China Justice Observer

中司观察

EnglishArabicChinese (Simplified)DutchFrenchGermanHindiItalianJapaneseKoreanPortugueseRussianSpanishSwedishHebrewIndonesianVietnameseThaiTurkishMalay

China Issues Security Protection Regulations on Critical Information Infrastructure

Wed, 15 Sep 2021
Categories: China Legal Trends

On 17 Aug. 2021, the State Council promulgated the “Security Protection Regulations on Critical Information Infrastructure (hereinafter “the Regulations”,关键信息基础设施安全保护条例), which entered into force on 1 Sept. 2021.

There are 51 articles in six chapters. The Regulations provides for the identification of critical information infrastructure, the responsibilities and obligations of the critical information infrastructure operators, the guarantee and promotion of the critical information infrastructure, and the relevant legal liabilities.

Critical information infrastructure in the Regulations refers to the important network facilities and information systems in important industries and fields such as public communication and information services, energy, transportation, water conservancy, finance, public services, e-government services, and science and technology industry of national defense, as well as other important network facilities and information systems that may seriously endanger national security, national economy, people's livelihoods or public interests in the event of damage, malfunction or data leakage.

Pursuant to the Regulations, an operator shall establish and improve the cybersecurity protection and accountability system, and ensure the input of human, financial and material resources. The operator’s person chiefly in charge shall take overall responsibility for the security protection of critical information infrastructure, lead the security protection of critical information infrastructure and the disposal of major cybersecurity events, and organize the study on the resolution of major cybersecurity issues. Besides, an operator shall conduct cybersecurity detection and risk assessment on the critical information infrastructure by itself or an entrusted cybersecurity service provider at least once a year, promptly rectify security problems discovered, and report relevant information as required by the protection authorities. An operator who violates the Regulations may be ordered to make corrections, given a warning, imposed a fine or other administrative penalties, or may even be prosecuted for criminal liability if the act constitutes a crime.

 

 

Cover Photo by Stephen Tafra (https://unsplash.com/@stafra) on Unsplash

Contributors: CJO Staff Contributors Team

Save as PDF

Related laws on China Laws Portal

You might also like

SPC Regulates Online Judicial Auctions

In November 2024, China’s Supreme People’s Court (SPC) issued new guidelines to regulate online judicial auctions, emphasizing transparency in property disclosures, enhanced mechanisms for judgment debtors to self-dispose of auctioned assets, and improved supervision across all auction stages to protect parties' rights and streamline enforcement procedures.

China’s First Tribunal-Ordered Interim Measure Issued in Beijing

In October 2024, an arbitral tribunal at the Beijing Arbitration Commission (BAC/BIAC) issued an interim measure based on the applicant’s request, which was later confirmed and enforced by the court through a preservation order. This is the first of its kind in China, confirming the validity of tribunal-issued interim measures and highlighting the pro-arbitration stance of Chinese courts.

SPC Releases IP Protection Cases in Seed Industry

In October 2024, China's Supreme People's Court (SPC) released key judicial protection cases to strengthen intellectual property rights in the seed industry, focusing on plant variety and breeding material disputes.

China Defines Rules for Calculating Trademark Infringement Gains

In October 2024, the China National Intellectual Property Administration (CNIPA) and the State Administration for Market Regulation (SAMR) jointly issued the “Measures for Calculating Illegal Business Revenue in Trademark Infringement Cases”, which provide detailed operational guidelines for trademark enforcement authorities to calculate illegal business revenue.

SPC Releases Typical Cases on Tourism Disputes

In September 2024, China's Supreme People's Court (SPC) released five typical tourism dispute cases, including health rights disputes caused by wild monkey attacks in Mount Emei, to guide courts in resolving common tourism conflicts and safeguarding tourists' legitimate rights and interests.

China Regulates Network Data Security

China's newly adopted “Regulation on Network Data Security Management”, effective January 1, 2025, seeks to standardize data processing, strengthen personal information protection, and tackle issues such as data security, risk assessments, and personalized profiling.

Beijing & Shanghai Unveil Low-Altitude Economy Plans

Beijing and Shanghai have announced plans to develop the low-altitude economy, aiming to grow the industry to CNY 100 billion and CNY 50 billion respectively by 2027, with a focus on aerial rescue, logistics, and passenger transport.

SPC Releases Typical Antitrust Cases

In September 2024, China's Supreme People's Court (SPC) published eight typical cases on antitrust and unfair competition, highlighting issues like price-fixing, market dominance abuse, and deceptive practices.