China remains one of the largest untapped markets for many global B2B SaaS/Cloud companies. Beyond the large established enterprise resource planning (ERP) solutions (e.g., Workday) and customer relationship management (CRM) offerings (e.g., Salesforce.com), there are already thousands of global companies operating with SaaS functions in China or considering entering the market. Companies want to take advantage of China’s massive potential customer base, which includes over 35,000 companies with revenues north of $150 million, in addition to China’s 40 million small businesses.
However, global enterprise software companies are concerned about how to stay compliant while generating a positive ROI in China. These are increasingly reasonable concerns as more software companies continue to transform their delivery models from locally installed (on-premises) installations to “service” delivery formats via the cloud (SaaS).
This transformation puts companies into a significantly more scrutinized area of China’s regulatory environment. As regulations evolve, SaaS companies are wondering if there are still paths to China that can be pursued with a modest investment, while avoiding the arduous requirements for SaaS firms to find a local majority partner. Fortunately, there are alternative ways for companies to enter China. In this article we share how SaaS companies can navigate China on their own.
Frequent SaaS compliance issues
The Commercial Internet Content Provider License (“ICP License”) is the most often cited Value-added Telecom Service (VATS) license that SaaS businesses apply for in China. However, there is much debate about whether an ICP license is strictly necessary for a company that simply offers its own solutions over the cloud or does not transact directly through its website in China. Even for these companies, there is a risk that local regulatory authorities may not have a nuanced understanding of the regulations and will default to the view that a SaaS business requires a Commercial ICP License.
The main concern around the ICP license is that it requires a joint venture, which is a non-starter for many foreign executives. Even for those who strike a JV deal, licenses are difficult to obtain. SaaS companies handle lots of data, including personal data, making them more vulnerable to close regulatory scrutiny. China is stepping up its data regulatory regime with the new Data Security Law (DSL) that was passed in June 2021 and the Personal Information Protection Law (PIPL), which passed in August and will come into effect on November 1.
Perhaps the most direct impact of these new laws on international SaaS companies that operate in China is the increased sensitivity to the processing of personal data and the scrutiny of cross-border data transfers. The silver lining to these new requirements is that the rules are becoming clearer, especially once implementing regulations come out within the next year. Companies should be aware of these changes, but we expect with this new clarity, firms will be able to comply without too much concern.
Where many companies start is not always the right place
Historically, most SaaS companies start their China journey through a cross-border approach. Companies leverage their existing global infrastructure and then build out a sales and marketing program on the ground, either independently and/or with partners. Depending on the type of solution and its technical performance requirements, this can be an effective strategy for many companies, at least initially.
However, this strategy is typically limited for several reasons:
- The company may struggle to understand and meet the needs of its China customers from afar.
- Larger customers and state-owned entities are often hesitant to purchase from companies without local technical and operational support.
- The company’s IT infrastructure will typically encounter performance issues due to its location outside of China’s Great Firewall.
All that said, many companies eventually need to do more than provide their solution from abroad and may need to set up a cloud in China when:
- Their products simply do not work well enough to support their customers in China from abroad, or
- They are providing services in China from abroad and have hit a cap on their potential, and/or
- They are concerned that the data they are capturing is at risk of being blocked or running afoul of increasingly stringent data residency requirements in China.
In most other markets, hosting a solution locally is as simple as spinning up new AWS, Azure or Google Cloud instances. However, the process is more complicated in China. The closest alternative is working with a local IT partner (value-added distributor or VAD). Many foreign companies start by speaking with one of these VADs that can obtain the necessary licenses for local operation.
While initially attractive to many SaaS companies (they often expect the VAD to take the business and run with it in China) the realities and downsides of working with these distributors usually become quickly apparent. These include:
- A high upfront fee and revenue sharing. For companies without an existing business in the country, they will typically push for exclusivity to offset the risk of bringing an unproven company into China.
- The VAD makes the company’s business a low priority (both because SaaS is hard, and for new entrants especially, because there isn’t an existing pipeline).
- The company must still spend resources to understand and customize its cloud for the China market.
- The VAD is unable to fully understand, sell and service the company’s complex SaaS solutions in the market.
- Complex decisions need to be made in the operation’s early stages, and the company and partner need to communicate effectively and coordinate resources to make decisions together on suitable China pricing models, product features and business strategy.
Regardless of the downsides, some companies do start by partnering with a VAD. In our experience, however, after a couple of years many of these companies become disillusioned and look for alternatives to re-energize their China business.
Whether new to the market and looking to go it alone or a company that started with a partner and now wants to consider a more active approach to China, companies have the same key question: do other options exist for SaaS companies that want to control their own IT infrastructure and China strategy?
Option 1 – You may not actually be a SaaS company in China, so why not stay that way?
Simply launching servers in China and running aspects of a business through the cloud does not automatically mean a company is considered a “SaaS” by Chinese regulators. Thus many SaaS companies’ business and/or delivery models do not require a Commercial ICP license (and a local JV) in order to operate in China.
Other companies do – on the face of it – seem to require a Commercial ICP License. For those companies, however, there are many variables that can determine if such a license is really necessary (it’s often not). Some common variables include:
- Pricing models and where payments are processed
- The type of data collected and where and how the company aggregates and processes that data
- How products are delivered (on-premises, local installation, cloud)
- The type of customers targeted in China (MNCs, SOEs, SMEs)
- The size of the business
The strategies to avoid needing a Commercial ICP License are unique to every company— competent legal and GTM advisors can help companies work through alternatives. For some companies these strategies can be a permanent solution. For others, they act as a delaying mechanism until the company has validated its opportunity and is ready to consider a more significant investment in China.
Option 2 – Some companies ARE SaaS companies and should have a license, but…
Many B2B SaaS companies took the direct route into China (whether independently or with the help of services providers). They made an upfront investment, created a WFOE, put boots on the ground, filed an ICP registration, set up their services on local cloud providers or on their own servers and then started to serve China customers. These companies may not be technically in compliance and need to look at their options. However, many of these regulations have only been introduced over the last four years, so many of these companies are still working on compliance.
These companies may have some risk exposure, but thus far we haven’t seen regulators pursue companies that are technically out of compliance, but which are not acting illegally and are not touching sensitive data. While this could change, in practice we continue to see many new companies follow the same path. China, like all countries, wants to attract good companies to invest and increase its tax base. Generally speaking, when companies get in trouble for lacking full proper licenses, it is more likely that a local competitor blew the whistle because they felt threatened by a foreign company’s success.
Option 3 – VIE
Variable Interest Entity (VIE) structures have historically been a potential work-around for restrictions on foreign-invested companies obtaining VATS Licenses. However, there are some regulatory indications that these structures are falling out of favor with regulators (and not just for SaaS businesses):
A domestically invested company is first established as an operating company to apply for and hold the ICP License.
The foreign business must find local Chinese citizens – sometimes key local management – to act as nominees to hold these shares of the local operating company on the foreign company’s behalf.
A set of contracts between the foreign and local company (and its shareholders) ostensibly offer the foreign company 100% control over the local company.
VIE structures have been used for over 20 years, especially by many Chinese internet companies when listing on stock exchanges outside China. While it is an option, there is much debate about the risk of the structure, especially if the relevant parties’ relationship appears to exist primarily to avoid the regulations. There are other possible issues as well, such as the risks of the foreign company losing control over nominee shareholders, as well as contracts ultimately lacking enforcement in court.
Balancing considerations for SaaS companies entering China
There are challenges for business software providers entering and operating in China, especially those built exclusively for using an SaaS model, but opportunities clearly exist for both SaaS and non-SaaS software companies alike that are willing to make the investment.