CAE in Media


China ramps up cybersecurity regulations

  • Published: Aug 20, 2021
  • Source: China Daily
  • Font size: BigMediumSmall


BEIJING - With the latest moves to strengthen IT infrastructure security and cyberspace regulations, China is ramping up efforts in protecting the country's cybersecurity.

China on Tuesday published an administrative regulation on major IT infrastructure security, which will take effect on Sept 1.

The regulation stipulates that key IT infrastructure projects, which refer to IT network facilities and information systems of major industries in key areas, will come under the country's special protection.

Measures including monitoring, defense, and proper handling of cybersecurity risks and threats from both home and overseas will be carried out so as to ensure that relevant facilities are protected from attacks, intrusions, interference and sabotage.

The regulation came as the country's major IT infrastructure faces severe security challenges including frequent cyberattacks, according to a State Council statement.

The regulation also called on operators of major IT infrastructure projects to bear their primary responsibility of maintaining the integrity, confidentiality and availability of relevant data.

Requirements for these operators include conducting security checks and risk assessments every year, and prioritizing safe and creditable internet products and services in procurement.

Personal information and important data collected and produced by the operators during their operations within the Chinese mainland should be stored in the mainland, the regulation said, adding that security assessments will be necessary for business needs of providing such data overseas.

China's cyberspace authority last month solicited public opinion for a draft revision to the country's cybersecurity review regulations.

According to the draft revision, information infrastructure and data operators that possess over 1 million items of personal information shall be subject to cybersecurity review before seeking a listing abroad.

Risks such as critical information infrastructure, core data, important data, or a large amount of personal information being influenced, controlled, or maliciously used by foreign governments after going public overseas will be evaluated in the review.

Last month, authorities launched an on-site cybersecurity review by a joint team of regulators on the ride-hailing company DiDi Chuxing.

Observers believe that efforts to balance development and security have become a major issue facing the country's digital and internet industries.

The cybersecurity-related industry in China reached 170.2 billion yuan ($26.2 billion) in scale in 2020, according to the latest report issued at this year's China Internet Conference.

Wu Hequan, an academician with the Chinese Academy of Engineering, believes that the latest moves highlight strengthened governance in cyberspace. He, however, stressed that regulation does not mean discarding development. "It is about attaching equal importance to both sides."

Strengthened governance will provide a healthier environment for the development of the internet sector, Wu said, calling for greater emphasis on national security and protection of users' rights in the process.