On 14 Sept. 2022, the Cyberspace Administration of China released the “Decision to Amend the Cybersecurity Law of the People’s Republic of China (Draft for Public Comment)” (關于修改〈中華人民共和國網絡安全法〉的決定(征求意見稿)).
China’s Cybersecurity Law came into effect in 2017. Thereafter, in 2021, China amended the Administrative Penalty Law, and enacted the Data Security Law and the Personal Information Protection Law successively. The amendments to the Cybersecurity Law seek to improve consistency between these new laws.
The Draft for Comment mainly makes the following revisions to the current Cybersecurity Law with respect to the legal liability system.
- The headline fine on enterprises is significantly raised from CNY 50,000 (USD 7,026) to CNY 100,000 (USD 14,052), to CNY 50 million (USD 7 million) or 5% of the previous year’s turnover.
- The scope of violations for which critical information infrastructure operators are liable is more clearly defined, including “use of non-compliant products” and “improper data export”.
- Persons who are personally liable for cybersecurity will be banned from acting as directors, supervisors, and senior managers of related enterprises or from engaging in cybersecurity management and key positions of network operation for a certain period of time.
Cover Photo by Liam Li on Unsplash
Contributors: CJO Staff Contributors Team
