China: Introduced Cybersecurity Law including cybersecurity provisions

On 24 June 2015, the Cybersecurity Law has been introduced to the Standing Committee of the National People's Congress of the People's Republic of China at the 15th Session of the Standing Committee of the 12th National People's Congress. The Bill contains extensive cybersecurity regulations for those building, operating, maintaining, and using networks, as well as rules on cybersecurity supervision by the state. The Bill introduces a multi-level protection system, obligating network operators to implement a number of security measures, such as adopting internal cybersecurity policies, technical security systems, recording cybersecurity incidents, as well as classifying, encrypting, and backing up certain types of data. Further, the Bill prohibits a number of activities endangering cybersecurity, such as illegal intrusion into the networks of other parties, disrupting the normal functioning of the networks of other parties, and stealing network data. Operators of critical information infrastructure are subject to additional cybersecurity requirements, such as conducting background checks on individuals holding critical positions, providing education and technical training, and conducting disaster recovery backups and periodic drills. When critical information infrastructure operators use products or services which may endanger national security, they can be subject to a cybersecurity review. The Bill also establishes applicable fines for violations of its provisions.