Cybersecurity Review Measures (2022 ed.)

ALL TRANSLATIONS ON THIS SITE ARE UNOFFICIAL AND ARE PROVIDED FOR REFERENCE PURPOSES ONLY. THESE TRANSLATIONS ARE CREATED AND CONTINUOUSLY UPDATED BY USERS –THEY ARE FREE TO VIEW, BUT PROPER ATTRIBUTION IS REQUIRED FOR DISTRIBUTION OF THESE OR DERIVATIVE TRANSLATIONS. PAGES WITHOUT IMAGES ARE WORKS IN PROGRESS.

English中文(简体)

Promulgation Date: 2021-12-28
Title: Cybersecurity Review Measures
Document Number:
Expiration date: 
Promulgating Entities:China Cyberspace Administration, National Development and Reform Commission, Ministry of Industry and Information Technology et al.
Source of text: http://www.cac.gov.cn/2022-01/04/c_1642894602182845.htm

Article 1: These Measures are drafted on the basis of the People's Republic of China National Security Law, the People's Republic of China Cybersecurity Law, and the People's Republic of China Data Security Law, and the Regulations on the Protection of Critical Information Infrastructure Security, so as to ensure supply chain security for critical information infrastructure to preserve national security, and to ensure cybersecurity and data security.

Article 2: Where critical information infrastructure operators purchase network products and services, or online platform operators carry out data handling activities, impacting or having the potential to impact national security, they shall conduct network security reviews in accordance with these measures.

The critical information infrastructure operators and network platform operators provided for in the preceding paragraph are collectively referred to as 'parties'.

Article 3: Cybersecurity reviews are to combine the prevention of cybersecurity risks with the promotion of technological applications, combine equity and transparency in procedures with the protection of intellectual property rights, combine ex-ante reviews with ongoing regulation, and combine enterprise's pledges with social oversight, to carry out reviews of areas such as the security, reliability, and potential national security risks or the products, services, or data handling activities.

Article 4: Under the leadership of the Central Cyberspace Affairs Commission, the State Internet Information Office is to establish a national mechanism for cybersecurity review work, in conjunction with the National Development and Reform Commission, Ministry of Industry and Information, Ministry of Public Security, Ministry of State Security Ministry of Finance, Ministry of Commerce, People's Bank of China, State Administration for Market Regulation, State Administration of Radio and Television, The China Securities Regulatory Commission, State Secrets Administration, and State Cryptography Administration.

An Office for Cybersecurity Review is to be set up in the State Internet Information Office, and be responsible for regulating systems related to cybersecurity reviews and organizing cybersecurity reviews.

Article 5: Where critical information infrastructure operators purchase network products and services, they shall make an anticipatory judgment of national security risks that might occur after they are put into use. Where there is an impact or potential impact on national security, an application for cybersecurity review shall be made to the Office for Cybersecurity Review.

The departments for critical information infrastructure security protection work may formulate a pre-assessment guide for the corresponding industry or field.

Article 6: For procurement activities that are submitted for cybersecurity review, critical information infrastructure operators shall use procurement documents, agreements, and so forth, to request that providers of products and services cooperate in the cybersecurity review, including pledging not to use the provision of products and services to facilitate the illegal acquisition of user data, illegal control or operation of user equipment, and to not interrupt the supply of products or necessary technical support services without legitimate reason.

Article 7: Where network platform operators that have information on 1,000,000 or more users in hand are to be publicly listed abroad, an application for cybersecurity review must be made to the Office for Cybersecurity Review.

Article 8: Parties shall submit the following material in applying for cybersecurity review:

(1) a written declaration;

(2) An analytic report on the impact or potential impact to national security;

(3) Application documents for listing, such as the purchasing documents, agreements, signed contracts, or proposed Initial Public Offering (IPO);

(4) Other materials required for cybersecurity review efforts.

Article 9: The Office for Cybersecurity Review shall determine whether a review is required within 10 working days of receiving review declaration materials compliant with article 8 of these Measures, and notify the party in writing.

Article 10: Cybersecurity reviews are to focus on assessing the following national security risk factors in the subject or situation under review:

(1) The risk of critical information infrastructure being illegally controlled, interfered with, or destroyed after that the product or service is put into use;

(2) The threat to the continuity of critical information infrastructure from interruptions in the supply of the products or services;

(3) The products' or services' security, openness, transparency, and diversity of sources, as the reliability of supply channels and the risk of supply interruptions due political, diplomatic, or trade factors, and so forth;

(4) The supplier of the product or services' compliance with Chinese law, administrative regulations, and departmental rules;

(5) The risk of core data, important data, or large volumes of personal information being stolen, leaked, destroyed, or being illegally used or illegally sent abroad;

(6) The risk in public listing of foreign governments influencing, controlling, or maliciously exploiting critical information infrastructure, core data, important data, or large volumes of personal information, as well as the risk to network information security.

