You are here


Survey Answer:

Competent Authorities
• Cybersecurity Administration of China (CAC)
CAC was established on May 4, 2011 with the approval of the State Council. The State Council later empowered the CAC on August 26, 2014 “to be in charge of the administration of Internet-based information content nationwide and of regulatory enforcement.” The Leading Group for Cyberspace Affairs was constituted on February 27, 2014 and shares the same administrative organization and is under the common guidance of the same group of officers as the CAC. The CAC performs the specific duties of the Leading Group.
The Cybersecurity Law further provides that the cyberspace administration authorities are responsible for the overall planning and coordination of cybersecurity work and the relevant supervision and administration. In practice, the Leading Group is primarily responsible of strategic coordination, such as issuing the National Cyberspace Security Strategy and other strategy documents, while the CAC is responsible of carrying out, supervising and administrating specific matters regarding cybersecurity.

• Ministry of Industry and Information Technology (MIIT) – Cybersecurity Management Bureau
MIIT, especially cybersecurity management bureau, is mainly responsible for the (1) administration of telecom and internet industry, (2) cybersecurity guarding, emergency administration and settlement, (3) supervision, administration and security examination of telecommunications networks, Internet and industry control system network (4) establishment of network and information security system in the telecommunications area, (5) drafting and organizing the implementation of security administration policies, rules and standards regarding the data security of telecommunications networks and the Internet, (6) cooperate with MPS in dealing with cyber- and information-related crimes.
• Ministry of Public Security (MPS)
MPS and its local counterparts are primarily responsible for handling cyber- and information-related crimes. The local counterparts of MPS are responsible for classified protection system record-filings. The crimes related to cybersecurity under the Criminal Law include the infringement of personal information, refusal to perform cybersecurity administrative obligations and the illegal use of information networks.
• Industry authorities
Industry authorities may be responsible for the formulation of implementation regulations for cybersecurity protection and/or CII protection in its corresponding industries, and enforcement of such implementation regulations. Since the supporting documents of the Cybersecurity Law are still being formulated, the specific responsibilities of industry authorities are still under development.

Provided By:
David Tang, Han Kun Law Offices