China’s new cybersecurity rules could hit foreign service providers
- Regulations will come into force in June requiring national security review of critical information infrastructure purchases
- There are concerns the new rules may deter Chinese companies from using overseas suppliers
China has tightened rules for how certain companies must safeguard national security when choosing network products and services, raising concerns among the foreign firms who provide those services.
The measures formalise steps needed to comply with a national security stipulation in China’s 2017 cybersecurity law.
Exactly which companies are considered critical information infrastructure operators remains unclear, but the umbrella term cuts a swathe through China’s industries including telecommunications, energy, transport, finance, health care and social security, as well as defence-related science and technology industries.
The new guidelines lay out both a government review timeline and a set of steps these companies must follow when purchasing products or services whose operations could be seen to have national security implications. These could include core network equipment, servers, cloud computing services, database software, and network security equipment.