AWS China Gateway

Long-term commitment in China 

• So far, China is the only country outside of the US where AWS has three regions. With the three fully functioned AWS Regions, we could support all kinds of workloads and business scenarios.
• We have 2 labs to support the high demands and rapid development on IoT and artificial intelligence particularly in that region.
  
• We have operation in 20 cities in China. With the highly capable professionals from AWS Professional Services, Solution Architects and AWS Support team, we are able to provide consultancy, technology solutions and support to all kinds of customers. We are building industry solution capabilities and establishing team with strong industry background and in-depth industry knowledge, deeply understanding our customers’ pain points and serving their needs. APN-certified partners have years of experience in bringing global businesses to China.

Compliant with China’s legal and regulatory requirements

• Infrastructure tailored for China
  • AWS China Regions are located within mainland China.
  • An AWS China Region Account is physically and logically separated from other AWS Regions.

• Fully certified to Chinese cloud standards
  • AWS China Regions have attained necessary certifications for operating cloud services in China.

• ICP Recordal support
  • AWS partners Sinnet and NWCD can support customers requiring ICP Recordals for their top-level domain names in China.

Globally consistent experience

• AWS China Regions have the same console experience as other AWS regions. Developers won’t need additional training to use AWS services in the AWS China Regions, which use the same APIs, SDKs, and CLIs used in other AWS Regions.
• Write code once and deploy globally with ease.
• Global standard security.
  

Easily migrate your applications to AWS China Regions with seamless cross-border connection

• AMIs and data can be easily copied into AWS China Regions.
• Select from a wide variety of global and local third-party tools and solutions to help your migration.
• Using services provided by leading Chinese telecommunication carriers, customers can easily establish connectivity between resources in AWS China Regions and those located outside China. 
• Bandwidth can be flexibly configured, based on business requirements.
  

What customers say?

• With over 14 years in the market and millions of customers globally running every imaginable use case, AWS has the most operational experience of any cloud provider.
• We are taking our experience with millions of customers globally and applying it at the regional level in key markets such as China to extend our customers’ success with AWS in China.  
  
• Customers feel confident in choosing AWS for the capabilities and services based on its reputation and experience. Here are just a handful of global customers who have chosen AWS in China across various industries and sectors, including Thermo Fisher, Siemens, Toyota, Swire Coca-Cola, Canva, and more.
  

Go-to-China check list
We recommend you consider the following check list while you plan business expansion to China -
1. Use China local business entity
In most cases, customer needs a China legal entity to operate business in China. This entity will be the owner and carrier of your business and totally represent you in China. Unless you are reselling product or service in China through local partners, we recommend you to setup your own legal entity. AWS is working with APN hosting service partners and local incubators as well as VC/PEs who can provide relevant support in China
2. Work with partners
If you are working with APN partners outside China, we’d highly recommend you to reach out to them for assistant. Most of our APN partners have been successfully supported many international customers extending business to China. Working with those APN partners will be the best way for you to extend partnership and success into China.
3. Key things to consider while design your network infrastructure
While you have demand of cross-border data transit, you may need to consider three things –
• The connection
Make sure to use authorized service provider for VPN, leased line or SD-WAN
• Data security
Data security is mainly about store and transit. You may consult AWS Solution Architect or work with AWS professional service team to design an infrastructure best fit your requirement
• Regulation update
We know the governor is iterating the regulations continuously. Please stay connected with your AWS counterpart closely to mitigate any potential risk
4. Decide your payment method
You can settle the payment through wire transfer or leverage consolidate billing process to settle payment through 3rd party as long as the bank of the payer account able to process local currency CNY.
5. Setup SaaS
There is no specific SaaS license required in China yet, and most of the requirements will be very much depend on the SaaS service itself. We recommend you to consult your legal counsel to see if any regulations related to your SaaS offering including SaaS account management, license and data security. 

