Policies and Industry Regulations

China's Cybersecurity Law

China's Cybersecurity Law mandates the implementation of a national trusted identity strategy, establishing a trustworthy online identity authentication system as the core of cybersecurity. It supports the research and development of secure, convenient digital identity technologies and promotes mutual recognition across different authentication systems. The law also aims to connect existing online identity systems to build a cross-platform, trusted identity framework.

Classified Protection of Cybersecurity 2.0

Released on May 10, 2019, and effective December 1, 2019, the Classified Protection of Cybersecurity 2.0 standard outlines three core components for identity security: Identity Authentication, Access Control, and Security Auditing.

General Data Protection Regulation (GDPR)

GDPR requires organizations to obtain explicit consent from individuals before using their personal data, with individuals retaining the right to withdraw consent at any time. It mandates that companies map their personal data assets and provide users with a single point of access to correct their information. Additionally, user data must be portable, allowing for transfer from one organization to another upon the user's request.

Payment Services Directive 2 (PSD2)

PSD2 empowers consumers by opening up specific payment functionalities. It imposes extensive security requirements across all layers, including users, endpoints, edges, and frameworks, with a foundational architecture built on confidentiality, integrity, and availability (CIA) and encryption. PSD2 also mandates risk analysis as a critical verification step, assessing factors such as physical location, IP address, time of day, device ID, device fingerprint, and user attributes.

‍