At the end of November 2019, the new “Cryptography Law” has been approved by the National People’s Congress. The Law will come into force starting from January 1st, 2020.
The first Article sets forth the goals of the new Law: “This Law is enacted in order to regulate the application and administration of cryptography, promoting the development of cryptography undertakings, safeguarding cyber and information security, and protecting the legitimate rights and interests of citizens, legal persons and other organizations”.
Cryptography is the method of protecting information by changing or encrypting it into an unreadable format, so that only those who posses a secret key can decipher it. It is used to secure data in transmission, data storage and user authentication.
Under the new law, cryptography is classified into three categories, namely:
- core cryptography;
- ordinary cryptography;
- commercial cryptography.
Core cryptography and ordinary cryptography shall be used to protect state secrets and are considered as state secrets themselves.
Instead, commercial cryptography can be used by any citizen, legal person or any other organization to protect cybersecurity and information security in accordance with the law.
Moreover, the new Cryptography Law stated that “the State encourages and supports science and technology research and application of cryptography, protects intellectual property rights in this regard according to law, and promotes progress and innovation for science and technology on cryptography”.
Even though the Cryptography Law provides an important regulatory basis, it still needs to clarify other important issues, such as the administrative measures on cryptography for the Chinese People's Liberation Army and the Chinese People's Armed Police Force.
Further implementing Guidelines are expected to be issued in 2020.
The full text of the Cryptography Law can be reviewed at the following link:
http://www.npc.gov.cn/npc/c238/201910/a48b204760ed4d3d856d4440fa723c64.shtml