Cybersecurity Law of China goes into effect 1 June

The Cybersecurity Law of China goes into effect 1 June 2017. With the date fast approaching, many companies are unclear about the specific terms of the law.

The law, promulgated on 7 November 2016 by the Standing Committee of China’s National People’s Congress (NPC), increases the national government’s jurisdiction over the business of cybersecurity.

Its provisions specifically apply to what is called “Critical Information Infrastructure” (CII). CCI is defined as comprising key industries that maintain data which could pose a national security or public interest risk if damaged or lost. This includes businesses in the fields of energy, finance, transportation, telecommunications, medical and healthcare, electricity, water, gas, and social security.

In general, the Cybersecurity Law emphasises data protection, and China’s “cyberspace sovereignty,” which operates on the assumption that each country has the innate right to govern its internet environment.

Given the potentially high cost of non-compliance associated with the law, and the uncertain nature of the guidelines that the government will release, managers should review draft measures and monitor related developments to ensure that their business is prepared.

For an informative outline of the Cybersecurity Law and recommended actions, we share two informative posts with you presented via JD Supra.

UPDATE: Some follow up on the China Cybersecurity Law that went into effect 1 June.

Post curated by David Pandt, Horizons China communications manager. If you would like to talk with us about our Cybersecurity Law or other corporate advisory related items, email us at, and we’ll have a Horizons professional contact you.  

Please visit our website at