Concerned about recent PAN-OS and other firewall/VPN CVEs? Take advantage of Zscaler’s special offer today
Read more

Zscaler FAQ on Compliance with Laws and Regulations In China

Last updated March 1, 2024

0

Disclaimer: Please note that the following FAQ is provided under the recognition that Zscaler cannot be held liable to fulfill individual users' responsibilities under Chinese laws and regulations.

How does Zscaler ensure that its China Premium Access and China Premium Access Plus services are compliant with Chinese regulations? 

  • China Premium Access is based on our Chinese technology partners’ IP backbone which passes all domestically and internationally bound traffic through the Great Firewall. Our technology partners have registered on Zscaler’s behalf all IP addresses assigned to the China Premium Access service under China’s Internet Content Provider (ICP) scheme.
     
  • China Premium Access Plus connections feature a dedicated cross-border private link which is registered by our Chinese technology partner with the relevant Chinese government agencies via the three main Chinese telecom companies (China Telecom, China Unicom, and China Mobile). The Chinese Ministry of Industry and Information Technology (MIIT) accepts the use of VPNs for cross-border communications and connections to outside of mainland China for business use, however it is the responsibility of the customer to ensure that no illegal activities are conducted on these links.
     
  • Please see the dedicated site for more information about the Zscaler China Premium Access and China Premium Access Plus services.
     

Is Zscaler certified under the Chinese Multi-Level Protection Scheme (MLPS)?

  • No, Zscaler is not required to be certified under this scheme as it is mainly intended for vendors that provide information systems and content distribution networks in China.

Does Zscaler comply with the China Personal Information Protection Law (PIPL)?

Does Zscaler have an ICP license under the Chinese MIIT's certification scheme?

  • Zscaler is not currently required to obtain an ICP license as our technology partners have obtained the ICP licenses on our behalf. Further, Zscaler's technology partners have made the necessary filings with MIIT for each of the Zscaler clouds that allow them to be used in China while complying with MIIT's requirements. For a full list of licenses/certifications and the filings for Zscaler Clouds that our technology partners possess, please request it using our report request form.

How is Zscaler addressing certification under the Catalog of Network Security Products issued by the Cybersecurity Administration of China (CAC)?

  • Zscaler is aware of the new Catalog of Network Security Products that was issued by the CAC and made effective on July 3, 2023 (the “Catalog”). The Catalog will replace the old catalog issued by the same regulators in 2017 to work under the new network security product certification/testing regime stipulated under the China Cybersecurity Law.
     
  • Zscaler is reviewing the applicability of this Catalog to its products and services. However, at this time, the CAC has not made any updates in implementing the network product security certification/testing rules, including the ability for companies like Zscaler to file for any such license. Zscaler will continue to monitor any developments with our outside counsel in China.
     

For further information on how Zscaler is addressing legal and compliance requirements in the People’s Republic of China, please see the following resources:

If your question is not answered above, please contact your Zscaler sales representative for further details.