Cybersecurity—China—Q&A guide

The following Information Law practice note provides comprehensive and up to date legal information covering:

  • Cybersecurity—China—Q&A guide
  • 1. Summarise the main statutes and regulations that promote cybersecurity. Does your jurisdiction have dedicated cybersecurity laws?
  • 2. Which sectors of the economy are most affected by cybersecurity laws and regulations in your jurisdiction?
  • 3. Has your jurisdiction adopted any international standards related to cybersecurity?
  • 4. What are the obligations of responsible personnel and directors to keep informed about the adequacy of the organisation’s protection of networks and data, and how may they be held responsible for inadequate cybersecurity?
  • 5. How does your jurisdiction define cybersecurity and cybercrime?
  • 6. What are the minimum protective measures that organisations must implement to protect data and information technology systems from cyberthreats?
  • 7. Does your jurisdiction have any laws or regulations that specifically address cyberthreats to intellectual property?
  • 8. Does your jurisdiction have any laws or regulations that specifically address cyberthreats to critical infrastructure or specific sectors?
  • 9. Does your jurisdiction have any cybersecurity laws or regulations that specifically restrict sharing of cyberthreat information?
  • More...

Cybersecurity—China—Q&A guide

This Practice Note contains a jurisdiction-specific Q&A guide to cybersecurity in China published as part of the Lexology Getting the Deal Through series by Law Business Research (published: February 2021).

Authors: Fangda Partners—Yunxia (Kate) Yin; Jeffrey Ding; Gil Zhang

1. Summarise the main statutes and regulations that promote cybersecurity. Does your jurisdiction have dedicated cybersecurity laws?

The general cybersecurity and data protection regime in China includes the Cybersecurity Law (CSL) and its implementation regulations and measures. There are also various sectoral regulators in China that have been issuing sectoral rules and regulating cybersecurity and data protection issues in their respective sectors.

The Civil Code, which came into force on 1 January 2021 and supersedes the General Principles of the Civil Law, provides for the right to personal data protection. Any organisations and individuals that collect and process personal data must ensure the security of the personal data. Unlawful collection, use, processing or transfer of personal data is prohibited.

Article 253 of the Criminal Law and the Interpretation of the Supreme People's Court and the Supreme People's Procuratorate on Several Issues regarding Legal Application in Criminal Cases Infringing upon the Personal Data of Citizens specify certain activities that may constitute the crime of infringing the right to personal data protection. There are also other provisions in the Criminal Law that criminalise the intrusion of information systems and other cybercrimes.

The

Popular documents