The Cyberspace Administration of China recently released new rules covering the security review process for online products and services, which will go into effect on June 1. Compared to previous draft regulations, there are several major changes:
1. Section 8 emphasizes procedure and has been updated to indicate that the online security inspection office will determine the products and services to be inspected, in accordance with national requirements and based on recommendations from national industry associations and user feedback. It will organize third-party organizations and expert committees to carry out online security reviews and will publish the results.
2. The new regulations eliminate language from previous drafts stating that "Party and government departments and key industries will give priority to procuring online products and services that have been reviewed, and may not procure online products and services that have failed to pass review."
3. Any online products and services purchased by critical information infrastructure operators that may have an impact on national security should undergo security review. The term "critical information infrastructure operators" includes operators in the public communication and information services, energy, transportation, water conservancy, finance, public service, and e-government industries and domains, as well as other operators of critical information infrastructure.
4. The regulations add that "if an online product or service provider believes that a group or individual within a third-party institution has lost objectivity or cannot uphold the security or secrecy of information obtained in the course of review work, the provider can submit a report to the online security review office or relevant government department."
Editor's Note: For more information on this topic, please see "China Releases Draft Regulations for Security Review of Online Products and Services," MD 2/04/17 issue.