The Cyberspace Administration of China recently released draft regulations for reviewing the security of online products and services, in order to better ensure the security of such products and services, reduce supply chain safety risks, and protect national security and the public interest.
The "Measures for the Security Review of Network Products and Services" draft regulations say that important online products and services used by information systems related to national security and the public interest should undergo security inspection focusing on security and controllability. This includes risks faced by online products and services being illegally controlled, interfered with, or interrupted; risks associated with development, delivery, and technology support for products and key components; risks that product and service providers may illegally collect, store, process, or use users' personal information; and risks that product and service providers may engage in unfair competitive practices or otherwise harm users' interests.
The regulations indicate that the CAC will work with other relevant government departments to set up an Online Security Inspection Committee to consider regulatory measures, along with an office to oversee security inspection work. Government agencies in charge of industries including finance, telecommunications, and energy will organize and undertake online security inspection work for products and services in their domains. Party and government departments and major industries will give priority to procuring products and services that have undergone inspection, and will not be permitted to buy unverified products and services. Network products and services procured by critical infrastructure operators, particularly products and services that may affect national security, should also undergo security inspection. Whether or not products and services purchased by critical infrastructure operators affects national security will be determined by government departments charged with protecting critical information infrastructure.