The regulation is intended to help highly-regulated telecom businesses deal with challenges they face now that China is a member of the World Trade Organisation. Membership in WTO means that China has to open up its telecom sector to foreign competition and allow foreign companies to hold as much as a 49-per-cent stake in a joint venture.

Zhang Libin, a lawyer at White & Case China, said in general he felt positive about the new ruling and he did not see anything in the ruling that might contravene China's WTO commitments. 'Even under the WTO agreement, a country has the right to be concerned about and to defend its national security,' Mr Zhang pointed out.

However, he said, Chinese authorities might decide to use the national security issue as an umbrella to protect the competitiveness of domestic favourites.

In its new ruling, the Ministry urged Chinese telecom companies to check closely for possible security defects, commonly referred to as a 'software backdoors' and to have contingency plans for possible hacker or virus attacks. Chinese companies are being told to obtain a defect-free guarantee or warranty from suppliers.

However, Mr Zhang went on to point out, security assessments needed to be comprehensive because there could be security defects in locally-developed software. 'The most important thing is how to implement the security assessments and how transparent the assessments should be,' he said.

Mr Zhang said that instead the Ministry should develop industry standards that both the domestic developers and overseas suppliers can live up to and security requirements that can be met.

The new ruling also prevents Chinese telecom companies, both the major carriers and value-added service providers, from allowing remote access to their network operations by an overseas supplier without prior Ministry approval.

The regulation provides lengthy licensing details for mainland-based telecom firms. It also tells Internet service providers to keep a record of Internet hits, including information on what sites have been visited, when they were visited, and for how long. The Ministry did not say how long the companies were expected to keep the records.

The database requirement came as no surprise to Mr Zhang who does not see this as an invasion of privacy because it is a worldwide practice. He explained that, in some countries, companies were required to keep records for six months, but in China the data only needed to be retained for 60 days. This is according to a ruling from the MII and the State Council's Information Office at the end of 2000.

The Ministry has not provided clear guidelines on what firms should do with offensive data. ISPs have only been urged to keep a watchful eye open for pornographic material. The Ministry also advised business partners of telecom firms to 'act responsibly and co-operate in this matter'.

Mr Zhang added a more practical cautionary note, saying the MII needed to make certain that personal data like credit card numbers did not fall into the wrong hands and that service providers would not give commercial interests access to the data base.

Telecom carriers were told in the regulations to be cautious in preventing the possible abuse of this user data by a third party. The only people permitted to have access to the data are police, national security authorities, and state prosecutors, according to the regulation.