China has taken another step toward implementing a controversial cybersecurity law that could have significant implications for foreign businesses operating in that lucrative market.

{mosads}The draft law would require companies to “comply with social and business ethics” and “accept supervision by both government and the public,” according to the state news agency Xinhua.

It would also stipulate that Chinese citizens’ personal information and other data collected in China must be housed in the country.

A new provision would also order Beijing to “monitor and deal with threats from abroad to protect the information infrastructure from attack, intrusion, disturbance or damage.”

The draft was presented to the standing committee of the National People’s Congress for its second reading on Monday, but it is not clear when it will be passed.

Beijing has long argued that its increasingly stringent cybersecurity laws are necessary to protect the country from cyberattacks, while foreign businesses complain that they are protectionism meant to lock out foreign competitors.

One national security law, adopted last July, requires all technologies — including those belonging to foreign firms — to be “secure and controllable.”

The steadily increasing rules are part of a long-standing effort to restrict the flow of digital information at home, and diminish reliance on foreign technology.