China proposes to tighten rules on network security in the securities and futures industry
On 29 April 2022, the China Securities Regulatory Commission released the draft Administrative Measures for the Management of Network Security in the Securities and Futures Industry for one-month public consultation. Once implemented, the amended rules will be the first set of industry rules for the securities and futures sector that seek to implement mainland China’s three-pronged cyber framework of the Cybersecurity Law, Data Security Law and Personal Information Protection Law.
The draft measures primarily cover the following seven aspects: (i) network security supervision and management systems, (ii) network security operation, (iii) the overall management of data security (relating to important data, core data and processing and protection of investors’ personal information), (iv) management of network security emergencies, (v) critical information infrastructure network security, (vi) network security promotion and development, and (vii) supervision and sanctions.