European Chamber submitted comments on the Revised Draft of Cybersecurity Law

2022-09-29 | National

Since the Cybersecurity Law went into effect on June 1, 2017, it has been implemented for five years. There is a critical need for revisions in a number of areas, including supervision, enforcement, and data compliance, as the Data Security Law and the Personal Information Protection Law take effect and are implemented one after the other. The most recent revision of the Cybersecurity Law shows a positive sign of the improvement in China’s legal framework in the field of cybersecurity. Firstly, the revision focuses on changing the scope and severity of penalties for violating certain provisions and readjusts the penalties based on the 2021 Administrative Penalties Law of the PRC to make the Cybersecurity Law to be more consistent with the Administrative Penalties Law. This revision becomes extremely significant in light of the guiding principle that no administrative actions can take place without legal authorization. Secondly, the legal effort by the global internet governance to further strengthen "platform responsibility" led to increased penalties. However, it is worth noticing that this revision to the Cybersecurity Law is based on the circumstances of the violation as the basis for punishment, unlike foreign countries, for instance, the EU, which determines fines by the role of the operator (for example, whether it is a gatekeeper) and SMEs have a large number of exemptions. The question of how to assess the severity of the offenses and who will assess them is yet unknown.