Yan Luo

Yan Luo

Subscribe to all posts by Yan Luo

China Seeks Public Comments on Draft Measures for the Publication of Cybersecurity Threat Information

On November 20, 2019, the Cyberspace Administration of China (“CAC”) released the draft Measures for the Publication of Cybersecurity Threat Information (“Draft Measures”) for public comment.  (An official Chinese version is available here).  The comment period ends on December 19, 2019. The release of the Draft Measures marks an important step forward in implementing Article … Continue Reading

China Enacts Encryption Law

On October 26, 2019, China enacted a landmark Encryption Law, which will take effect on January 1, 2020.  The Encryption Law significantly reshapes the regulatory landscape for commercial encryption, including foreign-made commercial encryption products, but leaves many questions to be answered in future implementing regulations.  In this blog post, we provide a few highlights of … Continue Reading

China Releases Updated Draft Encryption Law for Public Comment

On July 5, 2019, China’s Standing Committee of the National People’s Congress (NPC) published a new draft Encryption Law (“the draft Law”) for public comment.  The draft Law, if enacted as drafted, would bring significant new changes to China’s commercial encryption regime. The State Cryptography Administration (“SCA”) previously issued an initial draft of this law … Continue Reading

China Seeks Public Comments on Draft Measures related to the Cross-border Transfer of Personal Information

On June 13, 2019, the Cyberspace Administration of China (“CAC”) issued the draft Measures on Security Assessment of the Cross-border Transfer of Personal Information (“Draft Measures”) for public comment. (The official Chinese version of the Draft Measures is available here, and an unofficial English translation is available here.) The comment period ends on July 13, … Continue Reading

CAC Releases Draft Regulation on the Protection of Children’s Personal Information Online

On May 31, 2019, the Cyberspace Administration of China (“CAC”) released the draft Regulation on the Protection of Children’s Personal Information Online (“Draft Regulation”) for public comment. (An official Chinese version is available here and an unofficial English translation of the Draft Regulation is available here.) The comment period ends on June 30, 2019. As mentioned … Continue Reading

China Releases Draft Measures for Data Security Management

On May 28, 2019, the Cyberspace Administration of China (“CAC”) released the draft Measures for Data Security Management (“Draft Measures”) for public comment. (An official Chinese version of the Draft Measures is available here and an unofficial English translation is available here.) The comment period ends on June 28, 2019. The release of these Draft Measures demonstrates … Continue Reading

China Seeks Public Comments on Draft Regulation on Cybersecurity Review of Network Products and Services

On May 24, 2019, the Cyberspace Administration of China (“CAC”) released the draft Measures on Cybersecurity Review (“Draft Measures”) for public comment. (An official Chinese version of the Draft Measures is available here and an unofficial English translation is available here). The comment period ends on June 24, 2019. The publication of these Draft Measures … Continue Reading

China Released Core National Standards, Updating Mandatory Cybersecurity Requirements under the Cybersecurity Multi-level Protection Scheme

On May 13, 2019, China’s State Administration for Market Regulation (“SAMR”) released three core national standards related to the country’s Cybersecurity Multi-level Protection Scheme (“MLPS”), describing technical and organizational controls that companies must follow when complying with MLPS-related obligations under the Cybersecurity Law (“CSL”).  These standards, which are commonly referred to as the “MLPS 2.0 … Continue Reading

China’s Ministry of Public Security Issues New Personal Information Protection Guideline

On April 19, 2019, China’s Ministry of Public Security (“MPS”) released the final version of its Guideline for Internet Personal Information Security Protection (互联网个人信息安全保护指南) (the “Guideline”).  A previous version of the Guideline was released for public comments on November 30, 2018. Under China’s Cybersecurity Law (the “CSL”), MPS is the key regulator tasked with protecting … Continue Reading

China Introduces Mobile Application Security Certification Scheme

On March 15, 2019, the State Administration for Market Regulation and the Cyberspace Administration of China (“CAC”) jointly issued the Announcement on the Implementation of App Security Certification (the “Announcement”), creating a voluntary (but state-sanctioned) security certification scheme for mobile applications (“Security Certification Scheme”). Operators of mobile applications are encouraged to obtain this certification to … Continue Reading

China Releases Draft Amendments to the Personal Information Protection Standard

On February 1, 2019, China’s National Information Security Standardization Technical Committee (“TC260”) released a set of amendments to GB/T 35273-2017 Information Technology – Personal Information Security Specification (“the Standard”) for public comment.  The comment period ends on March 3. Although not legally binding, the Standard has been highly influential since becoming effective in May 2018, … Continue Reading

China Releases New Regulation on Cybersecurity Inspection

On September 30, 2018, China’s Ministry of Public Security (“MPS”) released the Regulation on the Internet Security Supervision and Inspection by Public Security Organs (the “Regulation”;《公安机关互联网安全监督检查规定》), which will take effect on November 1, 2018.… Continue Reading

