Follow us on
Member Login
sign out
Call for Comments: Management Measures on Railway Information Infrastructure in China-JUL, 2023
#Complianceby ED01
Uploading Date: 2023-08-09 10:35:14

On July 18, 2023, the National Railway Administration of China (NRA) issued the draft of Administrative Measures of Railway Critical Information Infrastructure Security Protection (hereinafter referred to as “the Administrative Measures”) to call for public comments. The call-for-comment period will close on August 17, 2023.

The Administrative Measures is formulated in accordance with laws and regulations including but not limited in the Cybersecurity Law of the People's Republic of China, and the Regulation on Protecting the Security of Critical Information Infrastructure. It applied to the security protection, supervision, and management of railway critical information infrastructure. Specifically, it regulates the “railway critical information infrastructure” as “the important network facilities and information systems in the field of railway that may seriously endanger national security, national economy and people's livelihood and public interests once they are damaged, their functions are lost, or any data is leaked”.

The main contents of the draft include identification of railway critical information infrastructure, operator’s responsibilities, supervision and guarantee measures and legal obligations.

·   NRA will identify the critical infrastructure in accordance with identification rules and notify the operators of such infrastructure in time.

·  The identification would mainly consider: the importance of network facilities, information systems, etc. to the key core business of the railway; the extent of harm that may be caused by the damage, loss of function or data leakage of network facilities and information systems; the correlation effect on other industries and sectors.

·  All critical data and personal information collected should be stored within China. If cross-border transfer is needed for such information, then a security review should be applied in accordance with relevant China’s laws and regulations.

If you need the full text translation of this document draft or have any question on the topic, please contact contact@bestao-consulting.com


Follow us on:
Email: