Key Points Arising from China's Regulations on CII Protection
September 03, 2021 | BY
Susan MokCasper Sek of Jin Mao Partners highlights the requirements of the Regulations on CII Protection from the perspective of compliance practices for companies operating in China and discusses what is a critical information infrastructure and critical information infrastructure operator, the regulators involved and compliance under the new regulations
Summary
|
- The promulgation of this regulation means that there is clear implementation and rules for enhanced protection of critical information infrastructures
- Whether certain network facilities and information systems constitute a CII will be identified by the Protection Departments
- The list of CIIs and CIIOs is treated as confidential information because the CIIs are the key protection objects of cybersecurity
- CIIOs in China should comply with annual cybersecurity assessment, data localization and overseas data transfer requirements
The Regulations for Protection of the Security of Critical Information Infrastructure (Regulations on CII Protection) (关键信息基础设施安全保护条例) was promulgated on August 17 and became effective from September 1, which is four years after publication of the first draft by the Cyberspace Administration of China (CAC) to collect public comments.
This premium content is reserved for
China Law & Practice Subscribers.
A Premium Subscription Provides:
- A database of over 3,000 essential documents including key PRC legislation translated into English
- A choice of newsletters to alert you to changes affecting your business including sector specific updates
- Premium access to the mobile optimized site for timely analysis that guides you through China's ever-changing business environment
Already a subscriber? Log In Now