China’s Ministry of Industry and Information Technology (MIIT) has introduced a comprehensive plan aimed at bolstering data security in the country’s industrial sector and effectively mitigating “major risks” by the conclusion of 2026. The unveiling of this plan comes amid heightened concerns about cybersecurity, with China and the United States frequently accusing each other of cyberattacks and industrial espionage.
The plan, detailed on MIIT’s website, addresses various risk scenarios, including ransomware attacks, vulnerability backdoors, illegal operations, and uncontrolled remote maintenance. The strategy emphasizes self-examination, self-correction, and the implementation of precise management and protective measures to enhance data security.
To achieve these objectives, protective measures, such as emergency drills simulating ransomware attacks, are mandated for over 45,000 companies in China’s industrial sector by the end of 2026. These companies include at least the top 10% in terms of revenue in each Chinese province. Additionally, the plan aims to conduct 30,000 data security training sessions and nurture 5,000 data security professionals within the same timeframe.
China has been intensifying regulations over the storage and transfer of user data by its companies, citing national security concerns. Recent instances include the $1.2 billion fine imposed on Chinese ride-hailing giant Didi in July 2022 for data-security breaches. The Ministry of State Security cautioned in December about the use of foreign geographic information software to collect sensitive data in critical sectors, including the military.
In an effort to enhance its responsiveness to data security incidents, MIIT had previously proposed a four-tier classification system in December. The new plan represents a comprehensive approach to address evolving cybersecurity challenges and secure sensitive data in China’s industrial landscape.