Can I Use Cloud Services from Foreign Providers in China?
Foreign companies operating in China frequently ask whether they can use cloud services from global providers such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). The short answer is yes, but with significant regulatory constraints that affect which services are available, where data can be stored, and how cross-border data transfers are managed. This FAQ explains the legal framework, practical options, and compliance requirements foreign businesses must navigate when choosing cloud services in China.
Overview of Foreign Cloud Services in China
All major global cloud providers operate in China, but none offer their full global suite of services directly. Instead, they partner with local Chinese companies to deliver services through joint ventures or licensed reseller arrangements. This structure is not optional. China’s cybersecurity regulations require that cloud services handling data within Chinese territory meet specific data localization and security assessment requirements that foreign entities cannot satisfy alone.
AWS China
AWS operates two China regions through a joint venture with Beijing Sinnet Technology (for the Beijing region) and Northwest AS (for the Ningxia region). Customers sign contracts with Sinnet or NWCD, not with AWS Inc. All data remains within China. Services available are a subset of the global AWS offering. Pricing differs from global pricing and is in Chinese Yuan (CNY).
Microsoft Azure China
Azure China is operated by 21Vianet, a local Chinese partner. Microsoft licenses its technology to 21Vianet, which operates the data centers and provides services directly to customers. You sign a contract with 21Vianet, not Microsoft. The service catalog is more limited than global Azure, with some services delayed in availability or absent entirely.
Google Cloud in China
Google Cloud does not have a direct presence in mainland China. There is no Google Cloud Platform (GCP) region within China operated by a local partner (as of 2026). Some limited services are available through reseller partners, but GCP cannot be used as a primary cloud provider for workloads hosted within China. Foreign companies needing Google services generally rely on Alibaba Cloud or Tencent Cloud as alternatives.
Regulatory Framework Governing Foreign Cloud Services
Several laws and regulations determine how foreign cloud services can be used in China. The most important are outlined below.
Cybersecurity Law (CSL)
Enacted in 2017, the Cybersecurity Law requires that personal information and important data collected and generated by Critical Information Infrastructure (CII) operators within China be stored domestically. If cross-border transfer is necessary, a security assessment is required. While the law primarily targets CII operators, its practical reach extends to many foreign-invested enterprises operating in regulated industries.
Data Security Law (DSL)
The Data Security Law, effective September 2021, established a tiered data protection system. It categorizes data based on its importance and imposes stricter security obligations on data processors handling important data. Foreign cloud providers operating in China must comply with DSL requirements for data classification, protection, and risk assessment.
Personal Information Protection Law (PIPL)
The PIPL, effective November 2021, is China’s equivalent of the GDPR. It governs the collection, storage, processing, and transfer of personal information. Under PIPL, transferring personal information outside China requires passing a security assessment organized by the Cyberspace Administration of China (CAC), obtaining certification from a specialized institution, or signing Standard Contracts for the Export of Personal Information with the receiving party.
Can You Use AWS or Azure for Workloads in China?
Yes, but only through the local operating entities described above. Here are the key considerations for each major provider.
| Provider | China Operator | Data Residency | Contracting Entity | Service Availability |
|---|---|---|---|---|
| AWS | Sinnet / NWCD | China only | Local Chinese company | ~60% of global services |
| Azure | 21Vianet | China only | Local Chinese company | ~70% of global services |
| Google Cloud | None | N/A within China | N/A | Not available for in-China hosting |
| Alibaba Cloud | Alibaba (local) | China only | Alibaba Cloud China | Full catalog |
| Tencent Cloud | Tencent (local) | China only | Tencent Cloud China | Full catalog |
Contractual and Liability Considerations
When using AWS China or Azure China, your legal relationship is with the local operator, not the global parent company. This means:
- Service Level Agreements (SLAs) are governed by Chinese law
- Dispute resolution occurs in Chinese courts or arbitration bodies
- Data protection commitments are made by the local operator
- The global provider’s indemnification terms do not apply
- Your global master services agreement does not extend to the China region
Cross-Border Data Transfer Requirements
Even when using a foreign cloud provider’s China-based data center, cross-border data transfer rules still apply if data moves between your China operations and your global systems. The following scenarios require compliance with cross-border data transfer regulations.
