The IBA uses cookies to provide you with a better website experience. By continuing to use our site, you are agreeing to the use of cookies.
Manage cookies

China issues new measures for cybersecurity review

Back to Technology Law Committee publications

Jihong Chen
Zhong Lun, Beijing
chenjihong@zhonglun.com

Yun Luo
Zhong Lun, Beijing
luoyun@zhonglun.com

 

On 27 April 2020, the Cyberspace Administration of China (CAC) together with 12 other bureaus, jointly issued the Measures for Cybersecurity Review (the ‘New Measures’) effective 1 June 2020.

The New Measures are promulgated to implement Article 59 of the National Security Law and Article 35 of the Cybersecurity Law, aiming to protect national security and, in particular, the security of the supply chain of critical information infrastructure (‘CII’). According to the Guidelines on the Determination of CII, the information infrastructure in a number of sectors, including finance, banking and other financial institutions, might fall into the scope of CII if, once destroyed or disabled, it would severely endanger national security, national welfare or public interest.

As stated below, the New Measures have evidently made changes to former drafts and changed the review mechanism from one of passive determination to an active declaration, requiring CII operators to conduct pre-determination as to whether the network products and/or services to be procured would pose a potential national security risk. If so, CII operators should submit an application for a cybersecurity review prior to the procurement of such network products and/or services.

Article 16 of the New Measures also include confidentiality obligations to protect trade secrets and intellectual property, which not only includes the undisclosed information of the CII operators, but also those of the product and service providers. The New Measures even include a complaint clause in Article 17 that applies when objectively unfair or in breach of the confidentiality obligations.

The New Measures focus on a central goal of protecting national security and have removed the provisions relating to personal information in the former drafts, which confirms China’s dual-track approach to regulating important data and personal information after the Measures on Security Assessment for Cross-border Transfer of Personal Information (Exposure Draft) were issued last June.

Additionally, in responding to some doubts and questions from foreign investors, the spokesperson of CAC has stated that the New Measures are not intended to restrict or discriminate against foreign products or services as China will continue to embrace an opening-up policy to the market and foreign investment.

Back to Technology Law Committee publications

Similar topics

International Bar Association 2024 © Privacy policy Terms & conditions Cookie policy Harassment policy

International Bar Association is incorporated as a Not-for-Profit Corporation under the laws of the State of New York in the United States of America and is registered with the Department of State of the State of New York with registration number 071114000655 - and the liability of its members is limited. Its registered address in New York is c/o Capitol Services Inc, 1218 Central Avenue, Suite 100, Albany, New York 12205.

The London office of International Bar Association is registered in England and Wales as a branch with registration number FC028342.