Home >  Top News > 

China issues regulation on IT infrastructure security

Sci-Tech

Chinese Premier Li Keqiang has signed a State Council decree to publish an administrative regulation on major IT infrastructure security.

XinhuaUpdated:  August 18, 2021

Chinese Premier Li Keqiang has signed a State Council decree to publish an administrative regulation on major IT infrastructure security.

The regulation was issued as the country's major IT infrastructure faces severe security challenges, including frequent cyberattacks, according to a State Council statement on Tuesday.

The regulation, which will take effect on Sept. 1, defines what can be identified as major IT infrastructure projects, and clarifies the liabilities of operators concerning the security of these projects and the penalties for offenders.

Major IT infrastructure projects are IT network facilities and information systems of major industries and in key areas, according to the regulation.

The state cyberspace administration will take charge of coordination, the public security department will provide supervision, and the state telecom regulator and other relevant departments will be responsible for the security control of major IT infrastructure projects under their watch.

Operators of major IT infrastructure projects bear the primary responsibility of maintaining the integrity, confidentiality and availability of relevant data, according to the regulation.

It stipulates requirements for these operators to ensure cybersecurity, including conducting security checks and risk assessments every year and prioritizing safe and creditable internet products and services in procurement.

Personal information and important data collected and produced by the operators during their operations within the Chinese mainland should be stored in the mainland, said the regulation, adding that security assessments will be necessary for business needs of providing such data overseas.

Operators of major IT infrastructure projects and the relevant regulatory agencies will face administrative and criminal punishment if they fail in their duties, according to the regulation.

Organizations and individuals that compromise the security of such infrastructure will also receive legal penalties, per the regulation.