China Compliance
MLPS (等保 2.0)
MLPS (Multi-Level Protection Scheme), also known as 等保 2.0 (děngbǎo), is the People's Republic of China's mandatory cybersecurity classification framework for information systems. It assigns systems to one of five protection levels (L1 through L5) based on the system's importance and the potential damage from compromise.
Definition
MLPS (Multi-Level Protection Scheme), also known as 等保 2.0 (děngbǎo), is the People's Republic of China's mandatory cybersecurity classification framework for information systems. It assigns systems to one of five protection levels (L1 through L5) based on the system's importance and the potential damage from compromise.
What it means
MLPS 2.0 is governed by GB/T 22239-2019 ("Information security technology — Baseline for classified protection of cybersecurity") and is the cornerstone of China's domestic cybersecurity compliance regime. The Multi-Level Protection Scheme replaces the prior MLPS 1.0 framework and aligns with the broader regulatory context of the Cybersecurity Law (CSL), Data Security Law (DSL), and Personal Information Protection Law (PIPL).
The five levels are determined by self-classification followed (for L2 and above) by formal evaluation by a licensed assessment organization. L1 covers systems whose compromise affects only specific legal interests; L2 covers systems whose compromise harms social order or public interest; L3 covers systems whose compromise harms national security or causes substantial harm to public interest; L4 and L5 cover progressively more severe scenarios including critical infrastructure.
Most foreign-invested enterprises operating in China with systems handling user data fall into L2 or L3. The trigger for L3 is typically processing of personal information at scale, operating systems classified as Critical Information Infrastructure (CII), or handling Important Data (重要数据).
For offensive-security assessment, MLPS readiness work includes: system classification analysis, gap analysis against the MLPS technical requirements, evidence package preparation for the formal evaluation, and post-classification verification testing.
Where it appears at Melina
Central to Governance, Risk & Compliance services and the MLPS Readiness solution. The MLPS Readiness pillar covers the framework in depth.
Related terms
- PIPL - DSL - CII - CSL (P1.5)
Authoritative sources
- GB/T 22239-2019 — MLPS 2.0 baseline standard - Cybersecurity Law of the People's Republic of China (CSL)
---