China is putting pressure on the implementation of its compliance rules regarding cyber security and data protection. With immediate effect, companies that violate the legal requirements for cyber security and data protection will be recorded and disclosed in the Corporate Social Credit System (CSCS). This applies, for example, to the mandatory certification of network-connected IT systems as part of the Multi-Level Protection Scheme (MLPS 2.0), compliance with the rules on cross-border data traffic or the data protection impact assessment for the transfer of personal data through the Personal Information Security Impact Assessment (PISIA), which is mandatory for standard contracts. IP breaches will also be recorded in the CSCS in future.
The integration of cyber and data protection breaches into the Corporate Social Credit System aims to step up the enforcement of existing IT laws. Companies that have not yet adapted their compliance may face penalties – from fines to the suspension or deletion of business licenses – as well as a loss of reputation as a result of the publication. We strongly recommend that companies operating in China comply with the regulatory requirements for cyber security and data protection and bring their IT systems up to a legally compliant level.
Image>CREDITCHINA
China Intellectual Property Blog 