China cybersecurity rule to take effect June 1
China's new regulation on a cybersecurity review system, which aims to promote an orderly, secure and open cyberspace and safeguard national security, will take effect on June 1, according to the country's top internet regulator.
The new document, entitled cybersecurity review measures, reiterated the cybersecurity compliance obligations imposed under the Cybersecurity Law, showing the government's ongoing commitment to safeguarding national security and ensuring the safety of supply chains in relation to critical information infrastructure, experts said.
They said the implementation of the review system will help eliminate potential cybersecurity risks, ensure public safety and national cyberspace as well as promote the healthy and orderly development of the information industry.
The Cyberspace Administration of China, together with 11 other departments, released the document on Monday, which may potentially affect both domestic and overseas suppliers who provide information and network products and services to strategic industries such as telecom, radio and television, energy, finance, road and water transportation, railways and civil aviation.
According to the regulation, critical information infrastructure operators who seek to procure network products and services — if such products and services may affect national security — must undergo a national security review.
The regulation said that these operators must assess the potential cybersecurity risks in connection to such products and services and must report to the cybersecurity review office to apply for a cybersecurity review if risks — such as an illegal control and damage of key information infrastructure and the leak, loss and damage of key data — are identified.
"Previously, the biggest cybersecurity challenge was personal privacy. However, today the emerging internet technologies have served a wide range of industries, especially some key sectors closely related to the national economy and social development," said Qiao Siyuan, senior director of the strategic management division at Chinese security company Qi An Xin Group.
The information from the cyberspace administration also highlighted the importance of safeguarding the security of key sectors. "The purpose of building a cybersecurity review system is to detect and avoid risks where the procurement of network products and services may affect national security," the administration said in a statement.
Particularly, the administration noted the government's purpose is to safeguard national cybersecurity instead of imposing restrictions on foreign products and services.
"Opening to the outside world is our basic national policy. Our policies that welcome the entry into our market of foreign products and services remain unchanged," it said.
During recent years, the US government has been "misusing" the excuses of national security concerns to impose restrictions on a string of Chinese tech companies, experts said. Huawei Technologies Co's telecom equipment and smartphones, for example, were restricted for further use in the US market.
Reuters reported on Friday that the US Federal Communications Commission said it may shut down the US operations of four Chinese telecommunications operators, including China Telecom and China Unicom, citing national security risks.
The new regulation also came as China steps up efforts to build a sound and complete cybersecurity system to protect the nation's sprawling cyberspace for consumers and enterprises.
In December, the Ministry of Industry and Information Technology unveiled two national cybersecurity platforms, with one for safeguarding the development of industrial internet and the other for sharing information about cyber risks.