Cyberspace Administration of China, Regulations for Protection of the Security of Critical Information Infrastructure (Draft for Comments)

国家互联网信息办公室关键信息基础设施安全保护条例 (征求意见稿)

September 16, 2017 | BY

Susan Mok &clp articles &

Issued: July 10 2017 Main contents: The network facilities and information systems operated and managed by the entities set forth below that,…

Promulgated: 2017-07-10

Issued: July 10 2017

Main contents: The network facilities and information systems operated and managed by the entities set forth below that, in the event of destruction, loss of function or data leak, could seriously jeopardize national security, the national economy, people's livelihoods or the public interest shall be incorporated into the scope of critical information infrastructure subject to protection:

(1) government agencies, and entities in industries and sectors such as energy, finance, transport, water resources, health and medicine, education, social insurance, environmental protection and public utilities;

(2) information networks, such as telecommunications networks, radio and television networks and the internet, as well as entities that provide cloud computing, big data and other large public information network services;

(3) scientific research and production entities in industries and sectors such as science and technology industry for national defense, large-scale equipment, chemical industry, food and pharmaceuticals; and

(4) news entities such as radio stations, television stations, news agencies (Article 10).

The operation and maintenance of critical information infrastructure shall be carried out in China. If, due to business needs, it is genuinely necessary to carry out offshore remote maintenance, the same shall be reported in advance to the state department in charge of or regulating the industry and the State Council's public security department (Article 34).

issued:2017-07-10

Issued: July 10 2017

Main contents: The network facilities and information systems operated and managed by the entities set forth below that, in the event of destruction, loss of function or data leak, could seriously jeopardize national security, the national economy, people's livelihoods or the public interest shall be incorporated into the scope of critical information infrastructure subject to protection:

(1) government agencies, and entities in industries and sectors such as energy, finance, transport, water resources, health and medicine, education, social insurance, environmental protection and public utilities;

(2) information networks, such as telecommunications networks, radio and television networks and the internet, as well as entities that provide cloud computing, big data and other large public information network services;

(3) scientific research and production entities in industries and sectors such as science and technology industry for national defense, large-scale equipment, chemical industry, food and pharmaceuticals; and

(4) news entities such as radio stations, television stations, news agencies (Article 10).

The operation and maintenance of critical information infrastructure shall be carried out in China. If, due to business needs, it is genuinely necessary to carry out offshore remote maintenance, the same shall be reported in advance to the state department in charge of or regulating the industry and the State Council's public security department (Article 34).

issued:2017-07-10

This premium content is reserved for
China Law & Practice Subscribers.

  • A database of over 3,000 essential documents including key PRC legislation translated into English
  • A choice of newsletters to alert you to changes affecting your business including sector specific updates
  • Premium access to the mobile optimized site for timely analysis that guides you through China's ever-changing business environment
For enterprise-wide or corporate enquiries, please contact our experienced Sales Professionals at +44 (0)203 868 7546 or [email protected]