China Justice Observer


EnglishArabicChinese (Simplified)DutchFrenchGermanHindiItalianJapaneseKoreanPortugueseRussianSpanishSwedishHebrewIndonesianVietnameseThaiTurkishMalay

China Issues Security Protection Regulations on Critical Information Infrastructure

Wed, 15 Sep 2021
Categories: China Legal Trends

On 17 Aug. 2021, the State Council promulgated the “Security Protection Regulations on Critical Information Infrastructure (hereinafter “the Regulations”,关键信息基础设施安全保护条例), which entered into force on 1 Sept. 2021.

There are 51 articles in six chapters. The Regulations provides for the identification of critical information infrastructure, the responsibilities and obligations of the critical information infrastructure operators, the guarantee and promotion of the critical information infrastructure, and the relevant legal liabilities.

Critical information infrastructure in the Regulations refers to the important network facilities and information systems in important industries and fields such as public communication and information services, energy, transportation, water conservancy, finance, public services, e-government services, and science and technology industry of national defense, as well as other important network facilities and information systems that may seriously endanger national security, national economy, people's livelihoods or public interests in the event of damage, malfunction or data leakage.

Pursuant to the Regulations, an operator shall establish and improve the cybersecurity protection and accountability system, and ensure the input of human, financial and material resources. The operator’s person chiefly in charge shall take overall responsibility for the security protection of critical information infrastructure, lead the security protection of critical information infrastructure and the disposal of major cybersecurity events, and organize the study on the resolution of major cybersecurity issues. Besides, an operator shall conduct cybersecurity detection and risk assessment on the critical information infrastructure by itself or an entrusted cybersecurity service provider at least once a year, promptly rectify security problems discovered, and report relevant information as required by the protection authorities. An operator who violates the Regulations may be ordered to make corrections, given a warning, imposed a fine or other administrative penalties, or may even be prosecuted for criminal liability if the act constitutes a crime.



Cover Photo by Stephen Tafra ( on Unsplash

Contributors: CJO Staff Contributors Team

Save as PDF

Related laws on China Laws Portal

You might also like

SPC Publishes Typical Cases on Public Security Crimes

In April 2024, China's Supreme People's Court (SPC) released five typical cases illustrating crimes against public security, emphasizing clarifications on trial criteria and sentencing principles, featuring a case involving serious injuries from objects thrown off a high-rise building.

Beijing Court Upholds Workers' Right to Offline Rest

The Beijing No. 3 Intermediate People's Court ruled that workers are entitled to overtime pay for “invisible overtime work” conducted via social media outside of working hours, protecting their right to “offline rest”.

China Revises State Secrets Protection Law

China’s national legislature, the National People’s Congress, revised the State Secrets Protection Law to enhance information classification, secrecy in technological innovation, and precise protection of state secrets, effective May 1, 2024.