Online arbitration is very popular in China and several Chinese arbitral institutions have long been offering this service. This article looks at some of the key developments in this area and examines whether there are any cybersecurity measures within Chinese arbitral institutions’ rules.
Online Arbitration in China
The use of online arbitration is not a new phenomenon in China and several arbitral institutions have established specific centres for providing online arbitration services, with some having released online arbitration rules to cater for a flexible process that is conducted entirely online.
For example, in the year 2000, the China International Economic Trade and Arbitration Commission (CIETAC) established the early version of the Online Dispute Resolution Centre (ODRC), a body now specialising in online dispute resolution for domain name, e-commerce and other similar types of disputes. To facilitate online arbitrations, CIETAC also formulated a set of Online Arbitration Rules[1] in 2009, which were revised in 2014. Article 1 of the 2014 Rules, details that they apply to the resolution of e-commerce disputes and may also apply to the resolution of other economic and trade disputes to which the parties have agreed.
In 2015 the Guangzhou Arbitration Commission (GZAC) established an online arbitration platform and released a set of Online Arbitration Rules[2] and these have proven popular, with the GZAC having registered over 166,000 online arbitrations in 2018 alone[3].
More recently, the Shenzhen Court of International Arbitration (SCIA) established a set of Online Arbitration Rules in 2019[4], and revised them in 2022.
The popularity of online arbitration in China can be seen from a recent study by the China University of Political Science and Law which found that in 2019 alone, more than 30 arbitral institutions used online arbitration to handle over 300,000 cases, with online cases amounting to more than 40% of the total number of cases these institutions administered that year[5].
CIETAC, which is sometimes considered to be mainland China’s most popular arbitral institution (having recently been designated the 5th most preferred arbitral institution in the latest edition of the Queen Mary International Arbitration Survey[6]) conducts a significant number of online arbitrations and virtual hearings every year. In 2021, 870 cases were filed online which accounted for over 21% of the total caseload for the year[7] and a total of 434 virtual hearings were held[8].
Although online arbitrations have typically been used for e-commerce and domain name related disputes within China, the profound effects of Covid-19 have led many Chinese arbitral institutions to further develop their online services, alongside their offering of virtual hearings for international commercial arbitrations.
More specifically, several Chinese arbitral institutions have issued guidance on the use of virtual hearings in arbitration to assist parties considering arbitrating virtually. CIETAC, the Beijing International Arbitration Centre (BIAC) and the Shanghai International Arbitration Centre (SHIAC) are three examples of Chinese arbitral institutions issuing advice to parties and promoting the use of virtual hearings for international arbitrations in China.
The move to online arbitrations in China is further supported by Article 30 of the Proposed Draft Amendments to the PRC Arbitration Law (中华人民共和国仲裁法(修订)(征求意见稿) released by the Ministry of Justice on 30 July 2021 which provides that: “Arbitration proceedings can be conducted online”. The reference to online proceedings is important because the current law is silent on the issue, therefore the explicit reference signifies the increasingly important role of online arbitration in China.
In China, online arbitrations and virtual hearings predated the Covid-19 pandemic, however, the legacy of Covid-19 on China’s arbitration landscape will likely be the increased use of online arbitrations and virtual hearings at least in the short to medium term. This is partly due to the efficiency of the process and partly because in person venues have on occasion, been closed at short notice due to China’s strict policy of epidemic control. During the Shanghai lockdown earlier this year, on-site services at the SHIAC were suspended in April and prospective disputants were advised to file their cases online. A similar event occurred in Shenzhen in March, and parties were again advised to file their cases online, pre-scheduled hearings were rearranged and in-person services were temporarily suspended.
Cybersecurity and Online Arbitration
The use of online arbitrations and virtual hearings in China, although a welcome development, bring with it considerable risks from a cybersecurity perspective. Online arbitrations may be a more attractive target for cybercriminals compared to online litigation in China, because of the confidential and often commercially sensitive nature of the cases. In addition to this, it may be easier for hackers to target a ‘weak link’ in an arbitration because of the multitude of actors involved in the process, some of whom may not be well versed in cybersecurity. It is well known that cyberattacks can cause significant damage during and after proceedings. Examples include economic and reputational damage to the parties, institution and arbitrators, breaches of confidentiality, and potential liability under the relevant applicable law. Safeguarding an arbitration is therefore extremely important[9].
In addition to the above, a cyberattack raises the following considerations:
- Can hacked evidence ever be admissible?
- Can a cyberattack lead to arbitrator disqualification?
- Can a cyberattack render an arbitral award unenforceable?
A recent example highlighting the significance of a cyberattack on the arbitral process can be seen from a commercial arbitration known as the Brazilian Pulp Case. The case involved an alleged cyberattack which later influenced the San Paulo Court to stay enforcement proceedings to consider whether the arbitration was corrupted[10].
In addition to the impact on an individual case, a cyberattack, as mentioned earlier, can also cause significant reputational damage to an arbitral institution. This is particularly the case if no effective cybersecurity procedure/infrastructure has been adopted as users may not want to take the risk on an institution, that has a record of past data breaches. In order to effectively safeguard cybersecurity, institutions would be wise to invest in adequate cybersecurity software whilst considering whether to include specific cybersecurity provisions in their arbitration rules.
Cybersecurity Measures in Chinese Arbitral Institutions
The legal framework for Cybersecurity in China can largely be found in the Cybersecurity Law of the People’s Republic of China (中华人民共和国网络安全法) which under Article 27 provides that:
Individuals and organizations must not engage in illegal intrusion into the networks of other parties, disrupt the normal functioning of the networks of other parties, or steal network data or engage in other activities endangering cybersecurity[11].
