This article was first published by the International Law Office, a premium online legal update service for major companies and law firms worldwide. Register for a free subscription.

On 20 November 2019 the Cyberspace Administration of China (CAC) published the Administration Measures for Releasing Cybersecurity Threat Information (Draft for Comments) to solicit public opinions.

According to the draft measures, the publication of cybersecurity threat information must be reported to regulators in the following situations:

  • Public security organs at or above the municipal level must be informed before the publication of information on cybersecurity events such as the Internet and information systems being attacked, damaged or illegally accessed.
  • The cyberspace administration and public security organs at or above the local level must be informed before the publication of comprehensive analysis reports on regional cybersecurity attacks, incidents, risks and vulnerabilities.
  • The competent industry authorities must be informed before the publication of comprehensive analysis reports on cybersecurity attacks, incidents, risks and vulnerabilities involving public communication and information services, energy, transportation, water conservation, finance, public services, e-government, national defence science and technology industry and other important industries and fields.
  • The CAC and public security organs of the state council must be informed in advance of the publication of comprehensive analysis reports on national, cross-regional and cross-industry fields.

Endnotes

(1) For further details in Chinese please see here.