Definition and Evolution of Multi-Level Protection Scheme (MLPS)
Article 23 of the Cybersecurity Law of the People’s Republic of China (implemented on June 1, 2017, and revised on October 28, 2025) explicitly stipulates: "The state shall implement a Cybersecurity Classified Protection System." As a foundational system for cyberspace governance, the Classified Protection Scheme has evolved through iterations from "MLPS 1.0" to "MLPS 2.0" (GB/T 22239-2019 Information Security Technology — Basic Requirements for Classified Protection of Cybersecurity). Classified Protection of Cybersecurity (MLPS) is a fundamental system designed to protect China's network security and serves as a basic guarantee for maintaining national information development and ensuring information security.
Based on the strategic value of an information system in areas such as national security, economic operations, social governance, and public services, and the potential harm to national security, public interests, and citizens' rights if the system is compromised, the Classified Protection Scheme divides information systems into five levels (Level 5 being the highest protection level).
Tencent Cloud's MLPS Practice
In accordance with the MLPS standards and relevant regulations, the Tencent Financial Cloud Platform has completed the Level 4 assessment and filing; the Tencent Public Cloud has completed the Level 3 assessment and filing.
Core Value of MLPS
1. Assisting Cloud Users in Implementing MLPS Compliance
According to the MLPS requirements, information systems of different security levels must possess corresponding levels of security protection capabilities. Tencent Cloud’s completion of the assessment signifies that it strictly adheres to the national technical protection and security management requirements for the secure development of cloud computing platforms, enabling it to provide services that assist enterprise users across various industries and business lines in achieving MLPS compliance.
-- Assist enterprise users in providing "Cloud Platform Security Compliance" certification during their MLPS compliance assessments;
--Provide enterprise users with enhanced security capabilities required for their business systems to meet MLPS compliance requirements.
2. Simplifying MLPS Assessment Process and Improving Efficiency for Cloud Users
When cloud users conduct MLPS assessments, they do not need to repeatedly evaluate the infrastructure provided by the cloud platform, in addition to their own business systems and managed virtual resources (such as cloud hosts, cloud databases, and cloud networks). This significantly reduces the complexity of the MLPS compliance process.
Implementing the Personal Information Protection Law of the People’s Republic of China and the Data Security Law of the People’s Republic of China, Tencent Cloud consistently prioritizes the protection of cloud users' personal information and data security. The MLPS framework naturally incorporates capabilities for protecting personal information and data security.