The Cybersecurity Law of the People’s Republic of China was adopted at the 24th Session of the Standing Committee. China’s Cybersecurity Law is applicable to network operators and businesses in critical sectors. It is to be noted that businesses affected by the Cybersecurity Law are not limited to those in the information technology (IT) industry.
According to the China Briefing, cybersecurity Law defines network operators as network owners, managers, and network service providers. In fact, nowadays, the vast majority of enterprises employing networks are in line with the definition of network operators, and therefore is subject to corresponding responsibilities and obligations.
The Cybersecurity Law of the People’s Republic of China was adopted at the 24th Session of the Standing Committee of the 12th National People’s Congress on 7 November, with 154 affirmative votes and one abstention. The Cybersecurity Law will come into effect on 1 June 2017.
Scope of China’s Cybersecurity Law–
It is safe to assume that any company (regardless of size and domestic or multinational extent) operating its network – including websites and internal and external networks – to conduct business, provide a service or collect data in China could very likely be in scope.
The Cybersecurity Law is applicable to network operators and businesses in critical sectors. The law requires network operators to cooperate with Chinese crime or security investigators and allow full access to data and unspecified “technical support” to the authorities upon request. The law also imposes mandatory testing and certification of computer equipment for critical sector network operators.
Penalties for Violating Cybersecurity law of China
Under the criminal law Peoples Republic of China, cybercrimes are mainly provided in the section: “Crimes of Disturbing Public Order”. Articles 285, 286 and 287 are the three major articles that directly relate to cybercrime. The punishment for violating articles 285, 286 and 287 include imprisonment, detention and fines. An offender if convicted guilty may have to serve imprisonment up to seven years for illegally obtaining data from a computer.
According to the Article 5: The State takes measures for monitoring, preventing, and handling cybersecurity risks and threats arising both within and without the mainland territory of the People’s Republic of China. The State protects critical information infrastructure against attacks, intrusions, interference, and destruction; the State punishes unlawful and criminal cyber activities in accordance with the law, preserving the security and order of cyberspace.
How does the Cybersecurity Law apply to businesses?
The “cybersecurity” in the Cybersecurity Law should be understood in the broad sense. The Chinese cybersecurity law includes a whole range of other domains including:
- Information Security
- Control System Security
- Computer Security
- Communication Security
It is to be noted precisely that the businesses affected by the Cybersecurity Law are not limited to those in the information technology (IT) industry.