This site would like to set some non-essential temporary cookies. Some cookies we use are essential to make our site work.
Others such as Google Analytics help us to improve the site or provide additional but non-essential features to you.
No behavioural or tracking cookies are used.
To change your consent settings, read about the cookies we set and your privacy, please see our Privacy Policy

Data Protection Leader
Back to Contents

Volume: 14 Issue: 7
(July 2017)

data localisation data transfer critical infrastructure data security


China: CII scope "uncertain" under draft regulations

The Cyberspace Administration of China (‘CAC’) published, on 10 July 2017, draft regulations on security requirements pertaining to critical information infrastructure (‘CII’) (‘the Draft Regulations’) for consultation. The Draft Regulations are the latest CAC rules aimed at implementing the Cybersecurity Law 2016 (‘the CSL’), which entered into force on 1 June 2017. Inter alia, the Draft Regulations expand on and clarify a number of definitions and requirements regarding CII introduced by the CSL.

“A persistent point of uncertainty in coming to grips with what may be required under the CSL has been that there is a degree of vagueness in the definition of CII,” said Manuel E. Maisog, Partner at Hunton & Williams LLP. “The Draft Regulations appear at first to provide more detail as to just what this constitutes. However, the real determination of the infrastructure that falls within its scope still turns upon whether the destruction, loss of functionality, or leakage of data from the infrastructure would have an impact on matters of macroeconomic or national well-being, such as national security, the national economy and the public interest. The authorities are to publish handbooks that will provide guidance about how to identify CII. The various ministries or industry regulators are then to undertake actual identifications of CII within their fields. This postpones final certainty over the application of the term to a future date.”

The Draft Regulations are open for public comment until 10 August 2017. 

Search Publication Archives

Our publication archives contain all of our articles, dating back to 2004.
Can’t find what you are looking for?
Try an Advanced Search

Log in to data protection leader
Subscribe to data protection leader
Register for a Free Trial to data protection leader
data protection leader Pricing

Social Media

Follow data protection leader on TwitterView data protection leader LinkedIn Profiledata protection leader RSS Feed