Global menu

Our global pages

Close

China Cybersecurity Law One Year On Share on LinkedIn Share on Twitter  

Share: 

  

It’s been one year since China’s Cybersecurity Law took effect, and while businesses are keenly aware of the need to comply, many are still trying to fully understand its implications. There is an abundance of new guidelines and regulations clarifying the scope and applicability of concepts introduced by the Cybersecurity Law, and others which expand on existing security requirements in order to promote cybersecurity.

Although more guidelines and regulations are expected, businesses must be alert to existing obligations that are in force – and enforced – today.

Eversheds Sutherland have undertaken a comprehensive review of the development of the cybersecurity legislative landscape in China and summarized the information in an easy-to-read format. Our new interactive timeline, “China Cybersecurity Law - One Year On”, provides a high level summary of the key legislation, regulations and guidelines in this area, and also describes some interesting enforcement actions that have already been taken.

Key:

Key Legislation
Key Guidelines and Regulations
Enforcement Actions
Draft legislation, guidelines, regulations or consultation papers.

December 1982

PRC Constitution (《宪法》)

4 December 1982

January 1987

General Principles of Civil Law (《民法通则 》)

1 January 1987

January 1994

Consumer Protection Law (《消费者权益保护法》)

October 2010

State Secrecy Law (《保守国家秘密法》)

1 October 2010

January 2011

Administrative Measures for Internet Information Services (2011 Amended Version) (《互联网信息服务管理办法(2011年修订版)》)

8 January 2011

March 2012

Several Provisions on Regulation of the Order of Internet Information Service Market (《规范互联网信息服务市场秩序若干规定》)

15 March 2012

December 2012

Decision of the Standing Committee of the National People's Congress on Strengthening Network Information Protection (《全国人民代表大会常务委员会关于加强网络信息保护的决定》

February 2013

Information Security Technology - Guidance for Protection of Personal Information of Public and Commercial Service Information System (《信息安全技术 公共及商用服务信息系统个人信息保护指南》)

1 February 2013

September 2013

Provisions on Protection of Personal Information of Telecommunication and Internet Users (《电信和互联网用户个人信息保护规定》)

1 September 2013

March 2014

Administrative Measures for Network Trading (《网络交易管理办法》)

15 March 2014

August 2014

Provisions of the Supreme People's Court on Several Issues concerning the Application of Law to Trial of Civil Dispute Cases of Infringement of Personal Rights via Information Networks (《最高人民法院关于审理利用信息网络侵害人身权益民事纠纷案件适用法律若干问题的规定》)

21 August 2014

March 2015

Administrative Regulations on the Account Names of Internet Users (《互联网用户账号名称管理规定》)

1 March 2015

June 2015

Administrative Regulations on Text Message Services (《通信短信息服务管理规定》)

30 June 2015

July 2015

State Security Law (《中华人民共和国国家安全法》)

1 July 2015

June 2016

Guidance for Operations of National Cybersecurity Check (《国家网络安全检查操作指南》)

1 June 2016

November 2016

Various Guidelines relating to Technical and Security Requirements on Information Security Technology

December 2016

Administrative Regulations on the Internet Live-streaming Services (《互联网直播服务管理规定》)

1 December 2016

December 2016

State Cyberspace Security Strategy (《国家网络空间安全战略》)

27 December 2016

January 2017

Administrative Measures for Cybersecurity Management of Press, Publication, Radio, Film and Television (Trial) (《新闻出版广播影视网络安全管理办法(试行)》)

6 January 2017

January 2017

Information Security Technology - Requirements and Code of Conduct for Security Testing Bodies of Information Technology Products (Exposure Draft) (《信息安全技术 信息技术产品安全检测机构条件和行为准则(征求意见稿)》)

March 2017

Cyberspace International Cooperation Strategy (《网络空间国际合作战略》)

1 March 2017

May 2017

Information Security Technology - Controllability Evaluation Index for Security of Information Technology Products Part 1-5 (Exposure Draft) (《信息安全技术 信息技术产品安全可控评价指标(第1-5部分)(征求意见稿)》)

May 2017

Guidance for Emergency Management of Information Security Incidents in the Industrial Control System (《工业控制系统信息安全事件应急管理工作指南》)

31 May 2017

May 2017

Interpretations of the Supreme People's Court and the Supreme People's Procuratorate on Several Issues concerning the Application of Law in the Handling of Criminal Cases Involving Infringement of Citizens' Personal Information (《最高人民法院、最高人民检察院关于办理侵犯公民个人信息刑事案件适用法律若干问题的解释》)

8 May 2017

May 2017

Security Assessment Measures regarding the Export of Personal Information and Important Data (Exposure Draft) (《个人信息和重要数据出境安全评估办法(征求意见稿)》)

June 2017

Cybersecurity Law (《网络安全法》)

1 June 2017

June 2017

Measures on Security Examination of Network Products and Network Services (Trial) (《网络产品和服务安全审查办法(试行)》)

1 June 2017

June 2017

Announcement on the Promulgation of the Catalogue of Key Network Equipment and Specific Cybersecurity Products (Batch One) (关于发布《网络关键设备和网络安全专用产品目录(第一批)》的公告)

1 June 2017

June 2017

Provisions on the Administrative Law Enforcement Procedures for Management of Internet Information Content (《互联网信息内容管理行政执法程序规定》)

1 June 2017

June 2017

Administrative Regulations on Internet News Information Services (《互联网新闻信息服务管理规定》)

