Cybersecurity Law: Fines Significantly Increased

The Cybersecurity Law (CSL), China’s first fundamental law to comprehensively regulate cybersecurity issues, is about to undergo its first revision. A key feature of the proposed amendments is a significant increase in penalties for network operators and critical infrastructure operators that fail to comply with relevant cybersecurity protection obligations. For example, the fine range for… Continue reading Cybersecurity Law: Fines Significantly Increased

Compliance Requirements for Software Development Kits (SDK)

China continues to regulate the collection of private data in apps. For example, the importance of compliance with software development kits (SDKs) has increased significantly. Since June 2021, the authorities have been cracking down on the illegal use of SDKs in apps with SDK Security Special Actions. A software development kit is a collection of… Continue reading Compliance Requirements for Software Development Kits (SDK)

Establishment of Corporate IP Compliance

In the context of building a dual circulation system and creating a unified domestic market, China is guiding all enterprises to strengthen their compliance management to prevent business risks at home and abroad, promote modernization and transformation, and improve competitiveness. The compliance system is to cover areas such as market transactions, environment, human resources, finance,… Continue reading Establishment of Corporate IP Compliance

New Data Exchanges in China

On April 10, 2022, the Chinese government announced to accelerate the construction of the unified domestic market. Part of this is to also establish a data market to promote Big Data applications and AI development, focusing on data security and control of cross-border data transfer. To be allowed to provide data outside China, data processors… Continue reading New Data Exchanges in China

Data Compliance Can Prevent Penalties

Due to the three laws in the field of data – the Cyber Security Law, the Data Security Law and the Personal Information Protection Law – companies in China must set up a complete system to comply with data protection and security regulations. A good data compliance system can avoid warnings from administrative authorities during… Continue reading Data Compliance Can Prevent Penalties

New Specifications: IT Security of Apps in China

On November 1, 2022, the national standard GB/T 41391-2022 “Information Security Technology Basic Requirements for Mobile Internet Applications (Apps) Collecting Personal Information,” published in April, will come into force. It applies to all app operators in China and is intended to regulate personal information collection activities. This standard is relevant to all companies that operate… Continue reading New Specifications: IT Security of Apps in China

App Certification in China

There are various certifications in China for protecting personal data in apps. The most important is the App Security Certification of the China Cybersecurity Review Technology and Certification Center (CCRC). It applies to apps of all service types, for example, apps developed and used in the smart home sector. However, there is one important requirement… Continue reading App Certification in China

China’s Strict IT Compliance Competes with RCEP

The world’s largest free trade agreement, the Regional Comprehensive Economic Partnership (RCEP), has been in effect since Jan. 1, 2022. It allows companies in participating countries to engage in cross-border partnerships, tariff reductions and trade simplification. Over the next 20 years, up to 90% of tariffs incurred in the zone are expected to be eliminated.… Continue reading China’s Strict IT Compliance Competes with RCEP

Legal Requirements for Vulnerability Management

For some time now, CIOs around the world have been busy fixing the Log4j2 vulnerability. From a technical perspective, there are solutions such as patches and system upgrades. However, vulnerability management is not just a technical issue in China; there are also legal requirements that companies must meet.  For example, service providers are required by… Continue reading Legal Requirements for Vulnerability Management

Measures of the Cyber Security Review

China continues to strengthen its control of operators of large Internet platforms. In addition to the regulation on the use of algorithms to influence user behavior, such as recommendation algorithms, which will come into force on March 1, 2022, the Cybersecurity Review Measures will come into force on February 15, 2022. In addition to operators… Continue reading Measures of the Cyber Security Review