China will roll out a new set of cybersecurity regulations next year, placing a strong emphasis on national security and requiring companies, especially those providing generative artificial intelligence (AI) services, to implement enhanced data protection measures. The announcement came on Monday, with the new rules set to take effect on January 1, 2024.
The Network Data Security Management Regulations, comprising 64 clauses, are built upon China’s existing cybersecurity and data security laws. These regulations aim to tighten control over data processing practices, particularly in sectors like AI, and mitigate risks related to data breaches.
Key Requirements for AI Service Providers
Under the new rules, companies offering generative AI services will be required to bolster their data processing capabilities and prepare for potential breaches. This includes additional training for employees and implementing protocols to prevent leaks or unauthorized access to sensitive information.
Moreover, non-Chinese operators handling personal data originating from China must establish local data processing centers within the country. This step is intended to ensure that personal information is securely managed within Chinese borders.
National Security Focus
The regulations place significant importance on national security, stipulating that data processors undermining China’s national security, public interest, or legally protected interests—whether inside or outside of China—will be held legally accountable.
Businesses are required to align their data practices with guidance from the Communist Party, adopting a broad perspective on national security that encompasses the economy, technology, and national defense. Companies must also comply with national standards and report any security breaches to authorities within 24 hours.
Cyberspace IDs and Internet Control
The regulations also authorize national security officials to conduct investigations into potential breaches. One notable inclusion is the encouragement for online platforms to require personalized internet identification, or cyberspace IDs, for users. This measure is in line with a government proposal drafted in July, which raised concerns over the potential for increased state control over internet usage.
The mention of cyberspace IDs in the new regulations indicates that the government is moving forward with plans to promote tighter regulation of online activity.
Broader Cybersecurity Legislation
Between 2017 and 2021, China enacted three laws governing the internet. These latest regulations aim to further strengthen control over the transfer of data abroad, reflecting the government’s ongoing efforts to safeguard national security in the digital realm.
The new cybersecurity rules mark China’s continued push for tighter regulation and control over data, particularly as the country seeks to assert its sovereignty in the rapidly evolving fields of technology and AI.
01st Oct 2024
Comments