Cybersecurity Law: Company Inspections by the Chinese Police

With a new regulation on the Cybersecurity Law enforcement, China enables the state police, Public Security Bureaus (PSB), to inspect companies in regard to their cybersecurity compliance. The regulation comes into force on November 1, 2018 and aims at Internet providers and “network using companies”. The definition of network using companies however is extremely vague and gives PSB strong power to gain insight into companies’ most sensitive data.

According to the “Regulation on the Cybersecurity Supervision and Inspection by Public Security Authorities” the PSB can scrutinize the duties imposed on companies in the Cybersecurity Law. Subjects of inspection are, for example, the appointment of a data protection officer, the implementation of appropriate technical measures for data protection or the existence of illegal trade in data. The inspection can be conducted in person or remotely (i.e. via the Internet).

During inspections, the PSB is allowed to enter a company’s buildings, conserve documents and also interview executives. Remote inspections need to be announced by the PSB in advance. However, the regulation does not say how long in advance. If a company refuses to cooperate, the PSB can impose penalties and fines.

The new regulation is another step towards more clarification of last year’s Cybersecurity Law. However, it does not introduce new obligations but only codifies the process of inspection. Because Chinese legislation now uses the term “network using entities” instead of the former “network operators” (Cybersecurity Law), it is expected that almost any company will fall under the regulation – and thus can be subject of inspections.

Once again, China finds a way to enlarge its access to data. Especially Western companies should be alarmed by the new regulation and prepare for possible inspections. We recommend companies with subsidiaries in China to prove and strengthen their compliance and cybersecurity measures.

External link to the full regulation (English)

Source: Ministry of Public Security (PRC), Picture: Intermediate People’s Court Huainan

One thought on “Cybersecurity Law: Company Inspections by the Chinese Police

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s