CHINA Law and Practice Contributed by: Alan Zhou, Charlene Huang, Jenny Chen and Stephanie Wang, Global Law Office
safeguarding national security and public inter- est. In terms of the industry-specific regulations, the Measures for the Review of Sci-tech Ethics (for Trial Implementation), effective as of 1 December 2023, specify that the entities engaged in the life sciences, medicine, AI and other scitech activi- ties will set up a scitech ethics (review) commit- tee if their research involves sensitive fields of scitech ethics. In addition, in December 2024, the General Office of the State Council issued the Opinions on Comprehensively Deepening the Reform of Drug and Medical Device Regu- lation and Promoting the High-Quality Devel- opment of the Pharmaceutical Industry. The Opinions encourage the optimisation of the medical device standard system and support the research and establishment of standardisa- tion technology organisations for cutting-edge medical devices, such as AI and medical robots. Elsewhere, according to the 2025 Legislative Work Plan of the Standing Committee of the National People’s Congress, the legislative pro- jects on governing online illegal activities and the healthy development of AI are at a preparatory stage. Cybersecurity and Data Protection In an on-premises or local computing environ- ment, healthcare institutions need to set up and maintain an IT system with a solid foundation for network security and data protection mech- anisms. With reference to the Administrative Measures for Cybersecurity of Healthcare Insti- tutions and a series of policies, guidelines and recommended national standards, healthcare institutions should: • maintain grading mechanisms for both cyber- security and data security;
• enhance the encryption management; • carefully keep a system security log; • carry out periodic cybersecurity monitoring and early warning checks; • establish security incident reporting and response procedures; and • formulate emergency response plans. A series of guiding principles have been for- mulated to address the cybersecurity and data security issues embedded in these devices. For example, in applying for the registration of a con- nected device as a medical device, the NMPA will ask the applicant to submit materials to prove its capability on cybersecurity, in line with the guiding principles. The NMPA also imposes requirements on manufacturers to ensure the data security of medical device software, ie, to ensure the confidentiality, integrity and availabil- ity of the health data in the software. 2.4 Technical Standards No information has been provided in this juris- diction. 2.5 Issue-Specific Legal Framework No information has been provided in this juris- diction. 2.6 Sufficiency of Legislative Framework No information has been provided in this juris- diction. 3. Regulatory Oversight 3.1 Oversight of Digital Healthcare Various health regulatory authorities are involved in regulating digital healthcare technologies. They include the following national authorities (and their subordinate branches as applicable).
28
CHAMBERS.COM
Powered by FlippingBook