Zscaler Services in China - Frequently Asked Questions (FAQs) regarding compliance

Last updated October 15, 2024

NOTE: While this site is designed to address FAQs for Zscaler Services in China, the information contained herein may not be construed as legal advice and organizations should consult with their own legal counsel with respect to interpreting their unique obligations under China’s laws and regulations.

How does Zscaler ensure that its China Premium Access and China Premium Access Plus services are compliant with Chinese regulations? 

  • China Premium Access is based on our Chinese technology partners’ IP backbone which passes all domestically and internationally bound traffic through the Great Firewall. Our technology partners have registered on Zscaler’s behalf all IP addresses assigned to the China Premium Access service under China’s Internet Content Provider (ICP) scheme.
     
  • China Premium Access Plus connections feature a dedicated cross-border private link which is registered by our Chinese technology partner with the relevant Chinese government agencies via the three main Chinese telecom companies (China Telecom, China Unicom, and China Mobile). The Chinese Ministry of Industry and Information Technology (MIIT) accepts the use of VPNs for cross-border communications and connections to outside of mainland China for business use, however it is the responsibility of the end user customer to ensure that they comply with China’s laws and regulations when using the Zscaler Services.
     
  • Please see the dedicated site for more information about the Zscaler China Premium Access and China Premium Access Plus services.
     

Is Zscaler certified under the Chinese Multi-Level Protection Scheme (MLPS)?

  • Zscaler uses data centres providers in China who hold MLPS certifications.  We do not believe that Zscaler is required to be certified under this scheme as it is mainly intended for vendors that provide information systems and content distribution networks in China.

Does Zscaler comply with the China Personal Information Protection Law (PIPL)?

Does Zscaler have an ICP license under the Chinese MIIT's certification scheme?

  • We do not believe that Zscaler is required to obtain an ICP license as our technology partners have obtained the ICP licenses on our behalf. Further, Zscaler's technology partners have made the necessary filings with MIIT for Zscaler's clouds that allow them to be used in China while complying with MIIT's requirements.

How is Zscaler addressing certification under the Catalog of Network Security Products issued by the Cybersecurity Administration of China (CAC)?

  • Zscaler is aware of the new Catalog of Network Security Products that was issued by the CAC and made effective on July 3, 2023 (the “Catalog”). The Catalog will replace the old catalog issued by the same regulators in 2017 to work under the new network security product certification/testing regime stipulated under the China Cybersecurity Law.
     
  • Zscaler continues to review the applicability of this Catalog to its products and services. However, at this time, the CAC has not made any updates in implementing the network product security certification/testing rules, including the ability for companies like Zscaler to file for any such license, and Zscaler believes that the network product security certification/testing requirements are not applicable to Zscaler’s current model of product and service offering to the China market. Zscaler will continue to monitor any developments with our outside counsel in China.
     

For further information on Zscaler services in China, please see the following resources: