China's Evolving Cybersecurity Law China’s evolving Cybersecurity Law and what companies should know before operating in mainland ChinaIn 2017 China’s Cybersecurity Law went into effect, marking an important milestone in China’s efforts to create strict guidelines on cyber governance. Over the past five years, numerous updates to the regulations and interpretations have been released making it increasingly difficult for organisations to ensure compliance with the China’s cyber law.Furthermore, due to ambiguous requirements and broadly defined terminology, some enterprises are concerned about the law’s potential impact on their operations in China, while others worry that it will create trade barriers to foreign companies in the Chinese market.On demand webinarChina's Evolving Cybersecurity Law: What Companies Should KnowDuration: 1 hourListen now Given these complexities, we have developed a Point of View (POV) series highlighting specific areas of the Cybersecurity Law that have the biggest impact and implications for multinational corporations conducting business within mainland China.We first present a high-level overview of the law and recent updates to the regulations, and then to give greater insight we dive into the following sections:Personal Information Protection Law (PIPL)Multi-Level Protection Scheme (MLPS)Critical Information Infrastructure (CII)Cross-Border Data Transfer Download the POVs below which delve deeper into each of these sections. Interpretations of the Updates to China’s Cybersecurity Law All companies incorporated within Mainland China are required to abide by the Cybersecurity Law of The People's Republic of China (PRC), which went into effect 1 June 2017. Given the complex business relationships within the international market, the Cybersecurity Law will continue to have important political, economic, and technical implications for both domestic and multinational corporations. Read more China’s Cybersecurity Law: Personal Information Protection Law (PIPL) Overview As part of our series providing insights into the Cybersecurity Law of the People’s Republic of China (PRC), this Point of View (POV) highlights a key area pertaining to personal information protection. Personal information is defined as information that can be used individually or in combination with other information to identify a person. Read more China's Cybersecurity Law: Multi-Level Protection Scheme (MLPS) In part one of our Point of View (POV) series Interpretations of the updates to China’s Cybersecurity Law, we highlighted the updated legal requirements that impact organisations looking to do business in mainland China. One of these is the Multi-Level Protection Scheme (MLPS), an administrative requirement found in Article 21 of the Cybersecurity Law. Read more China's Cybersecurity Law: Cross-Border Data Transfer As part of our series providing insights into the Cybersecurity Law of the People’s Republic of China (PRC), this fifth installment focuses on the cross-border transfer of data — or data localisation — that is outlined in Article 37. Read more China's Cybersecurity Law: Critical Information Infrastructure (CII) As part of our series providing insights into the Cybersecurity Law of the People’s Republic of China (PRC), this fourth installment focuses on the requirements in Section Two, Chapter Three, pertaining to Critical Information Infrastructure (CII) operators. Read more How Protiviti can help Protiviti aids businesses in ensuring that their IT services meet legal requirements and regulatory rules on both national and industry-specific levels. With a team of IT security professionals, compliance experts, auditors, and other professionals, Protiviti keeps track of evolving regulations based on industry innovations, environmental trends, and emerging risks.Protiviti security and privacy services will evaluate your current compliance according to relevant legal requirements and regulatory rules and develop technical solutions that correspond with your current technology, procedures, and resources competency. We will close gaps in your IT technology and processes in line with your budget plan, as well as prevent disruptions to normal IT and business operations from compliance activities. Topics Cybersecurity and Privacy IT Management, Applications and Transformation Digital Transformation Industries Healthcare Manufacturing and Distribution Technology, Media and Telecommunications Financial Services Energy and Utilities Consumer Products and Services Leadership Michael Pang Michael is a managing director with over 20 years’ experience. He is the IT consulting practice leader for Protiviti Hong Kong and Mainland China. His experience covers cybersecurity, data privacy protection, IT strategy, IT organisation transformation, IT risk, post ... Learn More Alan Wong Alan is a director at Protiviti Hong Kong with over 21 years of experience in IT and security solutions and project management. He specialises in IT governance, risk assessment, regulatory compliance, and cybersecurity assessment and consulting. He also has an extensive ... Learn More