2020 has been an active year for developments in China’s cybersecurity and data protection regimes. In this e-bulletin we highlight the major regulatory and enforcement developments during the year in three key areas:
- Security protection, where continuous regulatory efforts have been made to supplement technical standards in order to progress the establishment of the multi-level protection scheme (MLPS), with the police taking a more active approach to inspecting compliance with the MLPS regime.
- Data protection, where two milestone pieces of legislation, the Personal Information Protection Law and the Data Security Law, started their progress through the legislative process, and important standards on personal information protection and risk assessment were updated or released; and
- Supply chain security, where developments have focused on establishing the regulatory framework for commercial encryption and the supply chain security of Critical Information Infrastructure.
Further details are set out here. In each case we set out a reminder of the obligations under the Cyber Security Law and provide a brief summary of the main developments during this year.