Volume: 3 Issue: 2
The Cyberspace Administration of China (‘CAC’) issued, on 4 February 2016, a draft of its Network Products and Services Security Review Measures (‘Draft Measures’), further to the adoption of the Cyber Security Law (‘Law’) in November 2016, which is due to take effect from 1 June 2017. Under Article 35 of the Law, network products and network services procured by operators of critical information infrastructure network are subject to national security examination. The Draft Measures set out the implementation of this review regime.
Michelle Chan and Clarice Yue of Bird & Bird highlighted, “The Draft Measures bring clarity to the review regime [and] give guidance to operators of critical information infrastructure. Moreover, it is clarified that a new Network Security Examination Committee will be established to review important policies of network security examination, and a third party expert committee will also be set up to conduct integrated security assessment.”
Despite the above, Chan and Yue note that there are still areas of the Draft Measures that lack clarity: “For example, the Draft Measures require that the departments in charge of ‘key industries’ are required to organise security examination of network products and services in accordance with the requirements of the national security examination, but the list of ‘key industries’ only includes financial, telecommunications and energy industries and does not appear consistent.”