Appendix 1: Introduction to the Cybersecurity Law-Alibaba Gov Cloud-阿里云帮助中心

Key points of the Basic Requirements for the Classified Protection of Cybersecurity

The Cybersecurity Law requires enterprises to fulfill the following obligations:

Obligations: Fulfill security protection obligations in accordance with the Classified Protection of Cybersecurity system. This includes protecting networks from interference, damage, or unauthorized access, and preventing data breaches and tampering.
Responsibilities: Network operators are primarily responsible for the security of user information.
Measures:
- Develop an emergency response plan for network security events. Promptly address security risks, such as system vulnerabilities, computer viruses, network attacks, and network intrusions, and report these events to the relevant authorities as required.
- Strengthen the management of user-published information, promptly remove illegal content, and establish a system for the timely handling of online information complaints and reports.
- Strictly maintain the confidentiality of collected user data and establish a comprehensive user information protection system. Do not illegally collect, provide, obtain, or use user information.
Maintenance: Implement data backup, tamper-proofing, data breach prevention, and disaster recovery measures for important industries, such as public communication and information services, energy, water conservancy, finance, public services, and e-government. Pay special attention to national critical information infrastructure systems.