· 8 min read · china-it · By Ben Fox
China's MLPS 2.0 Explained: Cybersecurity Grading for Foreign Companies
China's Multi-Level Protection Scheme (MLPS 2.0): the five levels, who must file, how grading and assessment work, and what it means for foreign companies' China IT.
MLPS — China’s Multi-Level Protection Scheme (等级保护) — is the mandatory framework under which every network and information system operated in Mainland China must be graded from Level 1 to 5, secured to the standard of its level, and (from Level 2 up) filed with the police and independently assessed. It applies to foreign-owned companies exactly as it does to Chinese ones: if your China subsidiary runs an office network, a server, or a customer-facing app in the Mainland, MLPS applies to it. This guide explains the levels, the process and the practical reality for foreign SMEs in 2026.
MLPS sits under the Cybersecurity Law (Article 21) and is enforced by the Ministry of Public Security (MPS) through local Public Security Bureaus — a different regulator from the CAC, which runs the cross-border data transfer regime. The two are separate obligations; complying with one does not cover the other.
Not legal advice — and MLPS implementation details vary by province. Use this as orientation, then engage a licensed local assessor for your specific systems.
Where MLPS came from
The scheme has existed since the 2000s, but the current version — MLPS 2.0, in force since December 2019 — rebuilt it on the Cybersecurity Law and extended it beyond traditional networks to cloud computing, mobile internet, big data platforms, IoT and industrial control systems. The 2.0 reform plus the steady rise in enforcement since then transformed MLPS from a paper requirement into one of the first compliance questions any China IT deployment must answer. The amended Cybersecurity Law effective January 2026 raised the penalty ceiling for security-obligation failures — including MLPS-related ones — and let regulators fine without a prior warning, which has sharpened attention further.
The five levels
A system’s level reflects the harm a compromise would cause — to individuals, organisations, social order or national security:
| Level | Harm if compromised | Typical systems | Obligations |
|---|---|---|---|
| 1 | Minor harm to individuals/organisations only | Small internal office systems | Self-protection to baseline standards; no filing |
| 2 | Harm to individuals/organisations; minor social impact | Ordinary business systems, typical corporate apps and websites | File with local PSB + independent assessment (renewed roughly every two years) |
| 3 | Serious social impact or harm to national interests | Systems serving large user bases; finance, health, energy platforms; most significant consumer-facing services | Filing + annual independent assessment; substantially stricter controls |
| 4 | Especially serious social harm / national security impact | Critical infrastructure-grade systems | Heavy oversight; rare for commercial firms |
| 5 | Extreme national security impact | Reserved for state systems | Not commercially relevant |
The centre of gravity for foreign businesses: a small office network is Level 1 or 2; a meaningful customer-facing system is Level 2 or 3. Anything processing large volumes of personal information or serving the public at scale tends toward Level 3 — with its annual assessment cycle.
The process
- Grade the system. The operator self-assesses the level, based on the impact analysis above. For Level 2 and above, expert review of the grading is part of the process. You grade systems, not the company — a WFOE might have a Level 1 office network and a Level 2 e-commerce backend.
- File with the local PSB. Level 2+ systems are registered with the district Public Security Bureau, normally within 30 days of grading (draft rule changes have signalled tighter windows).
- Implement the controls for your level. The GB/T baseline standards specify them — covering network security, access control, logging (the CSL’s six-month log-retention rule bites here), encryption, physical security, security management and personnel.
- Independent assessment. Level 2+ systems are tested by a licensed Chinese assessment firm; a score of 75/100 is the pass mark. The assessor’s report supports the PSB filing.
- Maintain. Level 3 systems are reassessed annually; Level 2 typically every two years. Material system changes re-open the grading question.
Realistic timelines: a Level 1 self-assessment is quick; a Level 2 filing-and-assessment cycle commonly runs 3–6 months end to end; Level 3 is a sustained programme, not a project.
