Professional Documents
Culture Documents
New China Cybersecurity Guidelines For Registration of Networked Medical Devices - Insight - Baker McKenzie
New China Cybersecurity Guidelines For Registration of Networked Medical Devices - Insight - Baker McKenzie
23 March 2017
Share u F g O Contact
attack can cause the malfunction of a device resulting in the Fung (Simon) Hui
injury or death of patients. Medical device companies are Partner
We use
therefore cookies on
expected toour
pay attention to these issues throughout Shanghai
website.life
the product To learn
cyclemore
to ensure proper cybersecurity protection
about how we use cookies
for their networked products.
and how to change your y + 86 21 6105 5996 g
cookies settings if you do Email
When applying to register networked medical devices with the
not want cookies on your
CFDA, the CFDA Guidelines require applicant companies to conduct
computer, please see our
a self-assessment of the relevant cybersecurity protection
Privacy and Cookies
standards or measures.
Statement. Applicants need to be aware that while
By continuing
Regions
the CFDA
to useGuidelines do not express the cybersecurity protection
this site you
consent
standards astomandatory
our use of obligations, failure to meet the
cookies in accordance
I Asia Pacific
requirements may potentially cause delay on product
with our Privacy and
registrations. In practical terms, this can have an impact on the
Cookies Statement.
success and timing of the rollout of new medical device products.
VIEW STATEMENT Countries
What are the highlights?
I China
By way of background, the CSL was introduced on 7 November
2016 and takes effect on 1 June 2017. The CSL imposes obligations
on network operators to formulate internal security management Offices
systems for cybersecurity protection and take measures to
protect important data, among other things. Failure to comply I Beijing
with the CSL may result in various penalties including the
imposition of fines on directly responsible personnel. I Hong Kong
The CFDA Guidelines, which were issued on 20 January 2017, aim to I Shanghai
implement the CSL in the administration of medical devices in
China. The key features of the CFDA Guidelines include:
Professionals
1. Non-mandatory principles. The CFDA Guidelines do
not specify mandatory requirements for registration. I Mini vandePol
When registering medical device products, the
applicant may conduct a self-assessment on whether I Fung (Simon) Hui
some measures proposed under the CFDA Guidelines
should apply. If not, the applicant may elaborate the
https://www.bakermckenzie.com/en/insight/publications/2017/03/new-china-cybersecurity-guidelines 2/5
8/22/2018 New China Cybersecurity Guidelines for Registration of Networked Medical Devices | Insight | Baker McKenzie
consider:
We usea.cookies
Data:onthe
ourdata on the Qualified Devices can be
website.categorized
To learn moreas personal data and equipment data.
Different
about how we useprotection
cookies measures should be adopted
and how to change your
depending on the type of data and the transmission
cookies settings if you do
method. Personal data usually warrants enhanced
not want cookies on your
protection and relevant personal privacy protection
computer, please see our
rulesCookies
Privacy and should be followed.
b. Technology:
Statement. By continuingdifferent cybersecurity protection
technology
to use this site you can be utilized. The applicant may follow
consentvarious
to our use of
international and national standards to build
cookies in accordance
up their cybersecurity protection capability.
with our Privacy and
c. Off-the-shelf software: the applicant is expected
Cookies Statement.
to pay close attention to the cybersecurity risks
VIEW STATEMENT
associated with off-the-shell software and adopt
relevant maintenance procedures, as well as notify
users of relevant information in a timely manner.
Actions to consider
The CFDA Guidelines and CSL are good reminders for businesses to
assess cybersecurity risk issues connected to the use and function
of their networks and products. Similarly, companies should
continue to be vigilant on the collection and protection of
personal data, and ensure that they comply with the relevant
data privacy laws.
https://www.bakermckenzie.com/en/insight/publications/2017/03/new-china-cybersecurity-guidelines 4/5
8/22/2018 New China Cybersecurity Guidelines for Registration of Networked Medical Devices | Insight | Baker McKenzie
VIEW STATEMENT
https://www.bakermckenzie.com/en/insight/publications/2017/03/new-china-cybersecurity-guidelines 5/5