China: Implemented interim measures for data security management of accounting firms including cybersecurity measures

On 1 October 2024, the Interim Measures for Data Security Management of Accounting Firms enter into force. The interim measures establish data security obligations for accounting firms that provide auditing services for certain categories of companies, such as critical information infrastructure operators, large network platform operators, and domestic enterprises that are to be listed abroad. Specifically, the interim measures establish data security obligations for accounting firms, including requiring a data security lifecycle, organisational structure, classification system, and the implementation of appropriate storage, security, and logging measures. Further, accounting firms must establish a backup system, appropriate technical measures, and emergency response and monitoring mechanisms.