First, the “program” that will be rolling is the Cybersecurity Multi-level Protection Scheme (“MLPS 2.0”) and that is set to come into effect on December 1, 2019.
This scheme sets out the technical and organizational controls all companies and individuals in China must follow to comply with MLPS-related Internet security obligations mandated by China’s Cybersecurity Law.
All companies and individuals must abide by the following three standards:
GB/T 22239 – 2019 Information Security Technology – Baseline for Multi-level Protection Scheme
GB/T 25070 – 2019 Information Security Technology – Technical Requirements of Security Design for Multi-level Protection Scheme.
GB/T 28448 – 2019 Information Security Technology – Evaluation Requirements for Multi-level Protection Scheme.