ANNOUNCED AS TEMPORARYNo
On June 1st, 2017, a new 'PRC Network Security Law' that was mooted in 2016 and approved that November, came into effect. The law is far-reaching; targeting the 'critical information infrastructure' of the following industries:
The law states, among other things, that any personal information 'generated or collected' by the information infrastructure in the abovementioned industries must be stored domestically. Any information that needs to be transferred overseas can only be done so with government approval.
Another clause in the text of the bill necessitates the use of PRC government-approved 'network equipment and cybersecurity products' when carrying out their business operations.
In effect, this means any firms deemed to be involved in one of the affected industries must conduct their data-related operations within the PRC and must do so with specific equipment.
This aspect of the law appears to derive from a 2015 law (see related measure) passed to combat 'terrorism' in the PRC. However, this differs in being more specific in which industries are targeted, not mentioning anything about the provision of encryption keys, and having more total clauses (which do not specifically affect international bodies, so are not detailed here).
⚑ Please report this page in case you detect an inaccuracy in its content.