On 29 June 2018, the PRC Ministry of Commerce promulgated the Decision on Revising the Interim Administrative Measures for the Record-filing of the Incorporation and Change of Foreign-invested Enterprises ("Revised Measures"), which took effect from 30 June 2018.
With the Revised Measures becoming effective, China will implement the "One Window, One Form (单一窗口、单一表格)" policy on a nationwide basis with respect to foreign-invested companies in China which are not subject to special administrative measures. Pursuant to the Revised Measures, the information on the record-filing of the incorporation or change (as a result of merger, acquisition or other means of combination where a non-foreign-funded enterprise reverts to a foreign-invested enterprise) of the foreign-invested enterprise shall be submitted online by the representative designated by all investors (or the board of directors of the foreign-invested stock company limited by shares) or the agent jointly entrusted by them when going through formalities for incorporation or change with the Industrial and Commercial Market Supervision and Administration Departments, if such information is within the record-filing scope as prescribed in the Interim Administrative Measures.
In addition, after obtaining the record-filing information from the Industrial and Commercial Market Supervision and Administration Departments, the record-filing institution shall start to process formalities for the record-filing and also inform the investors simultaneously.
The Revised Measures had deleted paragraph 1 and 3 of Article 7 to cancel the recordation formalities when a foreign investor makes strategic investment in a non-foreign-funded listed company.
The PRC National Information Security Standardization Technical Committee ("NISSTC") is seeking opinion from the public on national standards titled "Information Security Technology - Security Impact Assessment Guide of Personal Information (Draft for Comment)" ("Draft Guide"). The Draft Guide is divided into 6 chapters, and expounds on the theory and framework of the personal information security impact assessment, assessment procedures, and the specific ways of making an assessment. The informative annexes to the Draft Guide set out the judgement criteria (Annex A) and the implemental tables (Annex B) for such assessment.
According to the Draft Guide, personal information security impact assessment is a significant part of risk management for the personal information controllers. In general, the personal information controllers shall implement the personal information impact assessment before collecting and processing such personal information so as to clarify the boundary of personal information protection, and take appropriate safety control measures based on the results of the assessment to reduce the impact of individuals' rights when collecting or processing their personal information. With respect to the assessment bodies, the Draft Guide lists that in general, the assessment on the personal information impact regarding the processes, information systems or procedures shall be conducted by the security department of the organizations, or by the customers' organizations or non-government organizations. The personal information security impact assessment shall be conducted by the various organizations on their own.
The Draft Guide focuses on the activities of processing the personal information to assess the possible impact and risks caused by these activities on the individuals' rights and interests. The impact and risks include the influence on an individual's right of self-decision, the risk of discriminatory treatment, the risk of harm to personal reputation or suffering from mental pressure, and the risk of damage to personal property or personal injuries.
The public consultation runs from 11 June 2018 to 25 July 2018.