Article 63 details that any breach of the above if not regarded as a crime, will result in an administrative penalty which includes the confiscation of illegal income, detention of no more than 5 days and a fine[12] with steeper consequences depending on severity.
Given the highly important role of maintaining adequate cybersecurity measures in arbitral proceedings, coupled with the fact that many online arbitrations/virtual hearings are undertaken each year in China, it is important for parties arbitrating in China to consider cybersecurity measures from the start to the end of the arbitral process.
There are explicit references to cybersecurity measures within certain arbitral institutions’ rules within China, although this varies between institution. Examples of specific provisions are discussed in further detail below.
The China Maritime Arbitration Commission (CMAC) specifically addresses the cybersecurity of the arbitral process in its 2021 rules as per Article 39 which states that:
Unless otherwise agreed by the parties, the arbitral tribunal may, after consulting with the parties, adopt appropriate procedural measures, including but not limited to setting out terms of reference, issuing procedural orders, sending lists of questions, holding pre-hearing meetings, and having discussions with the parties over cyber security, privacy and data protection, in order to provide the arbitral proceedings with proper safeguard for security compliance and such like [13].
CIETAC’s 2009 Online Arbitration Rules specifically address cybersecurity issues under Article 15 by stating that the institution itself shall:
Make reasonable efforts to ensure secure online transmission of case data among the parties, the arbitral tribunal and CIETAC, and to store case information through data encryption[14].
Article 29 of the 2015 GZAC Online Arbitration Rules provides that:
The Commission shall ensure security for the online transmission of case data between the parties, the arbitral tribunal and the Commission, and shall encrypt the case data to keep the case information confidential.[15]
The SCIA’s 2019 Online Arbitration Rules make specific reference to cybersecurity related issues under Article 13 and the tribunal is invited to:
Review and judge the authenticity of the generation, collection, storage and transmission of the electronic data, with particular focus on:
Whether the computer systems and other hardware and software environment relied on for the generation, collection, storage, and transmission of the electronic data are secure and reliable[16].
It is worth noting that neither of the general rules of CIETAC and the SCIA explicitly address issues of cybersecurity. Under the 2015 CIETAC Arbitration Rules, any cybersecurity measures will fall within the arbitrator’s wider discretion to conduct the case in “[a]ny way it deems appropriate”[17] under Article 35. For the 2022 SCIA Arbitration Rules, the decision to introduce any specific cybersecurity measures will fall within the tribunal’s wider discretion to decide procedural matters under Article 36.
The BIAC does not have a specific set of online arbitration rules and its general rules do not specifically address issues of cybersecurity in any explicit manner. Because of this, the discretion of the tribunal to include any cybersecurity measures will fall within their procedural discretion under Article 36 of the 2022 Rules.
Although measures relating to cybersecurity largely fall within the tribunal’s procedural discretion under various Chinese arbitral institutions’ rules, Article 39 of CMAC stands out as a model provision in relation to the importance of the tribunal’s role, when considering cybersecurity measures during proceedings. By encouraging the tribunal to discuss cybersecurity requirements with the parties, the rules subtly remind a tribunal of the importance of cybersecurity within the arbitral process.
Whilst the inclusion of specific cybersecurity related provisions within arbitration rules are unlikely to be a game changer when parties decide on an arbitral institution, their inclusion at least directs the tribunal to an extremely important subject, which could prove to be relevant in the event of a malicious cyberattack.
[1] China International Economic and Trade Arbitration Commission Online Arbitration Rules, 1 May 2009.
[2] Guangzhou Arbitration Commission Online Arbitration Rules, 1 October 2015.
[3] Chen Zhi, ‘The Path for Online Arbitration: A Perspective on Guangzhou Arbitration Commission’s Practice’ accessed 21 July 2022. http://arbitrationblog.kluwerarbitration.com/2019/03/04/the-path-for-online-arbitration-a-perspective-on-guangzhou-arbitration-commissions-practice/.
[4] Shenzhen Court of International Arbitration Online Arbitration Rules, 21 February 2019.
[5] 中国政法大学,‘网络仲裁 前方高能’ accessed 22 July 2022. https://www.chinatradenews.com.cn/epaper/content/2020-06/18/content_66505.htm
[6] Queen Mary International Arbitration Survey 2021 – Adapting Arbitration to a Changing World – p. 10. https://arbitration.qmul.ac.uk/research/2021-international-arbitration-survey/.
[7] CIETAC 2021 Case Statistics http://www.cietac.org/index.php?m=Article&a=show&id=18240&l=en.
[8] Ibid.
[9] CyberArb has provided guidance on how to reduce the risks of a cyberattack in the following article.
C.C. Kadioglu Kumtepe; J. Evans; S. Nappert (2022, forthcoming) "The Consequences of Cyberattacks in International Arbitration and Prevention Methods" February 2022.
[10] Cosmo Sanderson, ‘Arbitrator resigns from Brazilian pulp case’ Global Arbitration Review (23 August 2021) https://globalarbitrationreview.com/arbitrator-resigns-brazilian-pulp-case> accessed 18 October 2021.
[11] Cybersecurity Law of the People’s Republic of China (中华人民共和国网络安全法) Article 27.
[12] Cybersecurity Law of the People’s Republic of China (中华人民共和国网络安全法) Article 63.
[13] China Maritime Arbitration Commission Arbitration Rules, 1 October 2021.
[14] China International Economic and Trade Arbitration Commission Online Arbitration Rules, 1 May 2009. The 2014 revised Rules contain the same language.
[15] Guangzhou Arbitration Commission Online Arbitration Rules, 1 October 2015.
[16] Shenzhen Court of International Arbitration Online Arbitration Rules, 21 February 2019. The 2022 revised Rules contain the same language.
Photo by Joey Huang on Unsplash
Contributors: Joel Evans , Hongwei Dang