China: Closed consultation on Measures for the Management of Cybersecurity Incident Reporting

On 7 January 2024, the Cyberspace Administration of China closed its consultation on the Measures for the Management of Cybersecurity Incident Reporting, as foreseen in the Cybersecurity Law of the People's Republic of China. The Measures apply to network operators and service providers operating in China, and they establish reporting timelines ranging from 1 hour to 24 hours depending on the severity of the incident and the nature and target of the incident. Furthermore, the Measures include disclosure content requirements for three types of incidents, namely relatively large, major, or particularly major, with an attached document detailing the thresholds for each kind of incident.