The Cybersecurity Law of the People’s Republic of China (hereinafter referred to as the Cybersecurity Law), effective from June 1, 2017, is a basic law that provides the fundamental legal framework and protection required for overall cybersecurity work in China. The Cybersecurity Law clearly stipulates that China implements the Cybersecurity Classified Protection System (CCPS), and uses the CCPS as the foundation for building and protecting critical information infrastructure. The CCPS defines the basic system, strategy, and method for China’s cybersecurity practices, which provides the foundation for promoting the development and protection of information technology, as well as maintaining national security, public order and public interests.

The State Council and the CPC Central Committee have also issued a series of documents mandating the implementation of the CCPS for the protection of basic information network and important information systems related to national security, economy and social stability, building and perfecting a system for cybersecurity protection based on the CCPS. Cybersecurity classified protection, in which security protection measures are determined based on the assessment of potential impact of compromise, is a common practice in the developed countries

to protect the critical information infrastructure and data security.

Through years of practices, the Ministry of Public Security of China, in partnerships with National Administration of State Secrets Protection, State Cryptography Administration, Stateowned Assets Supervision and Administration Commission of the State Council, the National Development and Reform Commission, the Ministry of Finance and the Ministry of Education, have jointly formalized a series of policies as the regulatory framework, and established a series of standards required for governing and assuring the cybersecurity classified protection practices in China.