Covington Artificial Intelligence Update: China’s Framework of AI Standards Moves Ahead

China has set out on an ambitious agenda of aiming to become the world leader in artificial intelligence by 2030. Policy experiments for a critical part of China’s AI development strategy, and to that end multiple government think tanks have set out formulating standards that may impact AI innovation in China. The China Electronics Standardization … Continue Reading

China Seeks Public Comments for Draft Cybersecurity Regulations

On June 27, 2018, China’s Ministry of Public Security (“MPS”) released for public comment a draft of the Regulations on Cybersecurity Multi-level Protection Scheme (“the Draft Regulation”). The highly anticipated Draft Regulation sets out the details of an updated Multi-level Protection Scheme, whereby network operators (defined below) are required to comply with different levels of … Continue Reading

Covington Artificial Intelligence Update: China’s Vision for The Next Generation of AI

Artificial intelligence promises to be a paradigm shift for many applications from manufacturing to finance, and from defense to education.  Given the vast potential, focus on AI has sharpened around the world, including in China.  Decision makers in Beijing and around the country are paying attention and have begun shaping a legal and policy regime … Continue Reading

China Issues New Personal Information Protection Standard

On January 2, 2018, the Standardization Administration of China (“SAC”) released the final version of the national standard on personal information protection, officially entitled GB/T 35273-2017 Information Technology – Personal Information Security Specification (GB/T 35273-2017 信息安全技术 个人信息安全规范) (hereinafter “the Standard”).  The Standard will come into effect on May 1, 2018. As highlighted in our previous … Continue Reading

National Cybersecurity Awareness Month Q&A with Yan Luo

Yan Luo advises clients on a broad array of regulatory matters in connection with cybersecurity and data protection rules in China. With previous work experience in Washington, DC and Brussels before relocating to Beijing, Yan has fostered her government and regulatory skills in all three capitals. She is able to strategically advise international companies on … Continue Reading

China Revises Proposals on Regulation of Commercial Encryption

In the past three weeks, China’s State Council and the State Cryptography Administration (“SCA”) issued two documents that reveal a major change in the regulatory regime governing commercial encryption products in China, potentially paving the way for the draft Encryption Law to establish a uniformed encryption regime. This development and its practical implications will be … Continue Reading

Chinese Agencies Announce Plan to Audit Privacy Policies of Ten Popular Online Services

On July 26, four Chinese agencies, the Cyberspace Administration of China (“CAC”), the Ministry of Industry and Information Technology (“MIIT”), the Ministry of Public Security (“MoPS”), and the National Standards Committee, announced their plan to begin the government’s campaign to improve the protection of personal information, according to Xinhua News Agency (link is in Chinese).  … Continue Reading

China Seeks Public Comments on Draft Regulation on the Protection of Critical Information Infrastructure

On July 11, 2017, the Cyberspace Administration of China (CAC) released the draft Regulation on the Protection of the Critical Information Infrastructure (“Draft Regulation”) for public comment (official Chinese version available here). The comment period ends on August 10, 2017. Aiming to add greater clarification to the Cybersecurity Law, which took effect on June 1, … Continue Reading

South Korea Joins the APEC Cross-Border Privacy Rules Framework

South Korea has became the fifth member economy to join the Asia-Pacific Economic Cooperation’s (“APEC”) Cross-Border Privacy Rules (“CBPR”) system, a voluntary but legally enforceable code of conduct that aims to facilitate secure data transfers and e-commerce between parties to the agreement. Established in 2011, the CBPR system aims to provide a minimum level of … Continue Reading

Chinese Authorities Release Catalog of Network and Cybersecurity Products Subject to Pre-Sale Inspection

On June 9, 2017, the Cyberspace Administration of China (“CAC”), together with three other agencies, released a Catalog of Critical Network Equipment and Network Security Products (First Batch) (“the Catalog,” original Chinese version available here).  It specifies network products that must be certified before they can be marketed in China. China’s Cybersecurity Law (see our … Continue Reading

Three Weeks On: What We Know about The Enforcement of China’s Cybersecurity Law – Part 3

Part 3 of this three-part entry discusses a separate, but equally important, legal development in China’s data protection environment. On May 8, 2017, the Supreme People’s Court and the Supreme People’s Procuratorate issued an interpretation of criminal law regarding infringement of citizens’ personal information (the “Interpretation”).  The Interpretation examines the provision in China’s Criminal Law, … Continue Reading

Three Weeks On: What We Know about The Enforcement of China’s Cybersecurity Law – Part 2

Part 1 of this post clarified which parts of China’s latest Cybersecurity Law (the “Law”) are currently ready to be enforced and which parts are awaiting clarification in the form of implementing regulations or standards. In this post, we will discuss latest landscape of implementing regulations and national standards that supplement the Law.   Implementing … Continue Reading
LexBlog