1 June 2017

June 2017

Implementing Rules for the Administration of the Licensing for Internet News Information Services (《互联网新闻信息服务许可管理实施细则》)

1 June 2017

June 2017

State Cybersecurity Incidents Emergency Response Plan (《国家网络安全事件应急预案》)

27 June 2017

July 2017

Tech company in Shantou City of Guangdong was warned for failure to fulfil cybersecurity stratified protection obligations

20 July 2017

July 2017

Website Operator in Sichuan was fined for the failure to fulfil cybersecurity protection obligations

August 2017

Enforcement Action taken against a company found to have published users’ information without authenticating users’ identities

10 August 2017

August 2017

Job search site warned for failure to fulfil security management obligations

11 August 2017

August 2017

Regulations on Protection of Critical Information Infrastructure (Exposure Draft) (《关键信息基础设施安全保护条例(征求意见稿)》)

August 2017

Information Security Technology - Guidance for Security Inspection and Evaluation of Critical Information Infrastructure (Exposure Draft) (《信息安全技术 关键信息基础设施安全检查评估指南(征求意见稿)》)

August 2017

Information Security Technology - Indicator System of Critical Information Infrastructure Security Assurance (Exposure Draft) (《信息安全技术 关键信息基础设施安全保障评价指标体系(征求意见稿)》)

August 2017

Information Security Technology - Guidance for De-Identifying Personal Information (Exposure Draft) (《信息安全技术 个人信息去标识化指南》(征求意见稿)》)

September 2017

Substantial fines imposed on Chinese technology giants for allowing users to post forbidden materials on their websites

26 September 2017

October 2017

General Rules of Civil Law (《民法总则》)

1 October 2017

October 2017

Administrative Regulations on the Administration of Internet Comments Posting Services (《互联网跟帖评论服务管理规定》)

1 October 2017

October 2017

Administrative Regulations on Internet Forum and Community Services (《互联网论坛社区服务管理规定》)

1 October 2017

October 2017

Criminal Law (as amended) (《刑法》修正案)

4 October 2017

October 2017

Administrative Regulations on the Administration of Information Services Provided through Chat Groups on the Internet (《互联网群组信息服务管理规定》)

8 October 2017

October 2017

Administrative Regulations on the Administration of Internet User Public Account Information Services (《互联网用户公众账号信息服务管理规定》)

8 October 2017

October 2017

Information Security Technology - Guidance for Cross-Border Data Transfer Security Assessment (Exposure Draft) (《信息安全技术 数据出境安全评估指南(征求意见稿)》)

November 2017

Contingency Plan for Emergency Cybersecurity Incidents of the Public Internet (《公共互联网网络安全突发事件应急预案》)

14 November 2017

November 2017

E-commerce Law (《电子商务法(草案)》)

December 2017

Administrative Regulations on Evaluating the Safety of New Technologies and Applications for Internet News Information Services (《互联网新闻信息服务新技术新应用安全评估管理规定》)

1 December 2017

December 2017

Administrative Measures for Content Management Practitioners in Entities Offering Internet News Information Services (《互联网新闻信息服务单位内容管理从业人员管理办法》)

1 December 2017

January 2018

Circular of the Ministry of Industry and Information Technology on Regulating the Use of Domain Names for Internet Information Services (《工业和信息化部关于规范互联网信息服务使用域名的通知》)

1 January 2018

January 2018

Information Security Technology - Guidance for Classification of Cybersecurity Protection (Exposure Draft) (《信息安全技术 网络安全等级保护定级指南(征求意见稿)》)

January 2018

Information Security Technology - Risk Assessment Specification for Information Security (Exposure Draft) (《信息安全技术 信息安全风险评估规范(征求意见稿)》)

January 2018

Company warned for permitting access to users’ personal information without express consent

6 January 2018

January 2018

Enforcement action taken in respect of two corporates for incorrect use of country names

10 and 12 January 2018

January 2018

Company reprimanded for permitting unauthorised access to users’ sensitive financial information

11 January 2018

March 2018

Administrative Regulations on Information Services on Microblogs (《微博客信息服务管理规定》)

20 March 2018

April 2018

Notice on Further Management on Network Access Service (《关于深入推进互联网网络接入服务市场清理规范工作的通知》)

28 April 2018

May 2018

Enforcement action taken against a public page on a social media platform for permitting publication of illegal content by its users

12 May 2018

May 2018

Various Guidelines relating to Security and Technical Requirements

July 2018

Information Technology - Security Techniques - Information Security Incident Management - Part 1: Principles of Incident Management (GB/T 20985.1-2017 《信息技术 安全技术 信息安全事件管理 第1部分:事件管理原理》)

1 July 2018

July 2018

Information Technology - Security Techniques - Information Security Management Systems—Overview and Vocabulary (GB/T 29246-2017《信息技术 安全技术 信息安全管理体系 概述和词汇》)

1 July 2018

For further information contact:


Jack Cai
Partner
jackcai@eversheds-sutherland.com
+86 21 6137 1007

Michael Bahar
Partner
michaelbahar@eversheds-sutherland.com
+1 202 383 0882

Jennifer Van Dale
Partner
jennifervandale@eversheds-sutherland.com
+852 2186 4945

Joanne Finch
Registered Foreign Lawyer (England & Wales)
joannefinch@eversheds-sutherland.com
+852 2186 4919

Sarina Keung
Associate
sarinakeung@eversheds-sutherland.com
+852 2186 4943
Share on LinkedIn Share on Twitter  

Share: