<!-- Source: https://melinasecurity.com/knowledge/china-compliance/mlps/  License: CC BY 4.0 with attribution to Melina Security  Last-updated: 2026-06-12 -->


China's Multi-Level Protection Scheme — Network Security Classified Protection / 网络安全等级保护 / informally "等保 2.0" — is the foundational cybersecurity-classified-protection regime for information systems operating in mainland China. Established in its modern form by the Cybersecurity Law (2017) and the supporting GB-series standards, MLPS 2.0 is the operational frame within which Chinese cybersecurity expectations are codified.

For overseas commercial systems entering the China market — SaaS products, connected IoT platforms, AI-powered products — MLPS classification is typically a regulatory gating step. Local hosting partners, enterprise customers in regulated sectors, and government-adjacent customers will require MLPS-graded assessment results before integration.

## What MLPS 2.0 is

MLPS 2.0 is a five-grade classification system for information systems, with technical and management requirements escalating at each grade. The classification reflects the potential harm from system compromise:

- **Grade 1** — system compromise would harm legitimate rights of citizens, legal persons, or organizations (typical for low-impact internal systems)
- **Grade 2** — system compromise would seriously harm the above (typical for general commercial systems, customer-facing SaaS)
- **Grade 3** — system compromise would severely harm the above, or harm the public interest (typical for regulated-sector commercial systems, large-volume personal-information processing, important business operations)
- **Grade 4** — system compromise would seriously harm national security or public interest (typically [CII](/knowledge/glossary/cii/)-designated infrastructure)
- **Grade 5** — system compromise would extremely seriously harm national security (rare, reserved for systems whose failure would impair national operation)

For overseas commercial entry, Grade 2 and Grade 3 are the typical classification targets. Grade 4/5 is reserved for CII-designated systems, which are typically operated by Chinese entities directly.

## The grading process

The classification process operates in several stages:

**Step 1: Self-classification.** The system operator proposes a grade based on the system's characteristics, business function, and the harm-from-compromise criteria. This is a documented analysis, not a unilateral declaration.

**Step 2: Expert review.** The proposed classification is reviewed by the relevant industry regulator and (for Grade 3 and above) by an accredited assessor.

**Step 3: Filing with the Public Security Bureau (PSB).** The classified system is registered with the local PSB cybersecurity protection division.

**Step 4: Technical assessment.** Accredited assessors conduct technical assessment against the GB/T 22239 baseline requirements applicable at the proposed grade. The assessment produces a graded report identifying gaps.

**Step 5: Remediation.** The operator remediates identified gaps. Material gaps must be closed before the system can be considered compliant at the proposed grade.

**Step 6: Re-assessment and ongoing operations.** Periodic re-assessment is required — typically annually for Grade 3, with adjusted cadence at other grades.

## Technical baseline — GB/T 22239

GB/T 22239 (Information Security Technology — Baseline for Classified Protection of Cybersecurity) specifies the technical and management requirements at each grade. The technical requirements cover:

- Identification and authentication
- Access control
- Security audit (logging and audit trail)
- Intrusion prevention
- Malicious code protection
- Data integrity
- Data confidentiality
- Data backup and restoration
- Residual-information protection
- Personal-information protection

Management requirements cover security organization, security personnel, security construction management, security operation management, and security event management.

The requirements scale with classification grade — Grade 3 imposes meaningfully stricter requirements than Grade 2 across each control family.

## What MLPS coverage produces

For an overseas company entering the China market, completed MLPS classification produces:

- A graded classification certificate (Grade 2 or Grade 3 typical)
- An accredited-assessor technical report
- PSB filing record
- Documentation that satisfies enterprise customer procurement due diligence
- A baseline for ongoing compliance operations

What it does not produce:

- A compliance status for [PIPL](/knowledge/glossary/pipl/) (personal-information protection) — that's a separate framework with separate requirements
- A compliance status for [DSL](/knowledge/glossary/dsl/) (data security and important-data classification) — separate framework
- [CII](/knowledge/glossary/cii/) designation — CII is determined by sector regulators, not by MLPS classification
- Generative-AI service compliance — covered by separate Generative AI Service Management Measures

For most overseas commercial entries, MLPS, PIPL, and DSL compliance are pursued in parallel rather than sequentially, with shared engineering effort across the overlapping technical-control requirements.

## Operational implications for overseas operators

For overseas companies operating in China, MLPS compliance has structural implications:

- **A Chinese legal entity is typically required** — MLPS classification is issued to the operating entity. Foreign companies typically operate through a Chinese wholly-owned subsidiary (WFOE), joint venture, or hosting partner relationship.
- **Hosting must typically be in mainland China** — for systems classified at Grade 2 or above that handle personal information or sensitive operational data, the operational data is typically stored in mainland-China data centers.
- **The accredited assessor is a Chinese entity** — assessment is performed by Chinese accredited assessors, not by overseas auditors.
- **Annual re-assessment is typical at Grade 3 and above** — MLPS is not a one-time certification; ongoing compliance operations are required.

## Frequently asked questions

### Do I need MLPS classification if my service is hosted overseas and only available to Chinese users through the internet?

The straightforward answer is "it depends on the service category and the volume." Services that provide internet information services to Chinese users typically need ICP filing, and the ICP filing in turn requires hosting in mainland China — which puts the system into the MLPS classification frame.

Services that fall under specific categories (financial services, telecommunication, healthcare, education) face additional sector-regulatory requirements that effectively mandate MLPS classification regardless of hosting location.

For overseas SaaS that does not formally market to Chinese users but is reachable by them, the technical requirement to file is more ambiguous; the operational risk of enforcement action is non-zero.

For specific operational guidance, see [MLPS overseas — does the scheme apply to my SaaS? — FAQ](/knowledge/faq/mlps-overseas-saas/) and consult with China-licensed legal counsel.

### How does MLPS classification interact with ISO 27001 and SOC 2?

The three frameworks address overlapping but distinct objectives. MLPS focuses on Chinese cybersecurity-classified protection with regional regulatory frame. ISO 27001 is an international management-system standard. SOC 2 is a US-anchored attestation focused on AICPA Trust Services Criteria.

The technical controls overlap substantially — access control, audit logging, encryption, incident response are common across all three. The management-system and process-documentation requirements are distinct enough that the three frameworks require parallel-tracked documentation rather than direct reuse.

For SaaS companies operating in China, the US, and Europe, the three frameworks are typically pursued in parallel, with shared engineering effort and distinct documentation tracks per framework.

### Can MLPS classification be completed by an overseas company without a Chinese legal entity?

In practice, no. MLPS classification is issued to an operating entity; PSB filing requires registration of that entity. Overseas companies typically partner with a Chinese hosting provider, joint-venture partner, or WFOE subsidiary that operates the China-resident system and holds the MLPS classification.

### What's the typical timeline?

For a Grade 2 system with reasonable starting security maturity: 3-5 months end-to-end. For Grade 3: 5-8 months. For systems starting from low compliance maturity, multi-quarter.

### Related

- [What is MLPS?](/knowledge/glossary/mlps/)
- [Solutions — MLPS Readiness](/solutions/mlps-readiness/)
- [Industries — Cloud and SaaS companies](/industries/cloud-saas/)
- [PIPL pillar](/knowledge/china-compliance/pipl/) (companion framework)
- [DSL pillar](/knowledge/china-compliance/dsl-important-data/) (companion framework)
- [What is CII?](/knowledge/glossary/cii/)

---

*Placeholder — pending founder + China-licensed legal review of MLPS regulatory language, hosting-partner relationship model, classification-target guidance for specific industries, and current enforcement-environment context.*