Cyberspace Administration of China, Measures on Cybersecurity Reviews (Draft for Comments)
国家互联网信息办公室网络安全审查办法 (征求意见稿)
June 07, 2019 | BY
Susan MokCAC lists the conditions when a cybersecurity review is required
Issued: May 21, 2019
Main contents: When a critical information infrastructure operator procures network products and services, it shall anticipate the potential security risks that the products and services could pose when brought online and are operating, and produce a security risk report. Where any of the following circumstances could arise, it shall file for a cybersecurity review with the cybersecurity review office:
(1) the entirety of the critical information infrastructure ceases to operate or its major functions fail to operate normally;
(2) a large quantity of personal information or important data leaks, is lost, is damaged or transferred overseas; or
(3) operational maintenance of, technical support for, or updating or upgrading of, the critical information infrastructure faces a security threat to the supply chain (Article 6).
For a procurement activity for which a cybersecurity review is filed, the operator shall, by means such as the procurement documents, a contract or other binding means, require the product and service provider to cooperate in the cybersecurity review, and specify with the product and service provider that the contract shall enter into effect only after the cybersecurity review is successfully passed (Article 7).
issued:2019-05-21This premium content is reserved for
China Law & Practice Subscribers.
A Premium Subscription Provides:
- A database of over 3,000 essential documents including key PRC legislation translated into English
- A choice of newsletters to alert you to changes affecting your business including sector specific updates
- Premium access to the mobile optimized site for timely analysis that guides you through China's ever-changing business environment
Already a subscriber? Log In Now