China Laws Portal - CJO

Find China's laws and official public documents in English

EnglishArabicChinese (Simplified)DutchFrenchGermanHindiItalianJapaneseKoreanPortugueseRussianSpanishSwedishHebrewIndonesianVietnameseThaiTurkishMalay

Regulations on Levels of Cyber Security Protection (Draft for Solicitation of Comments) (2018)

网络安全等级保护条例(征求意见稿)

Type of laws Draft

Issuing body Ministry of Public Security

Promulgating date Jun 27, 2018

Effective date Jun 27, 2018

Validity status Not yet in force

Scope of application Nationwide

Topic(s) Cybersecurity/Computer security Cyber Law/Internet Law

Editor(s) C. J. Observer

On June 27, 2018, the Ministry of Public Security based on Article 21 of the Cyber Security Law, drafted the “Regulations on Levels of Cyber Security Protection” and announced its draft for soliciting opinions from the public.

As of now, the draft has not yet become an officially promulgated law.

The core points of the draft are as follows:

(1) The network system will be divided into five security protection levels according to its importance in national security, economic construction, and social life.

The importance of the network system gradually increases from the first level to the fifth level. (Article 15)

Network systems of different levels indicate the degree to which relevant interests may be harmed in the event of a network security incident of the network system at that level, as follows:

Level 1: National security, social order and public interests will not be endangered;

Level 2: Social order and public interests will be endangered, and national security will not be endangered;

Level 3: Social order and public interests will be seriously endangered, or national security will be endangered;

Level 4: Social order and public interests will be particularly severely endangered, or national security will be severely endangered;

Level 5: National security is particularly severely endangered.

(2) The network operator shall determine the security protection level of the network during the planning and design stage, and the experts and competent authorities shall confirm its level. After the level is confirmed, the network operator should also file with the public security organ. (Articles 16, 17, 18)

(3) Network operators should perform necessary security obligations, and operators of networks above Level 3 should also perform special security protection obligations. (Articles 20 and 21)

(4) If network products and services purchased by network operators may affect national security, such products and services should undergo national security reviews organized by regulatory authorities. (Article 28)

(5) Networks above Level 3 shall be maintained within the country, and remote technical maintenance shall not be allowed overseas. (Article 29)

(6) Network operators should report network security monitoring and early warning information and network security incidents to regulatory authorities, establish important data and personal information security protection mechanisms, and formulate and exercise network security emergency plans. (Article 30, 31, 32)

For the full text in Chinese, please click the “Chn” at the top right. You can translate it with tools or in other ways as you please.
If you would like to read the full text in English provided by our team, please click Get to buy.

$440.00 Get

© 2020 Guodong Du and Meng Yu. All rights reserved. Republication or redistribution of the content, including by framing or similar means, is prohibited without the prior written consent of Guodong Du and Meng Yu.

Related Chinese articles
  1. Regulations on Levels of Cyber Security Protection (Draft for Solicitation of Comments) (2018) - Ministry of Public Security Official Website