Chinese Cybersecurity Law definition
China’s CyberSecurity Law (CSL), passed in 2016, is broad legislation that dictates how companies should approach security and privacy within the country. It includes strict controls around online activities and provisions around storing data locally, having joint venture partners, and in some cases registering network assets. It also has mandatory requirements around breach notification, appointing a head of cybersecurity, incident response plans, and more.
Additional provisions – known as the Regulations on Internet Security Supervision and Inspection by Public Security Organs – were passed in November 2018 and outline how the country’s main domestic security agency, the Ministry of Public Security (MPS), can conduct both onsite and remote inspection of computer networks, which are generally defined in the CSL as five or more computers connected to the internet.
Onsite inspections require at least two police officers to be present and show both identification and inspection certificates. The MPS may go into business premises, computer rooms and workplaces and “copy information related to internet safety supervision and inspection.”
Recorded Future’s analysis of the legislation says information that could be copied includes “any and all user information, technical measures for the network, and information security protection, hosting, or domain name information, as well as any content distribution the organization may be conducting.”