Internet Content Providers (ICPs) is the process built under China Cyber Security Law and relevant regulations, it is the most important mechanism to govern the behavior on Internet.
Check more information on public internet https://en.wikipedia.org/wiki/ICP_license

What is ICP filling and license?
If you provide content that can be accessed through public internet, can be a website, mobile APP, or Web API for non-commercial purposes (e.g. E-commerce for promoting and selling its own products) , you may simply just need to go through the ICP filing process. You may heard of “ICP Recordal” or “ICP Bei’An’”, they are same thing.
If you are providing specific services over internet through website, mobile APP, provide Web API, or the content and service with commercial transactions (e.g. online advertisement, e-commerce for 3rd parties to sell their products), or related to governed market segments like education, healthcare, media, financial service, you may need to obtain certain ICP license accordingly.
The law asked all public cloud service providers can only serve those content or service owners with ICP licenses or completed ICP filing, NWCD and Sinnet will verify customers’ qualifications before active the service for public access. Customers who apply ICP must have a China local business entity in mainland China and the domain name should be registered in China DNS provider with one local domain certificate. NWCD and Sinnet disable port 80/443/8080 by default before the ICP approved.

AWS China’s support on ICP
AWS China business development manager can work with Sinnet & NWCD to help you on ICP process.
*  Sinnet: As the operator of AWS China (Beijing) Region, is responsible for supporting and verifying ICP filling and ICP License for AWS China (Beijing) Region customers. Check details on Sinnet website.
*  NWCD: As the operator of AWS China (Ningxia) Region, is responsible for supporting and verifying ICP filling and ICP License for AWS China (Ningxia) Region customers. Learn more from NWCD website.

Public security registration process
When you have obtained the ICP filing or license, you shall continue to apply for filing at the local police bureau within 30 days. Reach out your counterpart from AWS China for assistant.

What is MLPS?
The multi-level protection scheme (“MLPS”) is a core part of the Chinese cybersecurity legal regime. It requires network operators to classify their networks into different security grades scaling from Level 1 to Level 5 and undertake the corresponding level of cybersecurity obligations.

• If you are a network operator as defined in the Cyber Security Law ("CSL"), you are responsible for proposing your network’s grade level based upon a self-assessment. The grade is classified according to the severity of potential damages that a cybersecurity incident to the network may cause. If you propose Level 2 or above regarding your network, you are required to engage a qualified expert to conduct an additional assessment and the result should be filed with the industry authority for approval, and further with the public security bureau for certification.
• If your network is graded Level 3 or above, you should select cyber products and services equivalent to or above the security protection grade of your network. Both Sinnet and NWCD have obtained MLPS Level 3 certification for their systems used to provide AWS services. Upon your request, Sinnet and NWCD can provide you with information about their respective MLPS certification subject to your confidentiality agreements with them.
• If you are a network operator as defined in the CSL, you should comply with the general MLPS obligations under the CSL from two aspects: (i) organizational, such as managing internal security system, implementing network security, designating personnel in charge, and (ii) technical, such as establishing technical measures to prevent virus, cyberattacks and network intrusion, backup and encryption, and keeping network logs for 6 months.
  Failing to fulfill any of the above general obligations may result in administrative penalties, including warning, order for rectifications, and monetary penalties on both the company and the personnel directly in charge.

How AWS support you with MLPS?
As an AWS customer in China, you may evaluate the impact of conducting MLPS audit against your system. AWS has a variety of offerings to help you. Firstly, China two regions have been certified as MLPS level 3. this is the foundation. Second, our solution architect could help to provide technical suggestions when you need to fulfill one of the requirements. We also offer AWS China compliance briefing in order to help you understand the underlying MLPS compliance. We provide trainings to the authorized MLPS auditor about AWS cloud and make them be familiar and knowledgeable with AWS technologies before auditing our customers, which will help to accelerate the audit process. AWS professional service and a series of partners could also provide consultancy and technical/product support. Please discuss with your counterpart in AWS China.

AWS China regions are hosting the same standard of infrastructure as other regions from AWS global. Sinnet and NWCD are data center license holders which allow them to operate cloud services.

Major security auditing certifications for AWS Beijing region (Sinnet): MLPS (Multi-Layer Protection Scheme) Level 3, ISO9001, ISO27001, ISO20000, ISO22301, Trusted Cloud Service, PCI-DSS, SOC, IRCS (Internet Resource Collaboration Service)

Major security auditing certifications for AWS Ningxia Region (NWCD): MLPS (Multi-Layer Protection Scheme) Level 3, ISO9001, ISO27001, ISO20000, ISO22301, ISO27018, Trusted Cloud Service, PCI-DSS, SOC1-2-3, IRCS (Internet Resource Collaboration Service)