Notwithstanding a lengthy consultation process that commenced in July 2015 when the first draft was published, the PRC Cybersecurity Law (CSL) suffers from significant gaps and ambiguities in practical implementation. Many commentators expected these shortcomings to be addressed through implementing rules issued before the CSL came into effect. The enforcement of many of its key provisions, such as the data localization requirement under Article 37 and the security review requirement under Article 35, depend on implementing measures. Yet, between November 1, 2016, when the CSL was promulgated, and June 1, 2017, when it entered into effect, mostly only draft measures addressing limited questions were issued.
This premium content is reserved for
China Law & Practice Subscribers.
For enterprise-wide or corporate enquiries, please contact our experienced Sales Professionals at +44 (0)203 868 7546 or [email protected].