Today, China’s much anticipated Network Security Law comes into effect after two years of review, revisions over three drafts and a public commenting process. The law is a historical development for China’s legislative coverage of information security and data protections. It also represents one of the strictest approaches in any jurisdiction worldwide, and a continuation of a broader effort at demonstrating the government’s cyber-sovereignty goals through control and regulation of data and the internet.

Overview of the Network Security Law

Commonly referred to as the “Cybersecurity Law,” the new piece of legislation has a broad scope and covers a range of issues related to data privacy, security and cross-border transfers, including:

• Increasing security measures and strengthening data security through a variety of specific obligations
• Ensuring consent for collection of personal information through the principles of legality, proper justification and necessity
• Screening equipment and products for security testing and certification
• Ensuring real-name registration for users
• Strengthening requirements to cooperate with government agencies during criminal investigations or to protect national security
• Requiring personal information to be stored in China under some circumstances
• Increasing confidentiality measures for user information
• Setting up a complaint and reporting platform for network security

(more…)