China said on Wednesday it will create a national data repository for information on cyber attacks and require telecom firms, internet companies and domain name providers to report threats to it.
The Ministry of Industry and Information Technology (MIIT) said companies and telcos as well as government bodies must share information on incidents including Trojan malware, hardware vulnerabilities, and content linked to “malicious” IP addresses to the new platform.
An MIIT policy note also said that the ministry, which is creating the platform, will be liable for disposing of threats under the new rules, which will take effect on Jan. 1.
Companies and network providers that fail to follow the rules will be subject to “warnings, fines and other administrative penalties”, it said, without giving any details.
The law is the latest in a series of moves by Chinese authorities designed to guard core infrastructure and private enterprises against large-scale cyber attacks.
In June, China’s cyber watchdog formalised a nationwide cyber emergency response plan, which included the construction of a central response system and mandated punitive measures for government units that failed to safeguard the system.
Earlier this year, the same ministry introduced rules requiring state telecommunications firms to take a more active role in removing VPNs and other tools used to subvert China’s so-called Great Firewall.
