China: Adopted regulation on the Security Protection of Critical Information Infrastructure containing cybersecurity measures

The regulation on the Security Protection of Critical Information Infrastructure is adopted by the Chinese State Council on 30 July 2021. The regulation clarifies that important network facilities and information systems in key industries belong to the "critical information infrastructure" (CII). Therefore, the state adopts measures to monitor and defend the CII. The Regulation implements cyber security responsibilities (data management, reporting) for CII operators and asks them to sets up special safety management agencies to conduct security monitoring and risk assessments. Finally, the regulation indicates the punishments and sanctions for the CII operators who fail to perform their responsibilities.