C ybercurity Review Measures
(Draft for Comments)
Article 1 The Measures are established in accordance with the National Security Law of the People’s Republic of China, the Cybercurity Law of the People’s Republic of China and other laws and regulations, with an aim to enhance the cure and controllable level of critical information infrastructure (hereinafter referred to as “CII”) and safeguard national curity.
Article 2 Purcha of network products and rvices by CII operators (hereinafter referred to as “operators” or “operator”), which affects or may affect national curity, shall be subject to cybercurity review in accordance with the Measures. Where laws and administrative regulations provide otherwi, such provisions shall prevail.
Article 3 Cybercurity review shall adhere to the principle of balancing cybercurity risk prevention with advancedtechnology promotion, and incread fairness and transparency with intellectual property protection, as well as to the principle of combining proactive curity review with continuous government supervision, and business’ commitment with public oversight. It shall make comprehensive analysis and judgement bad on, among others, the curity level of products and r
vices and the potential risk to national curity.
Article 4 Cybercurity review work shall be conducted under the unified leadership of the Central Cyberspace Affairs Commission.
Article 5 A cybercurity review working mechanism shall be established by the Cyberspace Administration of China, together with the National Development and Reform Commission, the Ministry of Industry and Information Technology, the Ministry of Public Security, the Ministry of National Security, the Ministry of Commerce, the Ministry of Finance, the People’s Bank of China, the State Administration for Market Regulation, the National Radio and Television Administration, the National Administration of State Secrets Protection, and the State Cryptography Administration. The Cybercurity Review Office, responsible for developing cybercurity review related rules and procedures, organizing cybercurity reviews and supervising the implementation of findings, is located at the Cyberspace Administration of China.
Article 6 Where an operator purchas a network product or rvice, it shall make an exante judgement of the potential curity risks that could emerge once the product or rvice is put into operation, and produce a curity risk report accordingly. Where there is a possibility of leading to
(i) complete shutdown or main function failure of CII,
(ii) leakage, loss, corruption or crossborder transfer of massive personal information and important data,
(iii) supply chain curity threats compromising the operation and maintenance, technical support and upgrading of CII, or
(iv) other potential risks that could verely jeopardize CII,
the operator shall apply to the Cybercurity Review Office for a cybercurity review.
Article 7 With regard to the purcha into which the cybercurity review is applied for, the operator shall require the product and rvice provider to cooperate with the review by reflecting such cooperation in the purcha document, contract or through other binding means, and make the Pass finding in the review a precondition for the contract to take effect.
Article 8 When applying for the cybercurity review, the operator shall submit the following materials:夜尿多吃什么食物好
(i) A declaration;
(ii) The curity risk report produced pursuant to Article 6 herein;
(iii) Procurement contract, agreement, etc.;
(iv) Other materials requested by the Cybercurity Review Office.
Article 9 The Cybercurity Review Office shall complete its preliminary review within 30 working days after acceptance of the application, with a 15workingday extension possible for complicated cas.
Article 10 The cybercurity review shall focus on evaluating the national curity risks the purcha could bring by looking at:
(i) The implications of the purcha on the continuous, cure and stable operation of
CII, including the possibility of the CII getting manipulated, interfered or its business continuity disrupted;
(ii) The possibility of the purcha leading to the leakage, loss, corruption or crossborder transfer of massive personal information and important data;
(iii) The controllability, transparency and supplychain curity of the product and rvice, including the possibility of supply disruptions as a result of nontechnical factors like political, diplomatic and trade reasons;
(iv) The influence of the purcha on technologies and industries related to national defen, military industry and CII;
(v) The track record of the product and rvice provider’s compliance with national laws and administrative regulations, as well as the responsibilities and obligations it pledges to undertake;
(vi) Whether the product and rvice provider is funded or controlled by foreign governments;
(vii) Other factors that could compromi CII curity and national curity.
大学检讨书
Article 11 After completing the preliminary review, the Cybercurity Review Office shall circulate its suggested finding among members of the cybercurity review working mechanism for comments. There are 3 types of finding: Pass, Conditional Pass, and Fail.
Members of the cybercurity review working mechanism shall provide their feedbacks in writing within 15 working days. If unanimous agreement on the suggested finding is reached by the member
s, the Cybercurity Review Office shall feed the review finding back to the operator in writing. If not, the Cybercurity Review Office shall move the purcha in question into special review process and notify the operator.
Article 12 Regarding the purcha cas that have entered the special review process, the Cybercurity Review Office shall further listen to the opinions of relevant departments, specialized agencies and experts, conduct indepth analysis and evaluation, and then produce a suggested finding, which shall be reported to the Central Cyber Affairs Commission for approval after being circulated among the members of the cybercurity review working mechanism for comments.
Article 13 In principle, the special review process shall be completed within 45 working days. Extension is allowed for complicated cas.
Article 14 The operator shall cooperate with Cybercurity Review Office’s request for the submission of supplementary materials. The review period starts as of the date of the
submission of supplementary materials.
什川梨园The operator shall be responsible for the authenticity of the materials provided. Refusal to provide materials as required or deliberate provision of fal materials will lead to the Fail result.
长痛长爱Article 15 Cybercurity review personnel shall undertake confidentiality obligations for any information learned in the review, and shall not u such information for any purpo other than the cybercurity review.
Article 16 The operators shall enhance curity management, and urge product and rvice providers to earnestly fulfill the pledges they made during the cybercurity review.
The Cybercurity Review Office shall strengthen supervision during and after the review by carrying out spot checks and responding to public reports.
Article 17 Operators that violate the provisions of the Measures shall be dealt with in accordance with Article 65 of the Cybercurity Law of the People’s Republic of China.
Article 18 For the purpo of the Measures, a “CII operator” refers to an operator that has been designated by relevant CII protection departments.
荒凉的反义词是什么
“Secure and controllable” means that the product and rvice provider does not take advantage of the convenience of providing the products and rvices to illegally access urs’ data, illegally control and manipulate urs’ devices, or exploit urs’ dependence on their products and rvices for unjustified gains or to force urs into upgrading.室内机
Article 19 Where a purcha of network products and rvices or an information technology rvice is believed by a member of the cybercurity review working mechanism to affect or possibly affect national curity, the Cybercurity Review Office shall ek approval from the Central Cyber Affairs Commission for a cybercurity review into such purcha or rvice, and then organize the review in accordance with the Measures.
生物医学工程专业大学排名Article 20 Where state cret information is involved, relevant national confidentiality provisions shall prevail.
Article 21 The Measures shall come into force as of [DATE], and Measures for the Security Review of Network Products and Services (for Trial Implementation) shall be repealed simultaneously.小宇宙歌词