The basis for the Multi-Level Protection Scheme (MLPS) can be found in Article 21 of the 2017 Cybersecurity Law of the People’s Republic of China which requires “network operators” to follow the MLPS certification process “to ensure that the network is free from interference, disruption, or unauthorised access and prevent network data from being disclosed, stolen, or tampered”.
The release of the draft Regulation on the Cybersecurity Multi-level Protection Scheme by the Ministry of Public Security in June 2018 and of three new MLPS-related standards by the State Administration for Market Regulation in May 2019 began an era of greater regulatory requirements and enforcement referred to as MLPS 2.0.
MLPS 2.0 requires all companies that operate any type of network in China (broadly defined to include most types of software, websites, and online platforms) to undergo an assessment of each network that they operate in China. Network operators are required to implement security features at different levels according to the level of harm that would be caused if the network was damaged or the data contained within it were to be lost, leaked, or stolen. There are five levels in total:
Level 1: Damage to the network will cause harm to the legitimate rights and interests of the Chinese citizens, legal persons, and other organisations concerned, but not to national security, social order, or public interest on a general level.
Level 2: Damage to the network will cause serious harm to the legitimate rights and interests of the Chinese citizens, legal persons, and other organisations concerned, or cause harm to social order and the public interest, but not to national security.
Level 3: Damage to the network will cause particularly serious damage to the legitimate rights and interests of the Chinese citizens, legal persons, and other organisations concerned, or cause serious harm to social order and the public interest, or cause harm to national security.
Level 4: Damage to the network will cause particularly severe damage to the legitimate rights and interests of the Chinese citizens, legal persons, and other organisations concerned, or cause serious harm to social order and the public interest, or cause harm to national security.
Level 5: Damage to the network will cause particularly severe damage to the legitimate rights and interests of the Chinese citizens, legal persons, and other organisations concerned, or cause severe harm to social order and the public interest, or cause harm to national security.
AppInChina provides a service to apply for and maintain MLPS Filings for international companies in China. We aim to interpret all relevant laws and regulations as conservatively as possible to ensure that every network we work on achieves full legal compliance.
Our service proceeds along the following stages, a simple six-step solution:
Completion of MLPS Filing Level 1 usually takes 1 to 2 months, with Levels 2 and 3 taking between 3 and 6 months. However, this timeline is dependent on the scale and complexity of the network and the response times of each client.
To streamline this process while maximising both time and cost-efficiency, contact us for a free consultation!