Implementation of the Cyber Security Law through the Multi Level Protection Scheme (MLPS 2.0) is mandatory for all companies established in China. Because implementation has been slow, the government has now stepped up cybersecurity monitoring and is urging companies to fulfill their MLPS obligations.
The authorities are particularly targeting the industrially strong regions, where many foreign companies are also based. For example, the Ministry of Industry and Information Technology (MIIT) announced in January 2021 that 15 provinces and municipalities (including Tianjin, Jilin, Shanghai, Jiangsu, Zhejiang, Anhui, Fujian, Shandong, Henan, Hunan, Guangdong, Guangxi, Chongqing, Sichuan, Xinjiang) have been asked to carry out cybersecurity classification and rating projects for industrial enterprises.
The relevant departments select key industries and key enterprises based on the local situation to define the MLPS 2.0 compliance obligations in accordance with the requirements of the Cybersecurity Law and the Guide on the Classification and Grading of Network Security of Industrial Internet Enterprises.
In addition, the Cyberspace Administration of China announced in March 2021 that regulators had summoned 11 Chinese technology companies (including Alibaba, Tencent, Xiaomi, and ByteDance) for talks on deep fakes and cybersecurity. The reason: these companies’ voice software has not yet undergone security assessment procedures.
We expect the Chinese government to further strengthen cybersecurity inspections and recommend that companies quickly set up projects to implement MLPS 2.0 and have their information systems certified – before the authorities start ringing the doorbell.