Decoding the latest cybersecurity product review rules

Aug 21, 2017
| By Katherine Jo
The CAC’s regulations governing reviews of network products and services focus on security and controllability, but companies await clarity on the scope of “critical information infrastructure”

Thank you for sharing!

Your article was successfully shared with the contacts you provided.

Notwithstanding a lengthy consultation process that commenced in July 2015 when the first draft was published, the PRC Cybersecurity Law (CSL) suffers from significant gaps and ambiguities in practical implementation. Many commentators expected these shortcomings to be addressed through implementing rules issued before the CSL came into effect. The enforcement of many of its key provisions, such as the data localization requirement under Article 37 and the security review requirement under Article 35, depend on implementing measures. Yet, between November 1, 2016, when the CSL was promulgated, and June 1, 2017, when it entered into effect, mostly only draft measures addressing limited questions were issued.

This premium content is reserved for
China Law & Practice Subscribers.

Benefits Include:

  • Unlimited access to site and digital newsletters
  • 5 free articles across the ALM subscription network every 30 days
  • Exclusive discounts on ALM events and publications

Continue reading by getting
started with a subscription.

Subscribe Now For Unlimited Access