Internet Security and Data Protection
The Chinese government has passed new laws and regulations in cyber security, data security, data protection, and encryption. That means that foreign companies need to act. The Cyber Security Law regulates the requirements for the security of data processing systems in great detail. It contains fundamental principles of data protection, which are specified more precisely in further ordinances. At the same time, the Cryptography Act makes specifications for the use of encryption technologies. In the case of non-compliance, there is a risk of civil liability and entry into the corporate social credit system, i.e., the public blacklisting of companies, as well as increased fines.
Legal Requirements for IT Compliance in China: Implementation of the MLPS 2.0
With the new, mandatory Multi-Level Protection Scheme 2.0 (MLPS 2.0), the regulatory pressure on all companies operating in China is increasing. The regulatory system for data and cyber security obliges companies to use the specifications of a multi-level protection system to ensure that no data can be passed on, stolen, or falsified and that their IT systems are free from interference, damage, or unauthorized access. The MLPS 2.0 applies to companies in all industries and is not limited to the Internet or IT companies.
Your Partner for the Implementation of the MLPS 2.0
CHINABRAND supports companies to implement the MLPS 2.0 regulations from the initial assessment of the IT systems and the preliminary classification through to acceptance by certified auditors in China.
- Preliminary classification of the IT systems and determination
of the necessary protection
- Registration and certification by the public safety authority
- Gap analysis and remedy plan if optimization is required
- Safety assessment by authorized auditors
- Submit the assessment report to the Public Safety Authority
Time to Act
More and more foreign companies are aware of the importance of MLPS 2.0. However, because of the complexity of the MLPS-related regulations and also the language barrier - many regulations and standards are only available in Chinese - they don't know how MLPS 2.0 works in practice can implement.
Together with Chinese cyber security experts, CHINABRAND supports companies in the most important tasks:
- Analysis of relevant laws and requirements in the areas of IT compliance, network security, data transmission, and data protection
- Review of the client's existing infrastructures in China about the legal requirements for data security (required certificates, penetration test, white hacking)
- Selection of measures and implementation of tools to meet the new regulations
- Conception and implementation of compliance training for Chinese and Asian subsidiaries
- Implementation of compliance management systems
"Like for any state, Chinese regulation is complex and need guidance to ensure compliance. CHINABRAND, combining technical, legal and language skills, is greatly helping us in our MLPS 2.0 compliance journey. Without their support it would have been very difficult to deal with this certification."
Director Global IT Infrastructure and Security
"Since the beginning of 2021, the Chinabrand team has been providing us with comprehensive and trustworthy support in matters of cybersecurity law. During the requirements analysis project, we received support and input at all times from dedicated employees who also have a high level of expertise. The results were extremely confident and goal-oriented."
After acquiring a Chinese company, our client discovered that the company had deficits in compliance. The legally prescribed classification of the IT systems according to the MLPS had not yet taken place. Our Chinese IT consultants assessed and classified the systems on site at relatively short notice, whereby the personal contacts with auditors throughout China and the responsible provincial authorities were helpful.
The implementation of steps 3-5 of the MLPS is very specific - depending on which class the IT systems are classified in and which security deficiencies are found during the tests and controls. For a mechanical engineering company that manages its global IT centrally at its European headquarters, we have created a list of possible optimization measures for all security deficiencies that have been identified. The client could then choose which solutions best fit the company's global security strategy. Through close contact with the local authorities, we ensured that the IT systems met the legal requirements after implementing the measures and passed the final test of the cybersecurity administration.
A client wanted to analyze the obligations its Chinese subsidiary had to face in the areas of cyber security and data protection. This analysis was required to be able to make far-reaching decisions in the development of corporate IT. We were able to assist the company with an analysis of the current legal situation by specialized Chinese lawyers and with strategic advice.
The global use of standardized computer programs is essential for many international companies. With the rollout of western software to China, not only the specific legal requirements of cyber security and data protection are relevant, but also the behavioral patterns of Chinese employees - for example the circumvention of company applications through WeChat. CHINABRAND was able to support German companies in using their software in China. Solutions were found that meet the legal and technical requirements.