For companies in China, the big question is, "what's all this going to cost at the end of the day?" said Benjamin Cavender, a principal at China Market Research Group.
"If you're a company that was previously using services that aren't going to be looked on favorably in China, and you're forced to migrate to a new platform — that gets expensive really quickly," he said.
Plus, being forced to store data domestically could pose a few problems. Firstly, foreign firms normally do need to transfer information outside of China. And secondly, keeping sensitive information on Chinese servers might mean the government can look under the hood whenever it wants, exposing multinationals to industrial espionage.
Along a similar vein, it could potentially allow Beijing to even further track people it deems troublemakers. Still, it should be noted that government censorship and monitoring has long been an issue in China.
"Data security is based on the best available technology internationally, and our companies already have robust IT systems in place to ensure the security of their data and IT systems in the China Market," said Jacob Parker, vice president of the U.S.-China Business Council.
The American Chamber of Commerce in Shanghai has called the data localization and data transfer regulations "unnecessarily onerous," with a potential impact on cross-border trade worth billions of dollars.
Multinationals may be better equipped to take on the cost of compliance, but "a lot of the small and medium sized companies may not be able to afford to put in the control that the Chinese government is asking for, and if they can't put in those controls, it may actually push them out of that country and that market," said James Carder, vice president of cybersecurity firm LogRhythm Labs.
The EU Chamber of Commerce in China has even supported a delay in implementing the law, given what it says is the law's lack of clarity about how different aspects will be defined and enforced.