In order to ensure the supply chain security of key information infrastructure, ensure network security and data security, and maintain national security, recently, 13 departments including the state Internet Information Office, the national development and Reform Commission, the Ministry of industry and information technology, the Ministry of public security and the Ministry of National Security jointly revised the measures for network security review, which will come into force on February 15, 2022.
The measures point out that the network security review adheres to the combination of preventing network security risks and promoting the application of advanced technology, the combination of process fairness and transparency and intellectual property protection, the combination of prior review and continuous supervision, and the combination of enterprise commitment and social supervision. The review is carried out from the aspects of the security of products and services, data processing activities and possible national security risks.
“Network security review is an important legal system in the field of network security.” When introducing the background of the revision of the measures, the relevant person in charge of the state network information office said that since the implementation of the original measures on June 1, 2020, through the review of the procurement activities of key information infrastructure operators and the review of some important products, the original measures have played an important role in ensuring the supply chain security of key information infrastructure and maintaining national security. On September 1, 2021, the data security law was officially implemented, which clearly stipulated that the state should establish a data security review system, and the measures for network security review were revised accordingly. The main purpose is to further ensure network security and data security and safeguard national security.
The measures include the situations that the data processing activities carried out by the network platform operators affect or may affect national security into the network security review, and clearly require the network platform operators who master the personal information of more than 1 million users to apply for the network security review when they are listed abroad. According to the actual needs of the review, the CSRC has been added as a member unit of the network security review mechanism, and the national security risk assessment factors have been improved.
“Network platform operators shall apply for network security review before submitting listing application to foreign securities regulatory authorities.” The relevant person in charge of the state network information office said that there may be the following three situations for network platform operators to go abroad to apply for the results of network security review: first, there is no need for review; Second, after starting the review, if it is judged that it will not affect national security, it can continue the listing procedure abroad; Third, after starting the review, those judged to affect national security are not allowed to be listed abroad.
According to the measures, if the key information infrastructure operators, network platform operators and other parties violate the provisions of the measures, they will be dealt with in accordance with the provisions of the network security law and the data security law. (Xinhua news agency, Beijing, January 4)
