China’s New Cyber Security Law: What It is About and How to Prepare for It

article| 6 April 2017

Sign up and benefit from our entire range of free services

If you sign up today you’ll be able to

  • Access to tailored advice through our Ask-the-Expert tool
  • A library of over 200 publications
  • Practical business tools
  • A network of trade promotion and business support partners
  • A comprehensive database of service providers with contact information

Written by Dr Martina Gerst, Market Access Advisor, EU SME centre

Starting from 1 June 2017, China will be implementing its new Cybersecurity Law (“CSL”), a sign the Chinese government attempts to reinforce its regulations in this aspect which will impact all businesses operating in the country.

This Law is China’s first comprehensive regime on cyber security. According to the European Chamber of Commerce in China (EUCCC), it will have far-reaching implications on data storage, cross-border transfer of personal and customer data as well as business information.

The CSL defines several so-called “Key Infrastructures” or key industries that are related to “national security, national economy, citizen’s wellbeing, and public interests”, including reference to “public communication, information service, energy, transportation, finance, public service, electronic government affairs”.

Data possessed by organisations in those industries must be stored within China, as they are considered to be crucial to the national security according to the new law.

Furthermore, these key industries have to use products and services that have passed a security examination. In addition, the international transfer of information for commercial purposes will be scrutinised at the discretion of competent authorities. However, precise measures and criteria on how this will be conducted are yet not clear.

More questions remain to be answered under this new law. And before the CSL becomes effective, further implementation guidelines are expected to be published.

Before the CSL becomes effective, European companies which might fall under the category of “key industries” can start to prepare themselves and consider internal implementation measures related to data storage and protection, transmission and network security in China.

The EU SME Centre in Beijing will continue to follow on further legal developments on this issue and provide more updates for SMEs.

To contact us, please send your enquiry via our Ask-the-Expert channel and select Standards & Conformity.

Further reading

Sign up and benefit from our entire range of free services

If you sign up today you’ll be able to

  • Access to tailored advice through our Ask-the-Expert tool
  • A library of over 200 publications
  • Practical business tools
  • A network of trade promotion and business support partners
  • A comprehensive database of service providers with contact information