The Cyber Administration of China (CAC) announced on its website on January 4 that the agency, as well as 12 other government bodies, including the Ministry of Public Security and the Ministry of State Security, have revised the “Cybersecurity Review Measures.”
The original regulation already took effect in June 2020. CAC pointed out that the revision is due to the implementation of the “Data Security Law” in September 2021, which requires that the state establish a data security review system.
After the revision, article 7 of the Measures stipulates that online platform operators that possess personal information about more than 1 million users must report to the Office of Cybersecurity Review when they go public abroad.
The Measure also specifies that operators of “critical information infrastructures” such as transportation, communications, and finance must also apply for security a review when purchasing network products and services that may affect national security.
It also lists key national security risk factors, including illegal control, the interference or disruption of “critical information infrastructure, possible disruption of product services due to political, diplomatic and trade factors, and the possibility of core data or substantial personal data being influenced, controlled and maliciously used by “foreign governments.”
The revised regulation is to be effective on February 15. It also adds the China Securities Regulatory Commission (CSRC) to the cybersecurity review mechanism.
Source: Cyber Administration of China, January 4, 2021