China News Finance, January 4th. According to the official website of the National Cyberspace Administration of China, 13 departments including the National Internet Information Office and the National Development and Reform Commission have jointly revised the "Cyber ​​Security Review Measures" (hereinafter referred to as the "Measures"). Effective on February 15, 2022.

  The relevant person in charge of the National Internet Information Office stated that the circumstances that affect or may affect national security by network platform operators’ data processing activities are included in the scope of network security review, and clearly require network platform operators who have personal information of more than 1 million users to go overseas to list. The main purpose of applying for network security review is to further protect network security and data security, and maintain national security.

  The above-mentioned person in charge also stated that according to the Data Security Law, data processing activities include data collection, storage, use, processing, transmission, provision, and disclosure.

The “Measures” focuses on situations in which network platform operators carry out the above-mentioned data processing activities that affect or may affect national security.

  The "Measures" stipulate that when key information infrastructure operators purchase network products and services, they should predict the national security risks that may arise after the products and services are put into use.

Those that affect or may affect national security should report to the Cyber ​​Security Review Office for a cyber security review.

Relevant persons in charge of the National Internet Information Office answered reporters' questions on the "Measures":

  Question: Please briefly introduce the background of the revision of the "Measures"?

  Answer: Cyber ​​security review is an important legal system in the field of cyber security.

Since the original "Measures" came into effect on June 1, 2020, by reviewing the procurement activities of key information infrastructure operators and initiating reviews of some important products, they have played a role in ensuring the security of the critical information infrastructure supply chain and maintaining national security. Important role.

  On September 1, 2021, the "Data Security Law" was formally implemented, clearly stipulating that the country establishes a data security review system.

Based on this, we have revised the "Cyber ​​Security Review Measures" to include circumstances that affect or may affect national security from data processing activities carried out by network platform operators into the scope of network security review, and clearly require network platforms that have access to personal information of more than 1 million users Operators must apply for cyber security review when going abroad to list. The main purpose is to further protect network security and data security, and maintain national security.

  Question: What are the possible results of an online platform operator going to a foreign country to apply for a cyber security review?

  Answer: Opening to the outside world is my country's basic national policy. We have always supported domestic enterprises to rationally use overseas capital market financing to develop in accordance with laws and regulations.

The “Measures” clarify that “network platform operators who have the personal information of 1 million users must apply for a cybersecurity review when they are listed abroad.” There may be three situations in which to apply for a cybersecurity review: one is that there is no need for review; the other is that after the review is initiated, the review is determined Those that do not affect national security can continue the procedures for listing abroad; third, after the review is initiated, those that affect national security are not allowed to be listed abroad.

  Question: How to understand the data processing activities involved in the cyber security review?

  Answer: According to the Data Security Law, data processing activities include data collection, storage, use, processing, transmission, provision, and disclosure.

The “Measures” focus on situations in which network platform operators carry out the above-mentioned data processing activities that affect or may affect national security.

  Question: When will the network platform operator apply for a network security review for listing abroad?

  Answer: The network platform operator should apply for a network security review before submitting a listing application to a foreign securities regulatory agency.

  Question: How to submit application materials for online security review for listing abroad?

  Answer: The Cyber ​​Security Review Office is located in the National Internet Information Office, and the specific work is entrusted to the China Cyber ​​Security Review Technology and Certification Center.

The China Cybersecurity Review Technology and Certification Center, under the guidance of the Cybersecurity Review Office, undertakes tasks such as receiving application materials and conducting formal review of the application materials.

China Cyber ​​Security Review Technology and Certification Center has set up a network security review consultation window.

(Finish)