Hogan Lovells - Asia-Pacific Data, Privacy and Cybersecurity Guide 2025 - Flipbook - Page 13
Asia-Pacific Data Privacy and Cybersecurity Guide 2025
infrastructure and data management. MLPS 1.0
introduced annual inspections by government
officials and MPS, in a move that has raised
significant concern for multinationals
operating in China.
Based on the CSL, MLPS 2.0 (2019-)
optimises the MLPS 1.0 from the
following aspects:
· Introducing extended security requirements
for emerging technologies like cloud
computing, IoT, mobile internet, industrial
control, and big data.
· Transitioning from passive defense to a
dynamic protection system that includes
pre-emptive defense, real-time response, and
post-event auditing;
· Updating the grading process requires
expert review and approval by competent
authorities for Level 2 and above systems;
· Adjusting the grading levels, with systems
causing significant harm to legal rights now
classified as Level 2 instead of Level 2; and;
· Empowering MPS to perform remote access
inspections (upon prior notice) and
on-site inspections.
Proposed amendment to the CSL
On September 12, 2022, the Cyberspace
Administration of China (CAC) issued a
draft to amend the CSL, mainly aimed to
improve the legal responsibilities regarding
the security protection of critical information
infrastructure (CII(s)) and other network
information security and operational security.
Overall, the draft proposed to increase
penalties, and impose penalties equivalent to
those implemented in the PIPL (i.e., fines of
up to RMB 50,000,000 or 5% of the preceding
year’s turnover). According to the Work Report
of the Standing Committee of the National
13
