New Regulation on Network Data Security Management

Blog

The Regulation applies to domestic and international companies that engage in data processing activities within China’s territory. For entities based outside of China, the Regulation is appropriate when it processes the data of individuals and organizations in China with the aim of providing domestic products and services, analyzes and evaluates the behavior of individuals or companies in China, or processes important data* domestically.

New Regulation on Network Data Security Management

The State Council officially passed the exposure draft of the Regulations on Network Data Security Management on 30th August 2024. It has been almost two and a half years of deliberation since 2021 the Cyberspace Administration of China announced the draft, which the full text is now published and will come into effect on January 1, 2025.

To summarize, the Regulation is formulated based on the Cybersecurity Law (CSL), the Data Security Law (DSL), and the Personal Information Protection Law (PIPL) in China, and are clearer and more detailed in terms of implementation details, definition of responsibilities, normative requirements, and punitive measures, and also add some new contents to strengthen further and implement the main responsibilities of data processors, jointly protect the security of important data and personal information.

The Regulation applies to domestic and international companies that engage in data processing activities within China’s territory. For entities based outside of China, the Regulation is appropriate when it processes the data of individuals and organizations in China with the aim of providing domestic products and services, analyzes and evaluates the behavior of individuals or companies in China, or processes important data* domestically.

Important data*

Generally, it is defined as information that could pose a threat to national security, economic stability, and technological advancement, or significantly impact China’s industrial and telecommunication sectors. However, China has not yet provided any specific examples of what constitutes ‘important’ data, leading to some uncertainty over the definition and application.

The regulations, which come as part of China’s broader efforts to tighten control over its digital economy, introduce several key provisions:

  • Data Classification System

The Regulation establishes a tiered system for classifying data based on its importance and sensitivity. This system will help determine the level of protection and handling requirements for different types of data.

  • Critical Information Infrastructure

The Regulation provides clearer definitions and guidelines for what constitutes “critical information infrastructure”, expanding the scope of sectors and entities that fall under stricter data security requirements.

  • Cross-border Data Transfers

Stricter controls will be implemented to transfer certain types of data outside of China. Companies seeking to move data overseas may need to undergo security assessments and obtain government approval.

  • Data Localization Requirements

Certain categories of data deemed sensitive or critical to national security must be stored within China’s borders, reinforcing existing data localization laws.

  • Enhanced Penalties for Non-compliance

The Regulation introduces more severe penalties for data security violations, including hefty fines and potential suspension of business operations.

  • Mandatory Security Assessments

Organizations handling large volumes of personal data or operating in critical sectors will be required to conduct regular security assessments and submit reports to relevant authorities.

  • Protection of Personal Information

The Regulation strengthens protections for personal information, aligning with the Personal Information Protection Law (PIPL) that came into effect in 2021.

These new terms in the Regulation reflect China’s growing emphasis on data sovereignty and its desire to exert greater control over the digital realm. They also align with global trends towards stricter data protection measures, as seen in regulations like the European Union’s General Data Protection Regulation (GDPR).

When the Regulation is implemented, companies inside and outside China will need to carefully assess their data handling practices and make necessary adjustments to ensure compliance. Particularly for those companies managing substantial volumes of data, the new compliance requirements introduce a series of challenges that demand immediate attention. Companies will need to undertake comprehensive data security audits and implement system updates to align with the updated standards. Staff training will also be critical, as employees must be equipped with the knowledge and skills to navigate the complexities of the new regulatory landscape.

For individuals, the Regulation heralds a stronger commitment to the protection of personal data. With enhanced privacy rights, individuals will have greater control over their personal information and the ability to seek recourse in cases of data misuse or breaches. This shift is likely to foster a heightened awareness among the public regarding their rights and the measures being implemented to safeguard their data.

The global implications of these measures remain to be seen, but they undoubtedly mark a significant step in China’s evolving approach to data governance and digital sovereignty. As such, companies are encouraged to maintain open lines of communication with local cybersecurity departments and consider consulting with professional experts to ensure compliance and mitigate risks effectively.

If you are interested and have any questions, please contact us for more information.

 

Related Posts

Explore the E-Yuan in corporate scene: Discover the progress and implications for companies. Dive in now!

E-Yuan in corporate scene – July 2021 Milestone

Following on from our earlier article on the E-RMB, it is interesting to see the progress of the implementation and... read more

Guide for Overseas Personnel on Applying for Accommodation Registration

The Exit-Entry Administration of the Shanghai Public Security Bureau recently released the Guide for Overseas Personnel on Applying for Accommodation... read more

Foreign Business-People Working and Living in China - Release

Guidelines for Foreign Business-People Working and Living in China – Release

Previously on 19th March, the PRC Ministry of Commerce compiled the “Guidelines for Foreign Business People’s Work and Life in... read more

Get in touch

Please fill out the contact form with all the necessary details, and we will contact you within 24 hours to provide you with the best solutions.

Call Us

+8621 3201 0058

Mail Us

inquiry@serviceonnewgrounds.com

Follow us

Our Location

Room 702, 80 North Shaanxi Road, Jing’An district, Shanghai, China 200041

Contact us

    Please prove you are human by selecting the cup.