< img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=2416728931804999&ev=PageView&noscript=1" />
Home > Knowledge Centre > China’s New Cyber Security Law: What It is About and How to Prepare for It

China’s New Cyber Security Law: What It is About and How to Prepare for It

By EU SME Centre | Article      06.04.2017     Tags: Information and Communication Technology (ICT)

Written by Dr Martina Gerst, Market Access Advisor, EU SME centre

Starting from 1 June 2017, China will be implementing its new Cybersecurity Law (“CSL”), a sign the Chinese government attempts to reinforce its regulations in this aspect which will impact all businesses operating in the country.

This Law is China’s first comprehensive regime on cyber security. According to the European Chamber of Commerce in China (EUCCC), it will have far-reaching implications on data storage, cross-border transfer of personal and customer data as well as business information.

The CSL defines several so-called “Key Infrastructures” or key industries that are related to “national security, national economy, citizen’s wellbeing, and public interests”, including reference to “public communication, information service, energy, transportation, finance, public service, electronic government affairs”.

Data possessed by organisations in those industries must be stored within China, as they are considered to be crucial to the national security according to the new law.

Furthermore, these key industries have to use products and services that have passed a security examination. In addition, the international transfer of information for commercial purposes will be scrutinised at the discretion of competent authorities. However, precise measures and criteria on how this will be conducted are yet not clear.

More questions remain to be answered under this new law. And before the CSL becomes effective, further implementation guidelines are expected to be published.

Before the CSL becomes effective, European companies which might fall under the category of “key industries” can start to prepare themselves and consider internal implementation measures related to data storage and protection, transmission and network security in China.

The EU SME Centre in Beijing will continue to follow on further legal developments on this issue and provide more updates for SMEs.

To contact Dr Martina Gerst, please send your enquiry via our Ask-the-Expert channel and select Standards & Conformity. 

Further reading

Share Show Search Filters