(7) Other factors that might endanger critical information infrastructure security, cybersecurity, and data security.

Article 11: Where the Office for Cybersecurity Review finds that it is necessary to carry out cybersecurity review, it shall complete a preliminary review within 30 working days of issuing a written notice to the parties, including forming review conclusions and recommendations and sending them to solicit comments from the mechanism for cybersecurity review work's member units and related departments; and where the circumstances are complicated, the period may be extended by 15 working days.

Article 12: The unit members of the mechanism for cybersecurity review work and related departments shall reply with written comments within 15 working days of receiving the review conclusions and recommendations.

Where the mechanism for cybersecurity review work's member units and related departments' comments are consistent, the Office for Cybersecurity Review is to notify the parties of the review conclusions in writing; where the comments are not consistent, handle them in accordance with the procedures for special review, and notify the parties.

Article 13: The special review procedures shall normally be completed within 90 working days, but where circumstances are complex, this may be extended.

Article 14: The special review procedures shall normally be completed within 90 working days, but where circumstances are complex, this may be extended.

Article 15: Where the Office for Cybersecurity Review requests that supplementary materials be provided, parties and providers of products and services shall cooperate. The time for the provision of supplementary materials is not counted in the time for review.

Article 16: Products and services. as well data handling activities, that member units of the mechanism for cybersecurity review work find might impact national security, are to be reviewed in accordance with these Measures after the Office for Cybersecurity Review reports to the Central Cyberspace Affairs Commission for permission in accordance with procedures.

As a precaution against risk, the parties shall employ measures during the review period as required for the cybersecurity review to prevent and reduce risk

Article 17: The institutions and personnel participating in cybersecurity reviews shall strictly protect the intellectual property rights, and bear an obligation to protect the confidentiality of commercial secrets and personal information learned of in the course of review work, as well as undisclosed materials submitted by parties and the providers of products or services, as well as other undisclosed information, and must not disclose these to unrelated parties or use them for purposes other than reviews.

Article 18: Where parties or network product and services providers feel that reviewers are no longer objective and fair, or are unable to bear the obligation to preserve the confidentiality of information obtained in the course of the review, they may report this to the Office for Cybersecurity Review or relevant departments.

Article 19: Parties shall urge product and service providers to perform on the pledges they make during cybersecurity reviews.

The Office for Cybersecurity Review is to strengthen ex-ante and ongoing oversight through means such as accepting reports.

Article 20: Where parties violate the provisions of these Measures, it is to be addressed in accordance with the People's Republic of China Cybersecurity Law and the People's Republic of China Data Security Law.

Article 21: "Network products and services" as used in these Measures primarily refers to core network equipment, important communications equipment, high-performance computers and servers, mass storage equipment, large-scale databases, and application software, cloud computing services, as well as other network products and services that have a major impact on critical information infrastructure security, cybersecurity, or data security.

Article 22: Where information that is a state secret is involved, implementation is to be in accordance with state provisions on secrecy.

Where the state has other provisions on data security reviews or foreign investment reviews, they shall be complied with concurrently.

Article 23: These Measures take effect on February 15, 2022. The "Cybersecurity Review Measures" promulgated on April 13, 2020 (Order No. 6 of the China Cyberspace Administration, National Development and Reform Commission, Ministry of Industry and Information Technology, Ministry of Public Security, Ministry of State Security, Ministry of Finance, Ministry of Commerce, People's Bank of China, State Administration for Market Regulation, National Radio and Television Administration, National Administration of State Secrets Protection, and State Cryptography Administration) are simultaneously repealed.

 

About China Law Translate 1229 Articles
CLT is a crowdsourced, crowdfunded legal translation project that enables English speaking people to better understand Chinese law.

