An Overview of People’s Republic of China’s Cybersecurity Law

The Cybersecurity Law of the People’s Republic of China was adopted at the 24th Session of the Standing Committee. China’s Cybersecurity Law is applicable to network operators and businesses in critical sectors. It is to be noted that businesses affected by the Cybersecurity Law are not limited to those in the information technology (IT) industry.

According to the China Briefing, cybersecurity Law defines network operators as network owners, managers, and network service providers. In fact, nowadays, the vast majority of enterprises employing networks are in line with the definition of network operators, and therefore is subject to corresponding responsibilities and obligations.

 

The Cybersecurity Law of the People’s Republic of China was adopted at the 24th Session of the Standing Committee of the 12th National People’s Congress on 7 November, with 154 affirmative votes and one abstention. The Cybersecurity Law will come into effect on 1 June 2017.

 

Scope of China’s Cybersecurity Law

It is safe to assume that any company (regardless of size and domestic or multinational extent) operating its network – including websites and internal and external networks – to conduct business, provide a service or collect data in China could very likely be in scope.

The Cybersecurity Law is applicable to network operators and businesses in critical sectors. The law requires network operators to cooperate with Chinese crime or security investigators and allow full access to data and unspecified “technical support” to the authorities upon request. The law also imposes mandatory testing and certification of computer equipment for critical sector network operators.

Penalties for Violating Cybersecurity law of China
Under the criminal law Peoples Republic of China, cybercrimes are mainly provided in the section: “Crimes of Disturbing Public Order”. Articles 285, 286 and 287 are the three major articles that directly relate to cybercrime. The punishment for violating articles 285, 286 and 287 include imprisonment, detention and fines. An offender if convicted guilty may have to serve imprisonment up to seven years for illegally obtaining data from a computer.

 

According to the Article 5: The State takes measures for monitoring, preventing, and handling cybersecurity risks and threats arising both within and without the mainland territory of the People’s Republic of China. The State protects critical information infrastructure against attacks, intrusions, interference, and destruction; the State punishes unlawful and criminal cyber activities in accordance with the law, preserving the security and order of cyberspace.

How does the Cybersecurity Law apply to businesses?

The “cybersecurity” in the Cybersecurity Law should be understood in the broad sense. The Chinese cybersecurity law includes a whole range of other domains including:

  • Information Security
  • Control System Security
  • Computer Security
  • Communication Security
  • Automation

 

It is to be noted precisely that the businesses affected by the Cybersecurity Law are not limited to those in the information technology (IT) industry.

 

Share with friends:

Understand the Important Aspects of China’s Cybersecurity Law

In November 2016, the National People’s Congress initially passed the Cybersecurity Law. Penalties for violating the Law are clearly stated and include the suspension of business activities. Serious illegal action may lead to the closing of businesses or the revocation of licenses.

China Contract

The Cyberspace Administration of China released Measures for the Security Assessment of Personal Information and Critical Data Leaving the Country, intended to assist in the implementation of China’s new Cybersecurity Law. On November 2016, the National People’s Congress initially passed the Cybersecurity Law. The law is the latest step in China’s long-term campaign for jurisdictional control over the content on the internet.

Some of the key aspects of China’s cybersecurity law

  • The law brought enormous reforms in data management
  • Monitors internet usage regulations in China
  • Imposes new requirements for network and system security

 

 

According to the China Briefing, cybersecurity Law defines network operators as network owners, managers, and network service providers. In fact, nowadays, the vast majority of enterprises employing networks are in line with the definition of network operators, and therefore is subject to corresponding responsibilities and obligations. It is safe to assume that any company (regardless of size and domestic or multinational extent) operating its network – including websites and internal and external networks – to conduct business, provide a service or collect data in China could very likely be in scope.

 

The rules could affect purchases of server equipment, mass storage devices, cloud computing services, and large-scale databases, among others. There is no clear definition of which companies could be classified as critical information infrastructure operators, though they broadly include firms involved in the finance, energy, transportation, and telecommunications industries or those that handle large amounts of personal data.

Penalties of breaking China’s cybersecurity law-

  1. Penalties for violating the Law are clearly stated and include the suspension of business activities.
  2. Serious illegal action may lead to the closing of businesses or the revocation of licenses.

 

  1. The maximum fine may reach RMB1,000,000

 

Zhang Dejiang, chairman of the standing committee of the NPC declared that China had “a solid legal foundation for accelerating the establishment of a national security system and taking a distinctly Chinese approach to national security.” This was seen by many in the West as a strong rebuttal of the criticism of China’s counter-terrorism law and the draft laws on cybersecurity and management of NGOs.

Local governments are made responsible for data security in their respective regions. According to the Article 5 of the law, the State takes measures for monitoring, preventing, and handling cybersecurity risks and threats arising both within and without the mainland territory of the People’s Republic of China. The State protects critical information infrastructure against attacks, intrusions, interference, and destruction; the State punishes unlawful and criminal cyber activities in accordance with the law, preserving the security and order of cyberspace.

 

Share with friends: