Filed under mps
Every brief tagged "mps".
- § 01 · RISK-ASSESSMENT
From Principle to Running System: How the Network Data Security Risk Assessment Measures Operationalize the Data Security Law
On June 18, 2026 the CAC, MIIT and the Ministry of Public Security jointly issued the Measures for Network Data Security Risk Assessment as Order No. 24, effective August 20, 2026. The 25-article rule adds no new substantive duty; it turns the Data Security Law's open-ended 'conduct risk assessment' obligation into an executable, verifiable, trigger-able governance system. DCC reads it as a three-tier standing model plus an event-driven escalation layer: important-data handlers must assess every year (general-data handlers are encouraged to every three), retain the report for three years and submit it within 20 working days; sectoral competent authorities run annual inspection plans filed by end-January; the national cyberspace administration consolidates and cross-shares reports with telecom, public-security and state-security departments; and where a high-risk finding or a breach of important data or large-scale personal information appears, regulators can compel assessment by a certified institution and order the operator to cease processing important data. The four institutional increments over the DSL: an annual mandatory action, networked multi-department supervision, a three-track assessment structure, and dynamic event-triggered oversight.