China Law Translate (@ChinaLawTransl8) February 6, 2018