Regulators in China are defining new rules to ensure tech companies comply with mandates over what is deemed as “critical information infrastructure.” The State Council’s new set of regulations, which was released on Tuesday, will come into effect on the first day of September.
The regulations define critical information infrastructure as “the central nervous system of economic and social operations, and it is the top priority of network security,” referring to fields that may “endanger national security and public interest” if they are damaged or if there are severe data breaches.
The business sectors in question include public communications and information services, energy, transportation, water conservancy, finance, public services, e-government, and national defense.
The rules also mandate internet operators to “set up security management institutions, beef up security protection capabilities, and formulate emergency plans.” The enterprises’ cybersecurity teams must constantly conduct internal reviews and report any data leakage incidents or security threats to the government, according to the State Council’s proclamation.
China enacted cybersecurity legislation in 2017 to define control over personal and proprietary data. The new rules take this a step further to define the types of data that are of particular interest to the Chinese government.
The latest slew of regulatory measures could determine how internet companies will collect, store, and use data. This could lead to drastic changes for companies such as Tencent and Baidu, which garner large proportions of revenue from targeted and personalized advertisements.
Tencent posted solid second-quarter growth during its earnings release on Wednesday, but signaled uncertainties due to regulatory changes hanging over the tech sector. Tencent president Martin Lau said during Wednesday’s earnings call, “The regulations [on data] have been quite loose over the internet industry. There will be uncertainties in the short-term future, as we expect more regulations should be coming, but we are confident that we will be fully compliant.”
On the same day, the State Administration for Market Regulation issued a set of draft regulations banning unfair competition and restricting the processing of user data. In particular, e-commerce companies are at the center of the regulation scope. It will also come into effect on September 1.