1. Home
  2. China's Evolving Cybersecurity Law

China's Evolving Cybersecurity Law

China’s evolving Cybersecurity Law and what companies should know before operating in mainland China
China's Evolving Cybersecurity Law
Share

China’s evolving Cybersecurity Law and what companies should know before operating in mainland China

In 2017 China’s Cybersecurity Law went into effect, marking an important milestone in China’s efforts to create strict guidelines on cyber governance. Over the past three years, numerous updates to the regulations and interpretations have been released making it increasingly difficult for organisations to ensure compliance with the Law.

Furthermore, due to ambiguous requirements and broadly defined terminology, some enterprises are concerned about the law’s potential impact on their operations in China, while others worry that it will create trade barriers to foreign companies in the Chinese market.

Webinar details:

Date: Tuesday, September 15, 2020

Time: 10:00 AM Singapore Time

Duration: 1 hour

Register Now

Given these complexities, we have developed a Point of View (POV) series highlighting specific areas of the Law that have the biggest impact and implications for multinational corporations conducting business within mainland China.

We first present a high-level overview of the law and recent updates to the regulations, and then to give greater insight we dive into the following sections:

  • Personal Information Protection
  • Multi-Level Protection Scheme
  • Critical Information Infrastructure
  • Cross-Border Data Transfer

Download the POVs below which delve deeper into each of these sections.

Interpretations of the updates to China’s Cyber Security Law
All companies incorporated within Mainland China are required to abide by the Cybersecurity Law of The People's Republic of China (PRC), which went into effect 1 June 2017. Given the complex business relationships within the international market, the Cybersecurity Law will continue to have important political, economic, and technical implications for both domestic and multinational corporations (MNC). As updated regulations and interpretations to the Law have been released since 2017, this Point of View (POV) aims to provide further insight to the Law and expand on our July 2017 white paper, China’s Cybersecurity Law and Its Impacts: Key requirements businesses need to understand to ensure compliance.
 
Learn More
 
Personal Information Protection Overview

As part of our series providing insights into the Cybersecurity Law of the People’s Republic of China (PRC), this Point of View (POV) highlights a key area pertaining to personal information protection. Personal information is defined as information that can be used individually or in combination with other information to identify a person. Requirements around the dissemination and management of personal information by network operators are prescribed within the Cybersecurity Law and are closely linked to the national standard of personal information protection, the Personal Information Security Specification (“the Specification”).

 
Learn More
 
Multiple-level Protection Scheme
In part one of our Point of View (POV) series Interpretations of the updates to China’s Cybersecurity Law, we highlighted the updated legal requirements that impact organisations looking to do business in mainland China. One of these is the Multi-Level Protection Scheme (MLPS), an administrative requirement found in Article 21 of the Cybersecurity Law. Initially introduced in 1994, an updated MLPS 2.0 was issued in 2019, requiring network operators to ensure their networks are protected against interference, damage, or unauthorised access.
 
Learn More
Data Cross-Border Transfer
As part of our series providing insights into the Cybersecurity Law of the People’s Republic of China (PRC), this fifth installment focuses on the cross-border transfer of data — or data localisation — that is outlined in Article 37. This article covers the transfer and access of personal information and important data collected by critical information infrastructure (CII) operators in mainland China. However, other measures and guidelines currently under discussion (including Cross-Border Transfer Assessment Measures for Personal Information and Important Data as well as Security Assessment Guideline for Data Cross-Border Transfer) could extend network operator requirements.
 
Learn More
Critical Information Infrastructure
As part of our series providing insights into the Cybersecurity Law of the People’s Republic of China (PRC), this fourth installment focuses on the requirements in Section Two, Chapter Three, pertaining to Critical Information Infrastructure (CII) operators. According to the Cybersecurity Law, CII is defined as any information infrastructure that can endanger national security, national strategy, and civil welfare in the event of a data breach, compromised network, or system malfunction.
 
Learn More

 

Protiviti Cybersecurity and Privacy Protection Services

How Protiviti Can Help

Protiviti aids businesses in ensuring that their IT services meet legal requirements and regulatory rules on both national and industry-specific levels. With a team of IT security professionals, compliance experts, auditors, and other professionals, Protiviti keeps track of evolving regulations based on industry innovations, environmental trends, and emerging risks.

Protiviti security and privacy services will evaluate your current compliance according to relevant legal requirements and regulatory rules and develop technical solutions that correspond with your current technology, procedures, and resources competency. We will close gaps in your IT technology and processes in line with your budget plan, as well as prevent disruptions to normal IT and business operations from compliance activities.

 

CATEGORY TOPIC:
Digital Transformation | IT Management, Applications and Transformation | Cybersecurity and Privacy
CATEGORY INDUSTRY:
Consumer Products & Services | Financial Services | Energy & Utilities | Healthcare | Manufacturing & Distribution | Technology, Media & Telecommunications

Insights

APAC Financial Services Insights: December 2020

BPRO

Unleash the Power of Adhocracy in the face of Emerging Risks

podcast

Podcast - Building an Effective Industrial Control Systems Security Programme

PPP 2.0 – A Renewed Opportunity (and New Set of Headaches) for Lenders

Ready to work with us?

Sam Bassett
Sam Bassett
Managing Director
Linked