On 4 February 2017, the Cyberspace Administration of China issued a draft of the Network Products and Services Security Review Measures (“Draft Measures“) for public comment: the Draft Measures remain open for comments until 4 March 2017. The Draft Measures are follow-on legislation to China’s Cyber Security Law adopted on 7 November 2016, which will take effect from 1 June 2017.
The background to the Draft Measures is that the Cyber Security Law requires that network products and services purchased by operators of “critical information infrastructure” (the definition of which is somewhat vague and unsatisfactory) must undergo national security review (“Security Review“) if such network products and services “might potentially have an impact on national security”, failing which such operators risk being ordered to discontinue use and/or being subject to quite stiff fines.
The Draft Measures bring China one step closer to implementing such Security Review regime. How this regime will look has been a major area of concern for foreign investors, especially due to concerns that the new Security Review process might be skewed in favour of “local” manufacturers and thus become a back door means of imposing essentially protectionist policies.
China’s proposed Security Review regime potentially impacts both (1) the businesses who are manufacturers of network products and providers of network services, as well as (2) the users, or prospective users, of such products and services. While the Draft Measures give some shape to the process of Security Review, as drafted they leave a number of critical questions unanswered.
Click here for our full briefing on the Draft Measures. Our in-house unofficial English translation of the Draft Measures is available free-of-charge upon request. Please reach out to one of the briefing’s authors or your normal contact at our firm for a copy.