On November 7, 2016, the Standing Committee of the National People’s Congress of China promulgated the Cyber Security Law of the People’s Republic of China (the “Cyber Security Law”) after three rounds of readings in June 2015, June and October 2016, respectively. The Cyber Security Law will enter into force on June 1, 2017. As early as July 1, 2015, the National Security Law of the People’s Republic of China was promulgated, expressly providing that the state shall “safeguard sovereignty and security of cyberspace in the state,” a theme that is reiterated and emphasized in Article 1 of the Cyber Security Law. The introduction of the concept of “cyber space sovereignty” in the Cyber Security Law echoes the views of President Xi Jinping, who is also the head of the Office of the Central Leading Group for Cyberspace Affairs, and who has stated in February 2014 that “[n]o cyber safety means no national security.” Critically, the Cyber Security Law may have global implications, as the Law applies to both Chinese and international businesses engaging in the construction, operation, maintenance or use of information networks in China.
On April 24, 2015, China amended its Advertising Law for the first time since its initial promulgation in 1994. The amended Advertising Law (the “Amended Law”) will take effect on September 1, 2015. In the absence of a comprehensive data protection law in China, the Amended Law introduces certain provisions addressing data and privacy issues, in addition to existing data privacy rules which are scattered in various laws and regulations.
On July 1, 2015, China’s top legislature adopted a new National Security Law (中华人民共和国国家安全法), highlighting cyber security and paving the way for a coordinated crisis management system. The law aims to provide a general legislative framework to cover a wide range of areas, ranging from finance, politics, the military and cyber security to culture, ideology and religion.