88 Trackbacks / Pingbacks

  1. China to Mandate Cybersecurity Reviews on Tech Firms Seeking Foreign IPOs - True USA
  2. China to Mandate Cybersecurity Reviews on Tech Firms Seeking Foreign IPOs – Million Voices USA
  3. China Issues New Rules on Cybersecurity Review for Network Platform Operators Listing Abroad | Global Privacy & Security Compliance Law Blog
  4. Wrapped in red tape, China’s startups give up their mainland dreams - CableFreeTV
  5. Chinese Startups Wrapped In Red Tape Abandon Their Mainland Dreams - Meczyki.Net
  6. Wrapped in red tape, China’s startups give up their mainland dreams – TechCrunch – Pasi Blog
  7. Bürokrasi ile sarılmış Çin'in yeni girişimleri anakara hayallerinden vazgeçiyor - Dünyadan Güncel Teknoloji Haberleri | Teknomers
  8. Wrapped in red tape, China’s startups give up their mainland dreams – TechCrunch | Local News Reviews
  9. Wrapped in red tape, China’s startups give up their mainland dreams – TechCrunch - Best university info
  10. Wrapped In Red Tape, China’s Startups Give Up Their Mainland Dreams – TechCrunch - Newscenter
  11. Wrapped in red tape, China’s startups give up their mainland dreams - Trend Fool
  12. Wrapped in red tape, China’s startups give up their mainland dreams – TechCrunch - FIRE-RULES
  13. Wrapped in red tape, China’s startups give up their mainland dreams - Techmonsterr
  14. Wrapped in red tape, China’s startups give up their mainland dreams – TechCrunch - BBC Business Update
  15. Wrapped in red tape, China’s startups give up their mainland dreams – TechCrunch – Business Blog
  16. Wrapped in red tape, China’s startups give up their mainland dreams – Tech News
  17. Wrapped in red tape, China’s startups give up their mainland dreams – TechCrunch - Tophyper
  18. Wrapped in red tape, China’s startups give up their mainland dreams - Charles Tech Corner
  19. Wrapped in red tape, China’s startups give up their mainland dreams – TechCrunch – Tausi National News
  20. Wrapped in red tape, Chinese startups give up on the mainland dream – TechCrunch - News7h
  21. Wrapped in red tape, China’s startups give up their mainland dreams – TechCrunch -
  22. Wrapped in red tape, China’s startups give up their mainland dreams - The Pakistan Post
  23. Wrapped in crimson tape, China’s startups hand over their mainland desires – Thealike - Commerceaffairs
  24. Wrapped in red tape, China’s startups give up their mainland dreams – Conference Call Systems
  25. 由于繁文缛节,中国初创企业正在放弃在大陆的梦想 - TechCrunch
  26. Wrapped in red tape, China’s startups give up their mainland dreams – TechCrunch - Aark
  27. Wrapped in red tape, China’s startups give up their mainland dreams – TechCrunch – Find World News
  28. Wrapped in red tape, China’s startups give up their mainland dreams – TechCrunch - Oehas.Com
  29. Wrapped in red tape, China’s startups give up their mainland dreams – TechCrunch - FELIX SERVICE
  30. Wrapped in red tape, China’s startups give up their mainland dreams – HNN The Hollapeno News Network
  31. Wrapped in red tape, China’s startups give up their mainland dreams - THINKYTECH
  32. Wrapped in red tape, China’s startups give up their mainland dreams – TechCrunch – Tausi EU News
  33. Wrapped in red tape, China’s startups give up their mainland dreams – TechCrunch – Winestle UK News
  34. Wrapped in red tape, China’s startups give up their mainland dreams – TechCrunch
  35. Wrapped in red tape, China’s startups give up their mainland dreams – dadventures.io
  36. Wrapped in red tape, China’s startups give up their mainland dreams – MRBiz Reports
  37. Wrapped in paperwork, Chinese startups abandon their mainland dreams – SIT – Sahar Info
  38. Wrapped in red tape, China’s startups give up their mainland dreams – Kamal Reader
  39. Wrapped in red tape, China’s startups give up their mainland dreams – ChannelNewsBox
  40. Wrapped in red tape, China’s startups give up their mainland dreams - Bangsa Membaca
  41. Wrapped in red tape, China’s startups give up their mainland dreams – TechCrunch – startuphoarde
  42. Wrapped in red tape, China’s startups give up their mainland dreams - SkyHyzer
  43. Wrapped in red tape, China’s startups give up their mainland dreams - F1TYM1
  44. Wrapped in red tape, China’s startups give up their mainland dreams | Altitudes 202
  45. Wrapped in red tape, China’s startups give up their mainland dreams - Tech Vibes
