- China’s cyber and data governance framework is maturing. Over the last few months of 2021, China issued key regulations on data classification and management. The most important are the Draft Administrative Measures for Network Data Security. These regulations set the groundwork for more industry-specific data rules.
- Businesses in China saw increasing enforcement of data regulations in 2020 and 2021. Enforcement of the Cybersecurity Law took off around 2020. Personal information protection (PIP) rules, on the other hand, were enforced even before the law came into effect.
- Public Security Bureaus have already started to reach out to companies to check Multi-level protection scheme (MLPS) compliance. Companies should conduct MLPS self-assessment and find an accredited external auditor to grade all information networks for official filings.
- The cost of non-compliance is high: Failing to comply with the regulations can lead to fines up to 50m RMB, business suspensions or loss of key operating licenses. China’s cyber laws also include criminal penalties, meaning the responsible personnel of a firm could be held criminally responsible for cybersecurity violations.
- Companies can get prepared for these risks and opportunities: European companies should increase HQ-to-China coordination on cyber compliance and increase policy monitoring of the still changing cyber framework. Companies can also leverage China’s data pilot zones and digital technologies for data monetization opportunities.
Sinolytics is a European consulting and analysis company that focuses on China. It advises European companies on their strategic orientation and concrete business activities in China.