Scenario A: Data Stored in China, Accessed from Abroad
Your company stores customer data in AWS China (Beijing region) and your global headquarters in Germany accesses it for reporting. Under PIPL, this constitutes a cross-border data transfer because a foreign party can access personal information stored in China. You must either pass the CAC security assessment, obtain certification, or sign the Standard Contract for the Export of Personal Information.
Scenario B: Hybrid Cloud with Global Synchronization
Your CRM system runs on Azure China but synchronizes with your global Azure Active Directory and Dynamics 365 instance. The sync mechanism transfers personal information of Chinese users outside China. This requires cross-border data transfer compliance measures.
Scenario C: Disaster Recovery Across Borders
You maintain a primary data center in Shanghai on AWS China and a disaster recovery site in Singapore on AWS Global. The replication of data from China to Singapore triggers cross-border data transfer rules.
Choosing Between AWS China, Azure China, and Local Chinese Clouds
When selecting a cloud provider for your China operations, the decision often comes down to three factors: existing global cloud commitments, regulatory requirements, and performance needs. If your company already runs most of its global infrastructure on AWS or Azure, the appeal of using the same provider in China through its local JV is understandable. However, the China region’s limited service catalog, higher costs, and different legal entity for contracting may offset the advantages of provider consistency.
For companies building their China IT infrastructure from scratch, Alibaba Cloud or Tencent Cloud often provide better value. They offer full service catalogs at lower prices, have extensive CDN coverage across China’s three major ISPs, and provide native integration with the Chinese enterprise ecosystem. Foreign companies that have chosen local Chinese clouds report average cost savings of 15-25% compared to global provider China regions, along with faster deployment times because they do not need workarounds for unavailable services.
Hybrid approaches are also viable. Some foreign companies use Alibaba Cloud for consumer-facing workloads that need low latency and WeChat integration, while keeping corporate IT systems on AWS China for consistency with global tooling. This multi-cloud strategy requires careful data mapping to ensure that cross-provider data flows comply with PIPL and data localization requirements.
Practical Recommendations for Foreign Firms
1. Conduct a Data Mapping Exercise
Before choosing a cloud provider, map all data flows involving your China operations. Identify what personal information and important data is collected, where it is stored, who accesses it, and whether any data leaves China. This exercise determines which regulatory obligations apply and informs your cloud architecture decisions.
2. Use China-Local Cloud Services When Possible
For workloads that involve personal information of Chinese residents or important data in regulated industries (finance, healthcare, telecommunications, transportation), using a fully local cloud provider such as Alibaba Cloud or Tencent Cloud minimizes cross-border data transfer complexity. These providers offer the full service catalog and have experience serving foreign-invested enterprises in China.
3. Maintain Separate China and Global Environments
Architect your IT systems so that the China environment is self-contained. Avoid synchronization with global systems unless necessary. If cross-border data transfer is unavoidable, implement one of the approved legal mechanisms and document the data transfer purpose, scope, and recipient details.
4. Work with Local Compliance Counsel
Cloud service contracting and data compliance in China are highly fact-specific. Engage a law firm with expertise in China’s cybersecurity and data protection framework to review your cloud service agreements, data transfer mechanisms, and internal policies. The regulatory environment continues to evolve, and professional guidance is essential to maintaining compliance.
Risks of Non-Compliance
- Fines of up to 50 million RMB or 5% of annual revenue under PIPL
- Suspension of business operations or revocation of licenses
- Blacklisting and reputational damage
- Personal liability for legal representatives and data protection officers
- Blocking of the enterprise’s access to essential Chinese networks and services
Conclusion
Foreign cloud services can be used in China, but only through locally operated entities and subject to China’s data protection and cybersecurity regulations. AWS China (via Sinnet/NWCD) and Azure China (via 21Vianet) are available, while Google Cloud lacks a direct China presence. All cloud deployments involving personal information or important data must comply with data localization requirements and cross-border data transfer rules. Foreign companies should architect their China IT environments to be self-contained, conduct thorough data mapping, and engage local compliance counsel to ensure their cloud usage remains within the bounds of Chinese law. Making the wrong choice about cloud service providers or data handling practices can lead to significant regulatory penalties and operational disruption.
