China: Adopted interim measures for data security management of accounting firms including cybersecurity measures

On 10 May 2024, the Ministry of Finance and the Cyberspace Administration of China (CAC) adopted the Interim Measures for Data Security Management of Accounting Firms. The interim measures establish data security obligations for accounting firms that provide auditing services for certain categories of companies, such as critical information infrastructure operators, large network platform operators, and domestic enterprises that are to be listed abroad. Specifically, the interim measures establish data security obligations for accounting firms, including requiring a data security lifecycle, organisational structure, classification system, and the implementation of appropriate storage, security, and logging measures. Further, accounting firms must establish a backup system, appropriate technical measures, and emergency response and monitoring mechanisms. The interim measures enter into force on 1 October 2024.