其他
Measures for Cybersecurity Review Released for Public Opinions
Tap LegalTips to follow us
On 12th of July 2021, the Cyberspace Administration of China released the Measures for Cybersecurity Review (Draft) to gather public opinions until July 25, 2021.The highlights are as follows:
* If a business operator has collected personal information of more than one million users and it plans to go public in a foreign stock market, it must apply for cybersecurity review to the office of cybersecurity review.
* A business operator should submit the following documents when it files an application for cybersecurity review;(1) Letter of application;(2) Analysis report about the impact or potential impact on national security;(3) Procurement documents, agreements, contracts to be signed, or IPO files to be submitted;(4) Other documents required for cybersecurity review.
* Cybersecurity review shall focus on the assessment of national security risks that may be brought about by procurement activities, data processing activities and overseas listing, with the following factors taken into account:(I) Risks of illegal control, interference or destruction of critical information infrastructure brought about by the use of products and services;(II) The harm caused by supply interruption of products and services to the business continuity of critical information infrastructure;(III) Security, openness, transparency and diversity of sources of products and services, reliability of supply channels, and risks of supply interruption due to political, diplomatic, trade or other factors;(IV) Information on compliance with Chinese laws, administrative regulations and departmental rules by product and service providers;(V) Risks of theft, disclosure, damage, illegal use or cross-border transfer of core data, important data or large amounts of personal information;(VI) Risks of influence, control or malicious use of critical information infrastructure, core data, important data or large amounts of personal information by foreign governments after overseas listing; and(VII) Other factors that may endanger critical information infrastructure security and national data security.
* For the purpose of the present Measures, the term "critical information infrastructure operator" refers to an operator identified by the critical information infrastructure protection authority.For the purpose of the present Measures, the term "network products and services" mainly refers to core network equipment, important communication products, high-performance computers and servers, mass storage devices, large databases and application software, cybersecurity equipment, cloud computing services, and other network products and services that have a significant impact on the security of critical information infrastructure.For more information please visit the website of Ministry of Justice of the People’s Republic of ChinaNote: You can check another article we published today for the Chinese version of this article.