On June 7, 2018, the National Information Security Standardization Technical Committee officially issued seven national standards, including the “Information Security Technology - Specifications of Digital Certificate Format for Public Key Infrastructure”, “Information Security Technology – Specifications of Cryptograph and Related Security Technology for Certificate Authentication System” , “Information Security Technology – Specifications of Applied Interface for Cryptographic Device”, “Information Security Technology – Basic Requirements of Security Management for Industrial Control System”, “Information Security Technology – Specifications of Information Security Level for Industrial Control System”, “Information Security Technology – Implementation Guidance of Risk Assessment for Industrial Control System” , and “Information Security Technology – General Security Function Requirements of On-Site Measurement and Control Equipment for industrial control system.” The seven national standards are implemented from January 1, 2019.
On June 13, 2018, the National Information Security Standardization Technical Committee issued 24 drafts of national standards, including Technical Requirements for Mobile Internet Security Audit Products (Consultation Paper), Cybersecurity Guide for Automotive Electronic Systems (Consultation Paper), Guide to Malware Incident Prevention and Handling (Consultation Paper), Personal Information Security Impact Assessment Guidelines (Consultation Paper), Security Controls of Critical Information Infrastructure (Consultation Paper), and Cybersecurity Protection Requirements of Critical Information Infrastructure (Consultation Paper).
On July 2, 2018, the China National Certification and Accreditation Administration Committee issued the “Implementation Rules of Safety Certification of Key Network Equipment and Specific Network Security Product” in accordance with the requirements of the “Cybersecurity Law of the People’s Republic of China”, “ Regulations of the People’s Republic of China on Certification and Accreditation”, “Announcement on Implementation Requirements for Safety Certificate of Key Network Equipment and Special Network Security Products”.
On June 19, 2018, the Third Session of the 13th National People’s Congress Standing Committee reviewed the draft of the Electronic Commerce Law in groups and the safety regulations of e-commerce were highly valued. Some members believed that the protection of individual privacy rights in the draft was still relatively weak. It was necessary to further strengthen the design of the rights protection system, and it was proposed to increase special restrictions on the collection and use of user personal information by e-commerce operators.
In order to strengthen the safety management of network critical equipment and special products for network security, in accordance with the Cybersecurity Law, the Cyberspace Administration of China, together with the Ministry of Industry and Information Technology, the Ministry of Public Security, and the Certification and Accreditation Administration of China have formulated the Catalogue of Network Critical Equipment and Special Products for Network Security (The First Batch), which was issued on June 19, 2018.
On 27 June, 2018, the Ministry of Public Security of the PRC and other governmental departments have jointly drafted the Regulations on Graded Protection of Cybersecurity (Consultation Paper) and seek public opinions. The public may return the relevant opinions and recommendations through e-mail or fax prior to July 27, 2018.
On June 5, 2018, seven departments, including the Ministry of Transport (“MOT”), have jointly issued the Circular on Strengthening In-process and Ex-post Joint Regulation of the Online Ride-hailing Industry (the “Circular”).
The Circular requires that, all levels of departments of transport, cyberspace, communications, public security, people’s bank, tax, industry and commerce, and market supervision and regulation, shall establish a joint supervision and regulation mechanism to administrate the online car-hailing industry. In case of violations and illegalities, such as engaging in online car-hailing business without a permit for online car-hailing business, inconsistencies between the vehicle and personnel information showed online and displayed offline, divulging of information, failure to pay tax due according to the law, unfair competition, payments and settlements using funds from illegal business, all relevant administrative departments may collaboratively organize talks with the operators concerned. Moreover, the Circular notes that, where an operator concerned refuses to take rectification actions after such talk, relevant administrative departments may take measures against the online car-hailing platform operator, such as suspending from releasing products, removing its mobile applications (APPs) from APP stores, terminating internet services, and disabling the network connection or shutting down its servers for rectification for six months, depending on the seriousness of its violations.
8. The People’s Government of Guizhou Province Distributed the Opinions on the Promotion of Innovative Development of Big Data, Cloud Computing, Artificial Intelligence, and the Speeding Up Construction of Digital Guizhou
On 22 June, 2018, the People’s Government of Guizhou Province distributed the Opinions on the Promotion of Innovative Development of Big Data, Cloud Computing, Artificial Intelligence, and the Speeding Up Construction of Digital Guizhou. In the Opinions, the goal for future development includes vigorously developing the digital economy, comprehensively promoting digital governance, developing digital livelihood services, promoting digital facilities upgrades, enhancing digital security prevention and control capabilities, and improving support systems.
Cloud Security Alliance (CSA) recently released Code of Conduct for GDPR Compliance, which aims to provide GDPR compliant solutions for cloud service providers (CSPs), cloud consumers, and related companies, and provide cloud service provider’s transparency guidelines on the level of data protection to be submitted. China Security Alliance of Cloud and Emerging Technology Innovation (C-CSA) organizes experts to translate the Chinese version, which will certainly help Chinese companies to understand GDPR and help their business in Europe to avoid privacy risks.
On June 5, 2018, the Guiyang Big Data Safety Management Regulation was passed at the 13th meeting of the Standing Committee of the 14th People’s Congress of Guiyang. The Regulation clarifies the first responsible person of big data security, and requires security responsible units to implement security protection such as encryption of personal information and important data. In addition, the Regulation also requires security responsible units to establish a big data security audit system, and the people’s governments at or above the county level should establish and improve the supervision and inspection mechanism for big data security, and clarify the duties of supervision and inspection.
On June 7, 2018, the White Paper on the Criminal Judicial Protection of Network Security of People’s Procuratorate in Haidian District of Beijing was issued. According to the White Paper, cybercriminals are characterized by young age and low diploma. At the same time, criminal behaviours are obviously industrialized, and a complete and closed industrial chain is gradually formed.
On July 6, 2018, President Xi Jinping presided over the third meeting of the central committee for deepening overall reform and delivered an important speech. The meeting reviewed and approved the “Proposal for the Establishment of the Beijing Internet Court and the Guangzhou Internet Court”. On the basis of summarizing and promoting the experience of the Hangzhou Internet Court, the meeting pointed out that the courts shall respond to the needs of social justice, scientifically determine the scope of jurisdiction, improve and perfect the litigation rules, build a unified litigation platform, and promote the rule of law in cyberspace governance.
On July 6, 2018, the Office of Cyberspace Affairs Commission of the CPC Shandong Provincial Committee, Shandong Communications Administration, and the National Computer Network and Information Security Management Center (Shandong Branch) jointly released the 2017 Shandong Internet Security Report. The report shows that in 2017, the critical information infrastructure of Shandong operated in a stable way, and the major monitoring indicators of the core network of the Internet were normal. No major-level cybersecurity incidents occurred, but there were still certain security risks.
On June 30, 2018, the Beijing Municipal Commission of Economy and Information officially released the “2018 White Paper on the Development of Beijing Artificial Intelligence Industry”. The White Paper discloses a series of developments of national and Beijing AI companies. As of May 8, 2018, there were 4,040 artificial intelligence enterprises nationwide, and 1,070 artificial intelligence enterprises in Beijing accounting for 26% of the artificial intelligence enterprises nationwide. Only 35% AI companies nationwide obtained investments. In addition, the report also gives a list of 132 AI companies of (partial) key areas.