Enforcement of China’s Cybersecurity Law (CSL) began at the beginning of this month, but questions remain about how companies should comply with the myriad requirements of the law and its related measures, standards, and other regulations. Following conversations with company executives and service providers, the US-China Business Council (USCBC) developed a brief list of best practices to help accelerate internal compliance plan development.
China’s new Cybersecurity Law goes into effect today, June 1, but with many implementation details undecided and companies uncertain about how to comply. In the meantime, Chinese regulators are responding in part to company concerns, even if the overall policy approach remains problematic.
China released a second draft revision of its Standardization Law on May 19 that links standards to national security, which could limit the use of foreign products and services, and endanger intellectual property (IP) protection. The newest draft continues China’s push toward voluntary and recommended standards, emphasizes consumer safety, and adds new language regarding standards and national security.