On August 17, 2021, China released the new regulations on the Security and Protection of Critical Information Infrastructure (CII Regulations), which became effective on September 1, 2021. Even though China started its protection of Critical Information Infrastructure (CII) as early as 2016, when it released the Cybersecurity Law of the People’s Republic of China (CSL), there is no clear guidance on the identification of CII and its operators. The new CII Regulations provide general guidance on formulating CII identification rules by competent regulatory authorities in relevant important sectors. In addition, the CII Regulations provide more specific rules on the protection of CII to implement the requirements in the CSL. This update discusses the highlights of the CII Regulations.

Click here to read the full update.