Financial Crime World

Here is the article in markdown format:

China Strengthens Cybersecurity Requirements for Cloud Computing Infrastructures

Beijing, [Date] - The Chinese government has introduced new cybersecurity requirements for cloud computing infrastructures, which must be hosted on a server located within the territory of China. The enhanced standards, known as MLPS 2.0, aim to strengthen protection of personal information and proactively defend against cyber attacks and data incidents.

New Regulations

According to the new regulations, network operators must:

  • Set up and implement policies and protection mechanisms for lawful and proper collection and processing of personal information throughout its lifecycle.
  • Adopt a proactive cybersecurity strategy, including monitoring, detection, early warning, and data incident notification.

These requirements are consistent with China’s legal requirements set out in the Cybersecurity Law (CSL), Data Security Law (DSL), and Personal Information Protection Law (PIPL).

Compliance Process

To achieve compliance with the new standards, companies must undergo a grading process, which involves:

  • Self-assessment
  • Consultation with qualified experts
  • Final certification by local public security authorities.

The MLPS 2.0 Baseline applies to all companies operating in China, regardless of their size or sector.

Enforcement and Consequences

In recent months, Chinese authorities have taken active enforcement actions against non-compliance, including on-site visits, inspections, and financial sanctions. In July 2022, an online driving school service provider was fined for failing to comply with MLPS requirements under the DSL.

Practical Takeaways

  • Cloud computing infrastructures must be hosted on a server located within the territory of China.
  • Companies must set up policies and protection mechanisms for lawful and proper collection and processing of personal information.
  • Network operators must adopt a proactive cybersecurity strategy, including monitoring, detection, early warning, and data incident notification.
  • Compliance with MLPS 2.0 Baseline is a legal obligation for companies whose IT systems and networks are graded at Level 2 or above.
  • Leverage the expertise of experienced legal counsel and technical advisors to achieve MLPS compliance efficiently.

Conclusion

The implementation of MLPS 2.0 standards has significant implications for businesses operating in China. Companies must prioritize compliance with these enhanced cybersecurity requirements to avoid legal exposure and financial penalties. As China’s data and cybersecurity legal regime continues to evolve, it is essential for businesses to stay up-to-date with changing regulations and enforcement trends.

Contact: Barbara Li Partner, PwC Mainland China and Hong Kong Email: barbara.li@pwc.com