October 29, 2020

Volume X, Number 303


October 28, 2020

Subscribe to Latest Legal News and Analysis

October 27, 2020

Subscribe to Latest Legal News and Analysis

October 26, 2020

Subscribe to Latest Legal News and Analysis

China Seeks Comment on Seven Draft Cybersecurity and Data Privacy National Standards

China’s National Information Security Standardization Technical Committee (“NISSTC”), a standard-setting committee jointly supervised by the Standardization Administration of China (“SAC”) and the Cyberspace Administration of China (“CAC”), released seven draft national standards related to cybersecurity and data privacy for public comment on December 21, 2016.  The public comment period runs until February 2, 2017.

These new draft standards are:

  • Information Security Technology – Personal Information Security Specification

  • Information Security Technology – Implementation Guide for Cybersecurity Classified Protection

  • Information Security Technology – Security Capability Requirements for Big Data Services

  • Information Security Technology – Guide for Security Risk Assessment of Industrial Control Systems

  • Information Security Technology —Security Technique Requirements and Test Evaluation Approaches for Industrial Control Network Monitoring

  • Information Security Technology — Technique Requirements and Testing and Evaluation Approaches For Industrial Control System Vulnerability Detection

  • Information Security Technology – Testing and Evaluation Methods for the Security of Hardcopy Devices

Once adopted, the new standards will join the large group of “Information Security Technology” standards (also known as “TC260” standards) developed since 2010.  Thus far, there are over 240 national standards under the umbrella of “Information Security Technology”.  Such standards cover a wide range of cybersecurity-related subjects, including, for example, security standards for cloud computing, industrial control systems, e-government, and big data services.  The TC260 standards also include standards on the protection of personal information and on “secure and controllable” requirements for information technology products such as CPUs, operating systems, and office suites.

The family of “Information Security Technology” standards are voluntary national standards in China and are not legally binding.  However, with the new Cybersecurity Law expressly supporting the development of China’s own cybersecurity-related standards, we anticipate that the government will increasingly attach more importance on those standards.  Also, such standards can serve as an important barometer of the agencies’ interpretation of often vaguely worded laws and regulations.

© 2020 Covington & Burling LLPNational Law Review, Volume VI, Number 356



About this Author

Repeatedly ranked as having one of the best privacy practices in the world, Covington combines exceptional substantive expertise with an unrivaled understanding of the IT industry, and of e-commerce and digital media business models in particular.  Our practice provides exceptional coverage of all of the substantive areas of privacy, including IT/technology, data security, financial privacy, health privacy, employment privacy, litigation and transactions.  One of our core strengths is the ability to advise clients on relevant privacy and data security rules worldwide,...