The basis for the Multi-Level Protection Scheme (MLPS) can be found in Article 21 of the 2017 Cybersecurity Law of the People’s Republic of China which requires “network operators” to follow the MLPS certification process “to ensure that the network is free from interference, disruption or unauthorized access, and prevent network data from being disclosed, stolen or tampered”.
The release of the draft Regulation on the Cybersecurity Multi-level Protection Scheme by the Ministry of Public Security in June 2018 and of three new MLPS-related standards by the State Administration for Market Regulation in May 2019 began an era of greater regulatory requirements and enforcement referred to as MLPS 2.0.
MLPS 2.0 requires all companies that operate any type of network in China (broadly defined to include most types of software, websites and online platforms) to undergo an assessment of each network that they operate in China. Network operators are required to implement security features at different levels according to the level of harm that would be caused if the network was damaged or the data contained within it were to be lost, leaked, or stolen:
Level 1: Damage to the network will cause harm to the legitimate rights and interests of the Chinese citizens, legal persons and other organizations concerned, but not to national security, social order or public interest on a general level.
Level 2: Damage to the network will cause serious harm to the legitimate rights and interests of the Chinese citizens, legal persons and other organizations concerned, or cause harm to social order and the public interest, but not to national security.
Level 3: Damage to the network will cause particularly serious damage to the legitimate rights and interests of the Chinese citizens, legal persons and other organizations concerned, or cause serious harm to social order and the public interest, or cause harm to national security.
AppInChina provides a service to apply for and maintain MLPS Filings for international companies in China. We aim to interpret all relevant laws and regulations as conservatively as possible to ensure that every network we work on achieves full legal compliance.
Our service proceeds along the following stages:
Completion of MLPS Filing Level 1 usually takes 1 to 2 months, with Levels 2 and 3 taking between 3 to 6 months. However, this timeline is dependent on the scale and complexity of the network and the response times of each client. For more details, contact us here.