The Ministry of Industry and information Technology (“MIIT”) issued the Circular on Checking Cybersecurity in the Telecommunications and Internet Industries for 2018 (“Circular”) on 13 August 2018.
The Circular focuses on regulating the construction and operations of the internet and the systems of basic telecom enterprises, internet enterprises and domain name management enterprises. The regulations mainly focus on whether these enterprises have implemented various cybersecurity laws and various standards of cybersecurity protection; and whether they have existing cybersecurity risks.
The Circular provides that basic telecom enterprises and domain name management enterprises should carry out a self-assessment, record and correct any issues they spot. They must also file their self-assessment and rectification reports to the competent authorities by 31 September 2018. The competent authorities may also conduct random inspections themselves or use professional technical institutions to do so.
Please click here to read the full text (Chinese only) of the Circular.
PBoC issues the circular on strengthening the regulation of cross-border financial networks and information services
The People's Bank of China (“PBoC”) issued the Circular on Strengthening the Regulation of Cross-Border Financial Networks and Information Services (“Circular”) on 27 July 2018. The Circular focuses on regulating cross-border financial networks and information services rendered by oversea providers, such as the Society for Worldwide Interbank Financial Telecommunications (“SWIFT”).
Under the Circular, overseas providers should report various items of required information in writing, such as their certifications, qualifications, security protection methods and risk management mechanisms. When any urgent or abnormal matters occur, overseas providers must assist domestic users to solve these problems and report them to the PBoC on time. In addition, overseas providers are restricted from establishing any dedicated financial networks in China to provide financial information transmission services.
A domestic user who intends to choose a service rendered by an overseas provider should report it to the competent authorities in writing in advance, and take all the necessary technical measures. If any urgent or abnormal matters occur, they should report it to the competent authorities on time.
Please click here to read the full text (Chinese only) of the Circular.
MIIT issues the action plan for fully rectifying nuisance calls
The MIIT and other 13 authorities jointly issued the Action Plan for Fully Rectifying Nuisance Calls (“Action Plan”) on 30 July 2018.
The Action Plan requires that basic telecom enterprises should strictly review the profiles and qualifications of users that occupy the circuits and numberings resources. They must not provide access to these resources to any illegal operations or operations that go beyond the scope agreed.
Basic telecom enterprises should enhance their technical capability to identify and prevent fake numbers from making calls. Internet enterprises should cut off and clear out all harassment software and applications. Mobile terminal manufacturers and other related enterprises should help end users to mark and alert nuisance numbers.
The Action Plan also targets illegal telemarketing of financial products, real estate, medical institutions and health food, human resources and tourism. Business owners and call centres must not send illegal or spam marketing information to end users. They should obtain consents from end users prior to outbound telemarketing and must not disrupt the normal life of end users. If an end user has explicitly refused to receive any telemarketing, they may not continue to harass the end user.
Please click here to read the full text (Chinese only) of the Action Plan.
MIIT publishes the implementing guide to prompting enterprises to become cloud-based (2018-2020)
The MIIT published the Implementing Guide to Prompting Enterprises to Become Cloud-Based 2018-2020 (“Guide”) on 10 August 2018. The Guide is voluntary rather than compulsory and it aims to prompt various enterprises to become cloud-based.
Under the Guide, large enterprises may establish private clouds, while SMEs may utilise public clouds. Prior to actually implementing a cloud-based plan, all enterprises should evaluate their businesses to ensure that they establish suitable steps and procedures for becoming cloud-based. During the test period, enterprises may carry out simulations to improve their cloud-based plans. When they successfully achieve their cloud-based goal, they may supervise the performance of the cloud platform.
Cloud service providers should improve their professional proficiencies to ensure the efficiency, safety and stability of cloud services. They may closely co-operate with related entities to provide counsel or customized plans to enterprises. They may also establish exhibition centres to demonstrate the functions of the cloud, which may in return enhance the recognition and application of the cloud.
The competent authorities may establish cloud-based expert counsel committees, cloud public service platforms or utilise insurance mechanism to support enterprises to become cloud-based. They may also establish cloud security protection standards and urge cloud service providers to ensure the safety of users' information and trade secrets.
Please click here to read the full text (Chinese only) of the Guide.
SIPO issues the work plan for "Internet plus" intellectual property protection
The State Intellectual Property Office (“SIPO”) issued the work plan for “Internet plus” Intellectual Property Protection (“Work Plan”) on 3 August 2018.
Under the Work Plan, the first step is to establish a technical support system. The technical system should include IP rights information databases and an IP rights intelligent detection system. Both IP rights holders and the competent authorities should be able to initiate research of IP infringements and counterfeits. All suspect information should be shared to the IP rights holders and the competent authorities.
The Work Plan requires establishing interactions between intelligent detection and manual detection systems. In addition, China may utilise overseas IP rights databases and cooperate with overseas IP rights enforcement authorities to regulate potential IP rights issues outside China’s territory.
Please click here to read the full text (Chinese only) of the Work Plan.
Social Media cookies collect information about you sharing information from our website via social media tools, or analytics to understand your browsing between social media tools or our Social Media campaigns and our own websites. We do this to optimise the mix of channels to provide you with our content. Details concerning the tools in use are in our privacy policy.