On 14 Sept. 2022, the Cyberspace Administration of China released the “Decision to Amend the Cybersecurity Law of the People’s Republic of China (Draft for Public Comment)” (关于修改〈中华人民共和国网络安全法〉的决定(征求意见稿)).
China’s Cybersecurity Law came into effect in 2017. Thereafter, in 2021, China amended the Administrative Penalty Law, and enacted the Data Security Law and the Personal Information Protection Law successively. The amendments to the Cybersecurity Law seek to improve consistency between these new laws.
The Draft for Comment mainly makes the following revisions to the current Cybersecurity Law with respect to the legal liability system.
- The headline fine on enterprises is significantly raised from CNY 50,000 (USD 7,026) to CNY 100,000 (USD 14,052), to CNY 50 million (USD 7 million) or 5% of the previous year’s turnover.
- The scope of violations for which critical information infrastructure operators are liable is more clearly defined, including “use of non-compliant products” and “improper data export”.
- Persons who are personally liable for cybersecurity will be banned from acting as directors, supervisors, and senior managers of related enterprises or from engaging in cybersecurity management and key positions of network operation for a certain period of time.
Cover Photo by Liam Li on Unsplash
Contributors: CJO Staff Contributors Team
