On 13 December 2021, the consultation for the Draft Regulations on the Administration of Network Data Security closed. The draft in question is intended to implement and to further specify the details of the (i) Cybersecurity Law, (ii) Data Security Law and the (iii) Personal Information Protection Law (PIPL). As the draft provides, companies shall improve their data security management systems (Art. 6). Moreover, carrying out the activities listed under article 13 of the draft, data processors shall apply for cybersecurity review in accordance with the relevant regulations (Art. 13).
Original source