China Justice Observer


EnglishArabicChinese (Simplified)Chinese (Traditional)DutchFrenchGermanItalianJapaneseKoreanPortugueseRussianSpanishSwedishHebrewIndonesianVietnameseThaiTurkishMalay

China Issues Security Protection Regulations on Critical Information Infrastructure

Wed, 15 Sep 2021
Categories: China Legal News

On 17 Aug. 2021, the State Council promulgated the “Security Protection Regulations on Critical Information Infrastructure (hereinafter “the Regulations”,关键信息基础设施安全保护条例), which entered into force on 1 Sept. 2021.

There are 51 articles in six chapters. The Regulations provides for the identification of critical information infrastructure, the responsibilities and obligations of the critical information infrastructure operators, the guarantee and promotion of the critical information infrastructure, and the relevant legal liabilities.

Critical information infrastructure in the Regulations refers to the important network facilities and information systems in important industries and fields such as public communication and information services, energy, transportation, water conservancy, finance, public services, e-government services, and science and technology industry of national defense, as well as other important network facilities and information systems that may seriously endanger national security, national economy, people's livelihoods or public interests in the event of damage, malfunction or data leakage.

Pursuant to the Regulations, an operator shall establish and improve the cybersecurity protection and accountability system, and ensure the input of human, financial and material resources. The operator’s person chiefly in charge shall take overall responsibility for the security protection of critical information infrastructure, lead the security protection of critical information infrastructure and the disposal of major cybersecurity events, and organize the study on the resolution of major cybersecurity issues. Besides, an operator shall conduct cybersecurity detection and risk assessment on the critical information infrastructure by itself or an entrusted cybersecurity service provider at least once a year, promptly rectify security problems discovered, and report relevant information as required by the protection authorities. An operator who violates the Regulations may be ordered to make corrections, given a warning, imposed a fine or other administrative penalties, or may even be prosecuted for criminal liability if the act constitutes a crime.



Cover Photo by Stephen Tafra ( on Unsplash

Contributors: CJO Staff Contributors Team

Save as PDF

Related laws on China Laws Portal

You might also like

SPC Issues 2020 Typical Cases on Maritime Trial

In August 2021, China’s Supreme Court issued the “Typical Cases of National Maritime Trial in 2020” (2020年全国海事审判典型案例), which cover disputes over compensation for damages to natural resources and ecological environment, and liability for ship collision.

2021 List of Powers to be Granted and Delegated by Beijing SASAC Released

In August 2021, “List of Powers to be Granted and Delegated by State-owned Assets Supervision and Administration Commission of People's Government of Beijing Municipality (2021 Edition)” (北京市国资委授权放权清单(2021年版)) was released, which delegates or grants a total of 23 powers to the boards of directors of pilot enterprises.

China Issues New Provisions on Bond Credit Rating

In August 2021, the People's Bank of China and other four authorities jointly released the “Notice on Promoting the Healthy Development of the Credit Rating Industry in the Bond Market”(关于促进债券市场信用评级行业健康发展的通知), laying out regulations on bond credit rating.

China's Online Retail Market in First Half of 2021

In July 2021, China's Ministry of Commerce reported on the national online retail market in the first half of 2021, showing a total of CNY 6.11 trillion sales in this period, with a year-on-year increase of 23.2 %.