The cloud question
A frequent misunderstanding: “we’re on Alibaba Cloud / Azure China, so MLPS is handled.” It isn’t. China’s major cloud platforms hold high-level MLPS certifications for the platform layer, which makes your life easier — but your systems running on that cloud still need their own grading, filing and assessment. The platform certificate covers their infrastructure; the tenant system is yours. (The same shared-responsibility logic applies to Microsoft 365 operated by 21Vianet.)
What it looks like for a typical foreign SME
For a representative foreign company — a WFOE with a 30-person Shanghai office, file/print and Wi-Fi, a China website, and a modest customer database:
- Office network: Level 1 in most cases; Level 2 if it carries systems whose compromise would meaningfully harm third parties. Baseline hardening either way — firewalls, access control, logging, endpoint protection — which is simply good practice you should have anyway.
- The China website (hosted in the Mainland under your ICP filing): usually Level 2 → PSB filing + assessment.
- A customer-facing app with significant personal information: likely Level 3 → annual assessments, stricter controls, real ongoing cost. This is worth knowing before you commit to the architecture — sometimes keeping a system outside the Mainland (with the cross-border rules handled properly) is the cheaper total answer.
Budget honestly for the recurring piece: assessor fees, remediation work, and someone who owns the relationship with the assessor and the PSB — typically your China IT partner.
MLPS, PIPL and the rest of the alphabet
MLPS is one pillar of a three-part regime, and they check different things:
- MLPS (MPS/PSB): is the system itself secured to the right grade?
- PIPL + the transfer rules (CAC): is personal information handled and exported lawfully? — see the PIPL guide and transfer rules.
- DSL: is data classified, and “important data” protected?
An inspection can come from either regulator. The good news: a properly built IT environment — segmented network, managed identities, logging, encryption, documented policies — carries most of the technical weight for all three at once.
MLPS 2.0 FAQs
Does MLPS apply to foreign companies in China?
Yes, fully. MLPS applies to any organisation operating networks or information systems in Mainland China, regardless of ownership. A foreign-owned subsidiary’s office network, Mainland-hosted website and locally deployed applications all fall in scope. The obligations attach to the systems’ grading level, with Level 2 and above requiring filing with the local Public Security Bureau and independent assessment.
What MLPS level will my company’s systems be?
Most foreign SMEs land at Level 1 or 2: a small internal office network is typically Level 1, while ordinary business systems and Mainland-hosted corporate websites are typically Level 2. Systems serving large user bases or processing significant volumes of personal information — meaningful consumer-facing platforms, finance or health systems — tend to be Level 3, which brings annual assessments and substantially stricter controls.
How long does an MLPS Level 2 filing take?
Plan for three to six months end to end: grading the system, implementing any missing controls, the independent assessment by a licensed Chinese firm (75/100 is the pass mark), and the filing with the district Public Security Bureau. The timeline depends heavily on how far your existing security baseline is from the standard and on local PSB practice, which varies by city.
We use Alibaba Cloud — is MLPS already covered?
No. The major Chinese cloud platforms hold MLPS certifications for their infrastructure layer, which simplifies your assessment, but the systems you run on that cloud still need their own grading, filing and assessment as the tenant. The platform’s certificate is a foundation you build on, not a substitute for your own compliance.
What happens if we ignore MLPS?
Non-compliance with the Cybersecurity Law’s security-protection obligations — of which MLPS is the operational core — risks orders to rectify, fines (raised by the January 2026 CSL amendment, which also removed the warning-first requirement for many violations), and business disruption if an inspection or incident exposes the gap. Enforcement has increased visibly since 2020, and an unfiled Level 2+ system is an easy finding for any inspector.
How PTS helps
PTS builds and runs IT environments in Mainland China that are designed for MLPS from day one — network segmentation, identity, logging, endpoint security and documentation aligned to the grading your systems will face. We coordinate the local assessor and PSB filing through our on-the-ground China team, and we fix the remediation findings rather than just reporting them. If you are bringing China operations into a global IT estate, MLPS is one of the workstreams we run as standard.
If you need help or advice related to this topic please get in touch with us here.
PTS Consulting provides managed IT support, structured cabling, audiovisual design and installation, and IT consultancy services for businesses across Hong Kong, Mainland China and Singapore.
Tags: