Don't Forget Your Employees

• Pages: 3-4

3.

SME´s obligations related to network security

imposed by the CSL

Despite being man datory, these

measures could be s een as guidanc e

for IP protect ion. To protect co ndential

information like tra de secrets you must

take protec tive measures t o avoid the

information being acc essible for third

parties. You can d emonstrate t o the

courts t hat you’ve taken ap propriate

cybersec urity measur es in case of

cyberatt ack by complying wit h the

CSL. Net work Operators can follow the

minimum duties, for e xample, having

an anti-virus soware in place, should

be enough, however CI I Operators need

to follow higher stan dards. Compliance

with local lega l cyber securi ty

standards is sucient for e njoying

legal trade secr et protect ion in China.

Network operators

The CSL stipulates certain obligations regarding network security which you as

a network operator must comply with. All these provisions are dispersed over

the entire legal text but can be summarized in three main categories:

；Administration: Network operators are required to clarify responsibilities

within their organisations, and ensure network security by implementing

rules and regulations and operational processes.

For example, you have to formulate internal security management

systems and operating rules; determine persons responsible for

cybersecurity.

；New security technologies: Network operators shall adopt various

technologies to prevent, combat and investigate cyber-attacks to mitigate

network risks.

For example, you have to adopt technical measures for monitoring

and recording network operational statuses and cybersecurity

incidents, and adopt technical measures to prevent computer viruses,

cyberattacks or network intrusions.

；Data storage: Network operators shall ensure data availability and

condentiality by backing up and encrypting data.

For example, you are also requested to adopt data encryption and

back-up measures, and store network logs for a minimum of 6

months.

To summarise, Network Operators should build an eective security

administration system, nding rational technical solutions and improving data

protection capabilities, which are expected to be key priorities for network

operators. The Chinese authorities may check whether you are compliant with

the CSL measures, especially in case of a security breach.

In case of breach of such cybersecurity obligations, Chinese authorities can

order corrections, issue warnings and order an external cybersecurity expert

to carry out certication. When corrections are refused, CSL provides for a ne

3