Smart Driving China
MERICS Briefs
MERICS China Industries
11 Minuten Lesedauer

Cybersecurity regulations + Smart driving + Logistics

1. Companies face increased scrutiny under new cybersecurity regulations 

At a glance: The regulations on Critical Information Infrastructure (CII) took effect on September 1. The State Council defines CII as important network infrastructure or IT systems that if breached or destroyed could cause harm to China’s national security, economy or public interests. The policy document lists eight specific sectors including telecommunications, energy and transportation in which CII is most likely to be found. Businesses that sell, purchase or use this infrastructure could then be considered CII operators (CIIOs), they must: 

  • Prioritize the purchase of secure and reliable network products and services
  • Conduct an annual security review and risk assessment 
  • Report cybersecurity incidents and any changes to their CII to the relevant sectoral regulators and public security authorities 
  • Establish teams to constantly monitor cybersecurity

MERICS comment: Crucially, the policy does not specify which companies will be designated as CII providers or CIIOs and only states that regulators will make that decision.