On 27 December 2015, the National People’s Congress Standing Committee passed China’s new Counter-Terrorism Law (New Law), which came into effect on 1 January 2016. Compared to the Draft Counter-Terrorism Law (Draft Law) that was first released on 3 November 2014 for public reading, the New Law appears less draconian as two, much objected, key requirements have been dropped. These requirements were: (i) telecommunication service operators and Internet service providers (together, “ISPs”) must “locate their related servers and domestic user data” in China (the “Localisation Requirement”), and (ii) must install “technical interfaces in the design, construction, and operation of the telecommunication and internet [services]” which would allow Chinese government to “prevent” or “investigate” terrorist activities (the “Backdoor Requirement”). The New Law, however, retains two key requirements from the Draft Law i.e., that ISPs shall disclose encryption keys to government authorities (the “Decryption Requirement”) and shall enhance monitoring and reporting of all Internet content (the “Reporting Requirement”). The respective exclusions and inclusions bring some relief to the international tech community but trigger concerns for others.