Key Points Arising from China's Regulations on CII Protection

September 03, 2021 | BY

Susan Mok

Casper Sek of Jin Mao Partners highlights the requirements of the Regulations on CII Protection from the perspective of compliance practices for companies operating in China and discusses what is a critical information infrastructure and critical information infrastructure operator, the regulators involved and compliance under the new regulations

Share:

 

Summary

  • The promulgation of this regulation means that there is clear implementation and rules for enhanced protection of critical information infrastructures
  • Whether certain network facilities and information systems constitute a CII will be identified by the Protection Departments
  • The list of CIIs and CIIOs is treated as confidential information because the CIIs are the key protection objects of cybersecurity
  • CIIOs in China should comply with annual cybersecurity assessment, data localization and overseas data transfer requirements