Who Is Operator of Critical Information Infrastructure?

Critical Information Infrastructure Operators (CIIOs) are a central and so far vague concept of China’s new cybersecurity and data protection system. With the regulations on critical information infrastructure protection (“the regulations”) that came into force on September 1, 2020, the government is now creating more transparency, but at the same time increasing the pressure on companies operating in China.

Whether a company is a critical information infrastructure operator is ultimately decided by the authorities on a case-by-case basis. In principle, CIIOs can belong to industries such as telecommunications and information, energy, transportation, water management, and finance, among others, but can also be “any other major network operator” that affects national security in the event of a non-function, damage, or data leak.

Foreign companies can also be identified as CIIOs by the authorities and must subsequently meet the same requirements as Chinese companies, which are specified in Article 6 of the regulations. For example, they are required to establish a security management system, screen key employees in cooperation with the authorities and police, as well as conduct regular risk assessments of their overall network security.

The strict regulations, some of which are still unclear, pose a major challenge for companies classified as CIIO operators. Coupled with other data protection laws such as the Personal Information Protection Law (PIPL), which goes into effect Nov. 1, data protection requirements are greatly increasing.

Non-compliance can result in fines of up to RMB 1 million, in addition to correction orders or confiscation of company income. Individuals in key positions may also be held liable. In addition, not only the CIIOs but also their cybersecurity service providers are liable in the event of a data leak.

Picture: Unsplash

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s