Home / Publications / New Developments on the PRC Cyber Security Law

New Developments on the PRC Cyber Security Law

China Insight - IP

It has been more than three months since the PRC Cyber Security Law (“CSL”) has taken effect on 1 June 2017.  Except for the Provisions on Examination of Network Products and Services (Trial) (“NPS Provisions”) which have come into effect on the same day as the CSL, other regulations to supplement and implement the CLS have not yet been enacted.  So far, only some supplementary regulations are available in draft versions for public consultation purposes.

On 10 July 2017, the Cyberspace Administration of China (“CAC”) issued a draft of the Regulations for Protection of Critical Information Infrastructure (“CII Regulations”) for public consultation.  Given the stringent requirements for “keeping data in China” and “national security assessments” which are initially provided under the CSL for the Critical Information Infrastructure (“CII”) and CII Operators, the draft CII Regulations which are intended to provide clarifications on the CII and CII Operators have generated a lot of attention from companies in private sectors.

Despite of the early stages, the PRC authorities have already taken initiatives to enforce the CSL towards governmental and quasi-governmental entities (i.e. those non-operational entities directly or indirectly supervised or set up by government authorities). 

The new developments are mainly in:

1. Legislative Development – Draft CII Regulations

2. Internal CII Guidelines

3. Obligations of CII Operators

4. Enforcement Initiatives

To read the details of this article, please click "read more" below.

New Developments on the PRC Cyber Security Law
Read more


Picture of Ulrike Glueck
Dr. Ulrike Glueck
Managing Partner
Picture of Sammie Hu
Sammie Hu, LL.M.