We use cookies to deliver our online services. Details of the cookies we use and instructions on how to disable them are set out in our Cookies Policy. By using this website you agree to our use of cookies. To close this message click close.

New cyber security rules proposed for the Chinese insurance industry

04 November 2015
China's insurance regulator has issued new insurance-industry technology use rules in draft form (Supervisory Rules for Adoption of Information Technology by Insurance Institutions) to replace earlier rules issued in 2009 and which build on guidelines issued in 2011.
New cyber security rules proposed for the Chinese insurance industry

The new draft rules come in the wake of a substantial new body of laws and draft rules in the cyber security arena in China.  As may be anticipated, the draft rules carry forward some of the more invasive aspects of China's emerging cyber security regime, such as adoption of "secure and controllable" technology, data localisation requirements, and adoption of products and systems employing domestic encryption methods.

Other new features of the draft rules focus on increased IT governance and risk assessments, including increased involvement of the board of directors, appointment of a chief information officer, value and risk assessments for cloud services and external audits of technology functions.

The draft rules may see revisions during the course of their review and would not be expected to be officially adopted, if adopted, until at least mid to late 2016.

To read the full alert, please click here

Loading data