China: Opened consultation on Measures for the Management of Cybersecurity Incident Reporting

On 8 December 2023, the Cyberspace Administration of China published and opened a consultation until 7 January 2023 on its Measures for the Management of Cybersecurity Incident Reporting, as foreseen in the Cybersecurity Law of the People's Republic of China. The Measures apply to network operators and service providers operating in China, and they establish reporting timelines ranging from 1 hour to 24 hours depending on the severity of the incident and the nature and target of the incident. Furthermore, the Measures include disclosure content requirements for three types of incidents, namely relatively large, major, or particularly major, with an attached document detailing the thresholds for each kind of incident.