On October 31, China’s National People’s Congress (NPC) began its bimonthly session to review laws, amendments and bills – including the cybersecurity draft law. The draft law was tabled for the third, and typically final, reading, will be voted on by the NPC on November 7 and is expected to pass. After passage it will be scheduled for implementation, though a date for implementation has not yet been announced.
Full text of the draft law has not yet been released, but a number of Chinese state media reports have noted some of the changes made to the law between the second and third readings (and following letters and comment submissions by AmCham Shanghai and other international business associations). According to the Deputy Director General the Law Committee, the latest revision of the cybersecurity law further defines “key information infrastructure.” It also appears that key protections will be put in place around cybersecurity in a number of industries including: public communications, energy, transportation, water conservation, financial services, public services and e-government. Reports suggest that any damage, failure and/or data leakage of key information and information infrastructure in these industries could be considered threats to national security, public welfare and the public interest.
It is expected that the State Council will provide further details on what “key information infrastructure” means and propose methods for protecting it. Additionally, the draft law will allow police and other law enforcement to take measures, including the freezing of assets, against overseas individuals or organizations that “attack, intrude, interfere with or sabotage the nation’s key information infrastructure.”
The latest revision of the law also stresses the regulation of internet crimes, most notably online fraud and the online organization and sale of materials that help to perpetrate internet crimes. The law also will likely include further detail on regulations aimed at improving the “online environment” and better developing “technical talent.” The government has also indicated that it has taken on suggestions from international companies and organizations in its review and revision to the latest draft.
AmCham Shanghai will continue to monitor the progress of the Cybersecurity draft law, and will have more information once full text of the law is available. For more information on AmCham Shanghai’s Government Relations initiatives, please click here.