The People’s Republic of China has passed a new cybersecurity law that is set to take effect on June 1, 2017. While the law’s stated purpose is to fight hackers and is primarily aimed at internet companies, it has potentially far-reaching consequences for companies doing business in China.
WHO IS IMPACTED?
The law primarily regulates business classified as “network operators” and imposes data security requirements on them. ”Network operators” are defined as owners or providers of any “network,” which is any system of “computers or other information terminals” that gather, store, transmit and process information. While this definition likely does not impact many businesses, the law also introduces the concept of “critical information infrastructure” (CII), and imposes additional and enhanced data security requirements on businesses that operate CII as determined by China. While not explicitly defined, CII includes any businesses operating in the communications, finance, water, power or traffic sectors. It also includes any other businesses using infrastructure that “might seriously endanger national security, national welfare and the people’s livelihood, or the public interest” if such infrastructure malfunctions, is damaged or causes data leak. Read more.