A Brief Introduction to China’s Cybersecurity Law
China’s Cybersecurity Law (the “CSL”) was approved in November 2016, and took effect on June 1st, 2017. Being the first legislation devoted to cyberspace, this legislation governs the establishment, operation, maintenance and use of cyber networks within China and the supervision and management of cybersecurity. The Cyber Administration of China (CAC) is the principal governmental authority supervising and administering the CSL and cybersecurity regime. In conjunction with the CSL, CAC recently published a series of supplementary implementation measures, including the Measures for the Security Review of Network Products and Services (Provisional) (the “Security Review Measures”), Public Opinion Draft of the Measures for Evaluating the Security of Transferring Personal Information and Important Data Overseas (the “Draft Data Transfer Measures”), the Measures on Administrative Law Enforcement Procedures for Internet Information Content Management, as well as some rules governing internet news information services (collectively the “Implementation Measures”). Most of the Implementation Measures are set to come into force with the CSL on June 1st, 2017, but further measures will be forthcoming. Despite the uncertainties and ambiguities of certain key terms and clauses, the changes that the CSL brings to China’s cybersecurity landscape will definitely be beyond all expectations. Companies potentially affected by the CSL should keep a close eye on issuance of related guidelines, implementation rules, and the further development in China’s cybersecurity regime.