The Cybersecurity Law of the People’s Republic of China officially came into force on June 1, 2017. The Law and its rules and regulations attracted heated discussion since adoption. The Cybersecurity Law is applicable to network operators and businesses in critical sectors. The implementation of the law could be phased in gradually, which will allow companies to better assess their obligations.
Introduction to Cybersecurity in China
The Cybersecurity Law is a milestone for cybersecurity legislation in mainland China. The Law is an evolution of the previously existent cybersecurity rules and regulations from various levels and fields, assimilating them to create a structured law at the macro-level. The Law also offers principle norms on certain issues that are not immediately urgent, but are of definite long-term importance. These norms will serve as legal reference when new issues arise.
The Cybersecurity Law also provides elaborate regulations and definitions on legal liability. For different types of illegal conduct, the Law sets a variety of punishments, such as fines, suspension for rectification, revocation of permits and business licenses, and others. The Law accordingly grant cybersecurity and administration authorities with rights and guidelines to carry out law enforcement on illegal acts.
Scope of Cybersecurity Law
The “cybersecurity” in the Cybersecurity Law should be understood in the broad sense, which means it includes not only internet security, but also information security, communication security, computer security, automation, and control system security. Significantly, the businesses affected by the Cybersecurity Law are not limited to those in the information technology (IT) industry.
The Law has a wide influence over all enterprises that employ networks or information systems in their operations. According to related articles of the Law, enterprises may roughly be categorized into “network operators” and “Critical Information Infrastructure (CII) Operators” based on the enterprises’ types and their business scopes.
1. Network operators
Cybersecurity Law defines network operators as network owners, managers, and network service providers. In fact, nowadays, the vast majority of enterprises employing networks are in line with the definition of network operators, and therefore is subject to corresponding responsibilities and obligations.
2. CII operators
At present, there are no clear-cut guidelines on the definition of CII. As per the Cybersecurity Law, the State Council sets the scope of CII and its security protection measures. According to the Law, one key reference point of CII definition is to determine whether the possible damage, the loss of function, or data leaks of the related facilities of the enterprises would pose a significant threat over national security and public interests.
Contact Us
If you have further queries, don’t hesitate to contact Tannet anytime, anywhere by simply visiting Tannet’s website english.tannet-group.com, or calling Hong Kong hotline at 852-27826888 or China hotline at 86-755-82143422 or 86-755-82143181 or emailing to tannet-solution@hotmail.com. You are also welcome to visit our office situated in 16/F, Taiyangdao Bldg 2020, Dongmen South Rd, Luohu, Shenzhen, China.
Previous:Labor Cost Comparison in China
Next:China's Five Year Tax Rule for Foreigners