  46. Wrapped in red tape, China’s startups give up their mainland dreams - Researching Tech
  47. Wrapped in crimson tape, China’s startups surrender their mainland goals – TechCrunch | Genius Interactive
  48. Wrapped in red tape, China’s startups give up their mainland dreams - News Bazzar
  49. Wrapped in red tape, China’s startups give up their mainland dreams - Carabiners
  50. Wrapped in red tape, China’s startups give up their mainland dreams - Newsbrella - Curated News
  51. Wrapped in red tape, China’s startups give up their mainland dreams | Digital Wissen
  52. Wrapped in red tape, China’s startups give up their mainland dreams – TechCrunch – strideitforward
  53. Wrapped In Red Tape, China’s Startups Give Up Their Mainland Dreams | Amoheric.com
  54. Envueltas en burocracia, las empresas emergentes de China están renunciando a sus sueños en el continente - Español News
  55. Wrapped in red tape, China’s startups give up their mainland dreams - News Portal by AfricaX
  56. Wrapped in red tape, China’s startups give up their mainland dreams – TechCrunch – techyrackty
  57. Wrapped in red tape, China’s startups give up their mainland dreams – Money Never Sleeps Club
  58. Wrapped in red tape, China’s startups give up their mainland dreamsWrapped in red tape, China’s startups give up their mainland dreams - Everyday Tech Insights - MobiClog
  59. Wrapped in red tape, China’s startups give up their mainland dreams - X TECH NEWS
  60. China to Mandate Cybersecurity Reviews on Tech Firms Seeking Foreign IPOs – Real News Aggregator
  61. Wrapped in red tape, China’s startups give up their mainland dreams – TechCrunch – DigitalSevaa.Com (Follow us for latest Digital Marketing Trends,Tips,Products and More)
  62. Wrapped in red tape, Chinese startups are giving up on their dreams in the mainland – e-RUPI Guide – e-RUPI Guide
  63. Wrapped in red tape, China’s startups give up their mainland dreams – TechCrunch - Aark
  64. Envoltas em burocracia, startups da China desistem de seus sonhos continentais – Techdoxx | Techdoxx
  65. China’s startups give up their mainland dreams – TechCrunch - That TechGuy
  66. Wrapped in red tape, China’s startups give up their mainland dreams – Money Never Sleeps Club
  67. Envueltas en papeleo, las nuevas empresas chinas abandonan sus sueños en el continente – TechCrunch - Noticia para el Mundo
  68. Wrapped in red tape, China’s startups give up their mainland dreams – CHRISTIAN
  69. Wrapped in red tape, China’s startups give up their mainland dreams – JIKU.SHOP
  70. Wrapped in red tape, China’s startups give up their mainland dreams – Tech News
  71. Wrapped in red tape, China’s startups give up their mainland dreams – TechCrunch-Techinfoblog | Tecinfoblog
  72. Wrapped in red tape, China’s startups give up their mainland dreams – TechCrunch - TechPoll
  73. Wrapped in red tape, China’s startups give up their mainland dreams – TechCrunch -
  74. Wrapped in purple tape, China’s startups quit their mainland goals – TechCrunch - iNewssy.com
  75. Wrapped in red tape, China’s startups give up their mainland dreams – TechCrunch - FIRE-RULES
  76. Wrapped in red tape, China’s startups give up their mainland dreams – TechCrunch - WIZE DIZE
  77. China’s startups give up their mainland dreams – TechCrunch | celebvibez
  78. Wrapped in red tape, China’s startups give up their mainland dreams - IT EXPLORIDA
  79. Wrapped in red tape, China’s startups give up their mainland dreams - Bayou City Lab
  80. Wrapped in red tape, China’s startups give up their mainland dreams – TechCrunch – Techverse Africa
  81. Wrapped in red tape, China’s startups give up their mainland dreams - DigDee
  82. Wrapped in paperwork, Chinese startups abandon their mainland dreams – TechCrunch - bstlifess
  83. Wrapped in crimson tape, China’s startups surrender their mainland goals – TechCrunch – Latest
  84. Wrapped in pink tape, China’s startups surrender their mainland desires – TechCrunch – Latest
  85. Wrapped in purple tape, China’s startups surrender their mainland desires – TechCrunch – Latest
  86. Wrapped in crimson tape, China’s startups surrender their mainland desires – TechCrunch – Latest
  87. Envueltas en trámites burocráticos, las nuevas empresas de China renuncian a sus sueños continentales - Feedbun
  88. Wrapped in purple tape, China’s startups surrender their mainland desires – TechCrunch – Latest

Leave a Reply

Your email address will not be published.


*