Decoding the latest cybersecurity product review rules

Aug 21, 2017
| By Katherine Jo
The CAC’s regulations governing reviews of network products and services focus on security and controllability, but companies await clarity on the scope of “critical information infrastructure”

Thank you for sharing!

Your article was successfully shared with the contacts you provided.
 

Notwithstanding a lengthy consultation process that commenced in July 2015 when the first draft was published, the PRC Cybersecurity Law (CSL) suffers from significant gaps and ambiguities in practical implementation. Many commentators expected these shortcomings to be addressed through implementing rules issued before the CSL came into effect. The enforcement of many of its key provisions, such as the data localization requirement under Article 37 and the security review requirement under Article 35, depend on implementing measures. Yet, between November 1, 2016, when the CSL was promulgated, and June 1, 2017, when it entered into effect, mostly only draft measures addressing limited questions were issued.

This premium content is reserved for
China Law & Practice Subscribers.

A Premium Subscription Provides:

  • A database of over 3,000 essential documents including key PRC legislation translated into English
  • A choice of newsletters to alert you to changes affecting your business including sector specific updates
  • Premium access to the mobile optimized site for timely analysis that guides you through China's ever-changing business environment

SUBSCRIBE NOW

Subscribe Now

For enterprise-wide or corporate enquiries, please contact our experienced Sales Professionals at +44 (0)203 868 7546 or [email protected].