Skip to main content

  • AddRemove
  • Build a Report 
In Brief

China Releases Guidelines to Strengthen Cybersecurity Standardisation

30 August 2016
Mayer Brown JSM In Brief

On 12 August 2016, the Cyberspace Administration of China (CAC), the General Administration of Quality Supervision, the Inspection and Quarantine of China (GAQSIQ), and the Standardisation Administration of China (SAC) jointly released Several Guidelines to Strengthen National Cybersecurity Standardisation (the “Guidelines”). Under the Guidelines, mandatory national standards will be introduced to regulate critical fields such as major information technology infrastructure and classified networks in an effort to harmonise the current divergent local practice.

The National Information Security Standardisation Technical Committee will be the agency solely responsible for the review, approval, and release of national cybersecurity standards. The Guidelines propose to enhance the role of cybersecurity standards in guiding industrial development by, inter alia, establishing a standard-sharing mechanism for major cybersecurity projects as well as by incorporating standard requirements into the evaluation criteria of such projects and setting up professional qualifications. The Guidelines also stress the importance of establishing essential standards such as the “Internet +” Action Plans, “Made in China 2025,” and “Action Plans for Big Data” for critical projects such as big data security and cybersecurity audits. Finally, the Guidelines call for China’s active participation in international standard-setting activities with the aim of elevating China’s influence at the international level. As a sign of commitment to this, China will selectively adopt international standards which are deemed to suit China’s own situation.

The release of the Guidelines, on the one hand, is consistent with the Chinese government’s intent to have a tighter grip over China’s Internet and networks. On the other hand, standards unification will likely improve the transparency of cybersecurity governance and the predictability of cybersecurity enforcement, a positive step as we are still waiting for the finalisation of the draft Cybersecurity Law. While the content of the national cybersecurity standards may be redolent of heavy “Chinese characteristics,” there is a glimmer of hope as China has now signalled a desire to be involved in international cybersecurity standards-setting.

Authors

  • Gabriela Kennedy
    T +852 2843 2380
  • Xiaoyan Zhang
    Counsel, (New York, USA)
    T +852 2843 2209

The Build a Report feature requires the use of cookies to function properly.  Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently.  If you do not accept cookies, this function will not work.  For more information please see our Privacy Policy

You have no pages selected. Please select pages to email then resubmit.