CSRC Seeks Public Comments on Measures for the Cybersecurity in Securities and Futures Industry

On April 29, 2022, the China Securities Regulatory Commission (“CSRC”) Seeks Public Comments on “Measures for the Cybersecurity in Securities and Futures Industry” (“Measures”). The Measures aims to urge core institutions, operating institutions, and information technology service institutions to establish and improve cybersecurity management systems and mechanisms. The main revisions are as follows:

1. It is required to have a sound governance structure, strengthen management responsibilities, designate leading departments, and ensure resource input.

2. Put forward basic requirements for information systems and related infrastructure, and clarify the obligations of hierarchical protection.

3. Prudently carry out system creation, modification and removal, timely fulfill investor notification obligations, and strengthen daily monitoring.

4. Clarify the relevant requirements for information system backup capabilities, and put forward requirements for normalization of stress tests.

5. Put forward regulatory requirements in terms of system, staffing, compliance and safety, etc.

6. Strengthen the access, evaluation and improvement requirements of purchased products and services, enhance independent research and development and safety and controllability, and strengthen intellectual property protection.

In terms of overall data security management, The Measures：

1. Clarify the specific requirements of the securities and futures industry in terms of institutional mechanisms, organizational structure, industry data standards, authority management, quality assessment, and prevention of leakage and damage.

2. Further emphasis is placed on data classification, personal information protection, and standardized information release.

3. Reserve institutional space for the establishment of a strategic backup data center for the securities and futures industry, and improve the industry's extreme disaster response capabilities.