People's Republic of China: CSRC Released New Cybersecurity and Data Privacy Rules for Securities and Future Institutions
Tuesday, March 14, 2023
China Securities Regulatory Commission Regulations
Print Mail Download i

The China Securities Regulatory Commission (CSRC) released the Administrative Measures for Network and Information Security in Securities and Futures Sectors (Measures) on 27 February 2023, which will become effective on 1 May 2023.

The Measures provide an industry-specific regulatory regime in response to the reshaped cybersecurity and data privacy law of China and will replace the existing rules promulgated a decade ago. The Measures are meant to be broadly applicable to various market players, such as stock exchanges, securities and futures companies, fund managers, and information technology (IT) service providers (e.g., online trading platforms). CSRC categorized them as follows:

  1. core institutions, including securities and futures trading venues, securities registration and settlement institutions, and other core institutions undertaking public functions of the securities and futures market and operation of public IT infrastructure of the securities and futures market;

  2. operating institutions, which are securities and futures operating institutions such as securities companies, futures companies, and fund management companies; and

  3. IT system service institutions, which provide products or services such as development, testing, integration, evaluation, operation and maintenance, and daily security management of important information systems for securities and futures business activities.

Each category of institutions is subject to different types of regulatory requirements based on the nature of the data they are processing and the cybersecurity and privacy risks they are exposed to.

The Measures cover various aspects of network and information security, such as setting-up and operations of supervision and management systems, protection of investors’ personal information, network and information security emergency response, and critical information infrastructure security protection. CSRC and its local agencies are the regulators responsible for enforcement of the Measures and entitled to impose administrative penalties over the regulated institutions who breach the Measures.

Copyright 2024 K & L Gates

Current Legal Analysis

More from K&L Gates

Kicked Out of the Club: NFA Orders Commodity Pool Operator Not to Reapply for NFA Membership
by: Matthew J. Rogers , Benjamin C. Skillin
SEC Risk Alert Offers Initial Observations on Compliance
by: Michael S. Caccese , Lance C. Dial
Guidance on Use of Artificial Intelligence-Based Tools in Practice Before the United States Patent and Trademark Office
by: Matthew S. Dicke
Global Survey of ESG Regulations for Asset Managers
by: Lance C. Dial , Keri E. Riemer
The UKIPO Updates its Policies to Tackle Ineffective Addresses for Service
by: Simon Casinader
Doing Business in Australia: A Guidebook for Investing in Australia
by: Betsy-Ann Howe
ESG-Australia: Consultation Material for the 5th Edition of the Corporate Governance Council Principles and Recommendations Released
by: Andrew Gaffney , Clive Cachia
Marketing Rule Enforcement Remains Priority: SEC Charges Five Advisers for Marketing Rule Violations
by: Lance C. Dial , Pablo J. Man
Supreme Court Limits Shareholder Suits Based on "Pure Omissions" in Corporate Disclosures
by: Nicole C. Mueller , Jonathan R. Vaitl
The SEC Limits the Internet Adviser Exemption
by: Jennifer Klass , Matthew J. Rogers

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins