Cyberspace Administration of China, Measures on Cybersecurity Reviews (Draft for Comments)

Main contents: When a critical information infrastructure operator procures network products and services, it shall anticipate the potential security risks that the products and services could pose when brought online and are operating, and produce a security risk report. Where any of the following circumstances could arise, it shall file for a cybersecurity review with the cybersecurity review office: