In order to implement the “Guiding Opinions of the General Offices of 15 Departments Including the Ministry of Industry and Information Technology on Promoting Compliance Awareness and Strengthening Compliance Management among Small and Medium-sized Enterprises” and ensure that the compilation of network and data security compliance guidelines for small and medium-sized enterprises is in line with policy directions and meets the actual needs of small and medium-sized enterprises, an expert review meeting on network and data security compliance guidelines for small and medium-sized enterprises was recently held in Beijing. Wang Fei, senior partner at King&Capital Law Firm in Beijing, was invited to attend the meeting.

Leaders from the SME Bureau of the Ministry of Industry and Information Technology, staff from the China SME Development Promotion Center, and experts from various fields, including the Industry Security Center of the Sixth Research Institute of China Electronics Technology Group Corporation, the School of Software and Microelectronics at Peking University, the Computer Network Attack and Defense Research Institute at Beijing Institute of Technology, the National Industrial Information Security Development Research Center, the Institute of Information Engineering at the Chinese Academy of Sciences, and the Cybersecurity Research Institute of the China Cyberspace Research Institute, attended the meeting and engaged in in-depth discussions on effective pathways for SME network and data security compliance construction.

At the meeting, the Director of the Comprehensive Planning Department of the China SME Development Promotion Center introduced the background and requirements of the work, emphasizing the supportive role of the guidelines for enterprise development. The China Software Testing and Evaluation Center reported on the compilation of the guidelines, presenting the framework, content, challenges, and responses to feedback from government departments, laying the foundation for subsequent discussions.

During the Q&A session, experts discussed the guidelines' applicability, risk coverage, and the standardization of clauses from academic, practical, and legal perspectives. Among them, Wang Fei, a senior partner at our firm, provided targeted suggestions from a legal perspective on the document's framework and the arrangement of content related to legal matters, which were acknowledged and adopted.

Following the discussion, the expert panel affirmed the preliminary achievements, identified optimization directions, and signed written recommendations. This consultation meeting brought together the wisdom of multiple parties, injecting professional expertise into the development of the guidelines. Relevant departments will continue to promote the implementation of the SME Cybersecurity and Data Protection Compliance Guidelines, ensuring a secure and compliant development path for SMEs.

Translated with DeepL.com (free version)