Legal Requirements for IT Compliance in China: Implementation of MLPS 2.0
With the new, mandatory Multi-Level Protection Scheme 2.0 (MLPS 2.0), the regulatory pressure on all companies operating in China is increasing. The regulatory system for data and cyber security obliges companies to use the specifications of a multi-level protection system to ensure that no data can be passed on, stolen, or falsified and that their IT systems are free from interference, damage, or unauthorized access. The MLPS 2.0 applies to companies in all industries and is not limited to the Internet or IT companies.
Your Partner for the Implementation of MLPS 2.0
CHINABRAND supports companies implement the MLPS 2.0 regulations from the initial assessment of the IT systems and the preliminary classification through to acceptance by certified auditors in China.
- Preliminary classification of the IT systems and determination of the necessary protection
- Registration and certification by the public safety authority
- Gap analysis and remedy plan if optimization is required
- Safety assessment by authorized auditors
- Submit the assessment report to the Public Safety Authority
Time To Act
More and more foreign companies are aware of the importance of MLPS 2.0. However, because of the complexity of the MLPS-related regulations and also the language barrier - many regulations and standards are only available in Chinese - they don't know how MLPS 2.0 works in practice can implement.
Together with cyber security experts, CHINABRAND supports German and European companies in the most important tasks:
- Analysis of relevant laws and requirements in the areas of IT compliance, network security, data transmission, and data protection
- Review of the client's existing infrastructures in China about the legal requirements for data security
(required certificates, penetration test, white hacking)
- Selection of measures and implementation of tools to meet the new regulations
- Conception and implementation of compliance training for Chinese and Asian subsidiaries
- Implementation of compliance management systems
After acquiring a Chinese company, our client discovered that the company had deficits in compliance. The legally prescribed classification of the IT systems according to the MLPS had not yet taken place. Our Chinese IT consultants assessed and classified the systems on site at relatively short notice, whereby the personal contacts with auditors throughout China and the responsible provincial authorities were helpful.
The implementation of steps 3-5 of the MLPS is very specific - depending on which class the IT systems are classified in and which security deficiencies are found during the tests and controls. For a mechanical engineering company that manages its global IT centrally at its European headquarters, we have created a list of possible optimization measures for all security deficiencies that have been identified. The client could then choose which solutions best fit the company's global security strategy. Through close contact with the local authorities, we ensured that the IT systems met the legal requirements after implementing the measures and passed the final test of the cybersecurity administration.