This post is the latest installment of our “Monday Reflections” feature, in which a different Just Security editor examines the big stories from the previous week or looks ahead to key developments on the horizon.

On Friday, President Obama and Chinese President Xi Jinping announced agreement on several cybersecurity issues. Although it was widely expected that some cybersecurity announcement would accompany the Chinese president’s state visit, the actual content of the cybersecurity deal is surprising both for what it includes and what it does not.

The unexpected provision of the agreement, as detailed in a White House fact sheet, is the declaration that “[t]he United States and China agree that neither country’s government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.” But the agreement does not include an explicit commitment to refrain from using cyberweapons to attack critical infrastructure during peacetime—a provision previewed in a New York Times article last weekend and much discussed by commentators and even Congress in the days leading up to the state visit.

Achieving agreement on prohibiting cyber-enabled theft of intellectual property for commercial gain is a diplomatic victory for the United States. China has for the first time acknowledged that theft of intellectual property for commercial gain is improper. The fact sheet recites verbatim the norm the United States has been pushing over the last year, as evidenced by State Department Cyber Coordinator Chris Painter’s testimony to Congress last May. In a joint press conference with President Obama, President Xi repeated in Chinese that the governments “will not be engaged in or knowingly support online theft of intellectual properties,” and the language of the agreement is reiterated in an “Outcome List” posted to the Chinese Ministry of Foreign Affairs website (see para. 48).

Agreement on paper is great, but as President Obama correctly put it in the press conference, “the question now is, are words followed by actions.” Other provisions of the agreement will help provide some verification and a test of China’s good faith. In particular, the countries pledged to cooperate on cybercrime investigations and to create a high-level dialogue to “review the timeliness and quality of responses to requests for information and assistance with respect to malicious cyber activity of concern identified by either side.” The United States will likely deem lack of cooperation in particular cases to violate the agreement, and violations could trigger economic sanctions against individuals and companies pursuant to the April 2015 cyber-sanctions executive order (discussed here).

The US government is not, however, the only party that will monitor China’s compliance. As I discussed in a prior post, cybersecurity companies are demonstrating increasingly sophisticated attribution capabilities and the willingness to identify government perpetrators. The most recent example is a report released on the eve of the state visit by ThreatConnect and Defense Group Inc. that details links between China’s military and an espionage campaign against Southeast Asian targets. Cybersecurity companies will be on the lookout for changes in the frequency or tactics of Chinese threat actors. In a blog post, Dmitri Alperovitch of CrowdStrike discussed “how the private sector can be of help” in “validating this agreement,” noting that his company’s products will provide “visibility into whether China abides by the commitment they’ve expressed today.”

While the provision on intellectual property theft was a surprise inclusion in the agreement, the previewed provision on critical infrastructure didn’t materialize. The initial New York Times report discussed the possibility of an explicit agreement, but also quoted a senior administration official who “cautioned that an initial statement between Mr. Obama and Mr. Xi may not contain ‘a specific, detailed mention’ of a prohibition on attacking critical infrastructure,” but rather might “be a more ‘generic embrace’” of the 2015 UN Group of Governmental Experts Report (GGE Report). The fact sheet may not even have lived up to this weakened expectation. It simply states that “[t]he United States and China welcome the July 2015” UN GGE Report. It doesn’t endorse the GGE report’s provisions, and it makes no mention of critical infrastructure.

One might have thought that including a critical infrastructure provision in the US-China agreement would have been comparatively easier than the intellectual property provision. Ostensibly, China and the US have already agreed to the GGE Report, which states in paragraph 13(f), “A State should not conduct or knowingly support [information and communications technologies] activity contrary to its obligations under international law that intentionally damages critical infrastructure or otherwise impairs the use and operation of critical infrastructure to provide services to the public.” The US proposed this provision, so non-repetition of it may suggest ongoing reluctance on China’s part to fully endorse the report’s provisions, as Herb Lin has suggested.

Full assessment of the agreement will require time—both to monitor implementation of the intellectual property theft provision and to see if the envisioned dialogues on norms of state behavior and cybercrime bear fruit. In any event, the stick of economic sanctions remains on the table if the carrots of agreement and dialogue fall short.