Who Is Operator of Critical Information Infrastructure?

Critical Information Infrastructure Operators (CIIOs) are a central and so far vague concept of China’s new cybersecurity and data protection system. With the regulations on critical information infrastructure protection (“the regulations”) that came into force on September 1, 2020, the government is now creating more transparency, but at the same time increasing the pressure on… Continue reading Who Is Operator of Critical Information Infrastructure?

Cybersecurity Review: Didi Is Not the Last Company

In just two days, Didi, China’s largest service platform for private car ride-hailing, has gone from investor darling to the first major case of a cybersecurity review by the Chinese government against a company after a stellar IPO on Wall Street. One of the bases of this review is the Measures for Cybersecurity Review 2020,… Continue reading Cybersecurity Review: Didi Is Not the Last Company

Chinese GDPR: On the Safe Side

China has taken another step toward data protection with the release of the second draft revision of the Personal Information Protection Law (PIPL). Although not the final law, it appears that personal data protection legislation has entered the final stages, and it is believed that the PIPL will soon be formally enacted. It is not… Continue reading Chinese GDPR: On the Safe Side

The Obligation to Localize Data Affects More Companies

When it comes to data protection in China, data localization is inevitable for foreign companies. The basic requirements are currently mainly set out in the Cyber Security Law, and many service providers such as the financial sector, providers of public health information, and online cab booking services have issued their own data localization requirements. The… Continue reading The Obligation to Localize Data Affects More Companies

China Wants to Open its Cloud Services Market to EU Companies

China’s opening to European investment, the Investment Agreement between China and the EU promises, includes market access in many sectors – including cloud services and other online services. China has agreed to open its cloud services sector to EU investment up to a 50% cap. The entry into force of the CAI may thus create… Continue reading China Wants to Open its Cloud Services Market to EU Companies

The Long Arm of the Law: New Draft Law on the Protection of Personal Data

China continues to improve data protection with the Personal Information Protection Law (PIPL). The law, along with the Cyber Security Law and the Data Security Law (still in draft form), will further strengthen personal data protection and have a profound impact on companies inside and outside China.  Foreign companies need to pay particular attention to… Continue reading The Long Arm of the Law: New Draft Law on the Protection of Personal Data