When concluding insurance contracts, applicants have a duty of disclosure. However, applicants need not disclose information unless the insurer enquires. Insurers' remedy for breach of this duty varies. They can either rescind the contract and keep the premium or rescind the contract but return the premium. However, insurers have no right to rescind the contract if they underwrote it fully aware that the applicant had not provided honest answers.
The year 2020 was unusual. The outbreak of the COVID-19 pandemic and continued international trade tensions posed challenges to the Chinese antitrust law enforcement authority, the State Administration for Market Regulation (SAMR). Despite the challenges, the SAMR maintained a prudent attitude towards merger control review and even concluded more merger cases compared with 2019.
The Supreme People's Procuratorate recently issued the Provisions on the Handling of Cybercrime Cases by the People's Procuratorates, which include general provisions, as well as provisions on the guided collection of evidence and case reviews, the review of electronic data and court attendance in support of public prosecutions. Among other things, the provisions require the people's procuratorates to strengthen the penalties handed down in cybercrime cases.
The Ministry of Industry and Information Technology recently issued the Circular on Launching the Pilot Programme on Classified and Graded Management of Cybersecurity of Industrial Internet Enterprises. The pilot programme is initially scheduled to launch in 15 provinces and aims, among other things, to perfect the rationality, effectiveness and operability of the rules, standards, classification procedures and grading for industrial internet cybersecurity.
In August 2020 the State Cryptography Administration released the Regulations for the Administration of Commercial Cryptography (Draft for Comment). The draft regulations provide that the import of commercial cryptography products on the Commercial Encryption Import Licence List and the export of commercial cryptography products on the Commercial Encryption Export Control List should be subject to the import and export licence for dual-use items issued by the State Council.
In August 2020 the Ministry of Commerce issued the Master Plan for Comprehensively Deepening the Pilot Programme on the Innovative Development of Trade in Services. The plan covers 28 provinces and municipalities directly under the central government, including Beijing, Tianjin and Shanghai. The pilot programme, which concerns cross-border data transfer security management, will run for three years.
In 2020 the Ministry of Industry and Information Technology issued the Guidelines on the Construction of a Data Security Standards System in the Telecoms and Internet Industries for public comment. According to the draft guidelines, the data security standards system for telecoms and internet industries comprises four categories: basic and general standards, critical technology standards, security management standards and critical field standards.
In August 2020 the National Information Security Standardisation Technical Committee issued the Information Security Technology – Method for Evaluating the Security Protection Capabilities of Critical Information Infrastructure (Draft for Comment) for public comment. According to the draft method, the evaluation of the security protection capabilities of critical information infrastructure will focus on capability domain level, graded protection and cryptography.
In August 2020 the National Information Security Standardisation Technical Committee released the Information Security Technology – Method of Boundary Identification for Critical Information Infrastructure (Draft for Comment) for public opinion. The draft provides six factors that should be considered when identifying the boundaries of critical information infrastructure: critical business, network facilities, information systems, critical business information, critical business information flows and basic operation environments.
The Standardisation Administration and four other government departments recently issued the Guide to the Building of a National Standard Framework for New Generation Artificial Intelligence. The guide requires that the top-level design of AI standardisation should be clarified by 2021 when more than 20 key standards in key general technologies, technologies in key fields and ethics have been preliminarily researched.
In August 2020 the Ministry of Industry and Information Technology and five other government agencies issued the Circular on Organising and Implementing the Recommendation of National Green Data Centres. According to the circular, all regions will recommend a batch of well-managed and representative data centres featuring high-energy efficiency and advanced technology in major application fields in accordance with the Evaluation Indicator System for Green Data Centres.
The consultation period for the Information Security Technology – Security Requirements for the Supply Chain of Information Technology Products (Draft for Comment) recently ended. The requirements, as a recommended national standard, will apply to the security management activities of the IT product supply chain for government information systems and critical information infrastructure. They will also provide a reference for the supply chain security management activities of other information systems.
The Secretariat of National Information Security Standardisation Technical Committee recently released the Practical Guide to Cybersecurity Standards – Self-Assessment Guidelines for Apps to Collect and Use Personal Information to guide app operators to carry out self-assessments. The guidelines provide 28 self-assessment items.
In order to effectively strengthen the protection of users' personal information, the Ministry of Industry and Information Technology issued the Notice on Carrying out the Special Campaign to Promote Governance on Apps that Infringe Upon Users' Rights and Interests, requiring that a national app testing platform management system be launched before the end of August 2020. The testing platform management system is expected to complete testing for 400,000 mainstream apps before 10 December 2020.
The Supreme People's Court and the National Development and Reform Commission recently issued the Opinions on Providing Judicial Services and Supports to Accelerate the Improvement of the Socialist Market Economy System in the New Era. Among other things, the opinions emphasise that the state should strengthen the protection of data rights and personal information security.
The Ministry of Industry and Information Technology (MIIT) recently instructed third-party testing agencies to examine certain mobile apps and issued the Second and Third Batches of Apps that Infringe Upon Users' Rights and Interests, requiring operators of said apps to make rectifications. Numerous apps did not complete their rectifications before the designated timelines. As a result, the MIIT may impose fines.
China Central Television's 3.15 programme recently exposed that third-party software development kit plug-ins for mobile phones were collecting and using users' personal information. In response, the Ministry of Industry and Information Technology immediately asked the relevant entities to investigate the enterprises involved in accordance with the law.
The Justice Bureau of Shenzhen Municipality recently issued the Data Regulations of Shenzhen Special Economic Zone for public opinion. The draft regulations define the concept of 'data rights' for the first time and set out the ownership of personal and public data. According to the draft regulations, no organisation or individual may infringe on natural persons' data rights in accordance with the law.
The General Office of the State Council recently issued the 2020 Legislative Plan, which includes several laws applicable to the cybersecurity sector, such as the Regulations on Network Protection of Minors and the Regulations on the Security Protection of Critical Information Infrastructure.
Foreign insurers cannot directly sell insurance products in China unless they have successfully established a joint venture or wholly foreign-owned enterprise (WFOE) insurer in mainland China. In light of Shenzhen's recent pilots and reforms, it is now the most favourable destination for foreign insurers seeking to establish a WFOE in mainland China.