Cyberspace Administration of China: Important data network data processors should conduct a risk assessment annually.

On December 6, the State Internet Information Office openly solicited opinions on the "Network Data Security Risk Assessment Measures (Draft for Solicitation of Comments)." The draft mentions that network data processors handling important data (hereinafter referred to as important data processors) should conduct a risk assessment of their network data processing activities annually. If there is a significant change in the security status of important data that may have a detrimental impact on data security, a risk assessment should be promptly conducted on the changed part and its impact. The text mentions the measures for network data security risk assessment, specifying the activities related to risk identification, risk analysis, and risk evaluation of network data and network data processing activities for the purpose of regulating network data security risk assessment activities, safeguarding network data security, promoting the lawful and effective use of network data, based on laws and regulations such as the Data Security Law of the People's Republic of China, the Cybersecurity Law of the People's Republic of China, and the Regulation on Network Data Security Management. It states that the State Internet Information Department, under the guidance of the National Data Security Work Coordination Mechanism, should coordinate the risk assessments carried out by various regions and departments, strengthen work coordination, and promote information sharing.