China Releases Regulations on Network Data Security Management

                   


By CNBW Member 
CMS, China

China Releases Regulations on Network Data Security Management
On 30 September 2024, the State Council of China released the Regulations on Network Data Security Management ("Regulations"), which will come into effect on 1 January 2025.

Background
The Regulations are the first administrative-level legal instrument in China following the establishment of the basic framework of China's three fundamental laws in the field of data protection, i.e. the PRC Cybersecurity Law ('CSL'), the PRC Personal Information Protection Law ('PIPL'), and the PRC Data Security Law ('DSL'). After the release of the draft version for public comments in November 2021, following three years of anticipation, the Regulations have been finally published and will take effect on 1 January 2025.

The Regulations, overall, provide detailed stipulations of the three fundamental data laws, but many provisions have already been reflected and covered in previously issued laws, regulations, and national standards. Therefore, this article will focus on some new and key content from the perspective of company’s obligations.

Scope of application
According to Article 2 of the Regulations, the Regulations apply to network data processing activities and their safety supervision and management within the territory of China. The activities processing personal information of Chinese natural persons, as well as the processing activities that would harm China’s national security, public interests, or the lawful rights and interests of citizens or organizations, carried out outside China, are also subject to the Regulations.

Read more: here

CMS, China: CMS, China Shanghai Office