The Chinese government has set new regulations for critical information infrastructure operators to buy tech equipment, which could potentially represent new obstacles for foreign vendors.
The new regulations, which were announced by the Cyberspace Administration of China (CAC), require that domestic critical information infrastructure operators to undergo a review for any tech products or services that affect or may affect national security.
“The network products and services mentioned in these measures mainly refer to core network equipment, high-performance computers and servers, mass storage devices, large databases and application software, network security equipment and cloud computing services,” CAC said in a release.
“The cyber security review focuses on assessing the possible national security risks brought by the purchase of cyber products and services, mainly considering the risk of key information infrastructure brought about by the use of products and services being illegally controlled, subject to interference or destruction, and the theft, leakage, or damage of important data and the disruption of the supply of products and services to the business continuity of critical information infrastructure,” the Chinese agency said.
Under the terms of the new regulations, companies must submit procurement documents, purchase agreements, and an analysis of the deal’s potential national security impact for government review before signing a contract.
The regulations also highlighted that the Chinese government will consider “political, diplomatic, and trade factors” as part of any review. The Chinese agency also said that this review will involve both “pre-examination” and “continuous supervision”.
This new rules could potentially affect foreign vendors selling technology to Chinese operators as local companies would probably prefer to buy domestic products to avoid reviews and controls from local authorities.
“When an operator purchases network products and services, it shall anticipate the national security risks that the products and services may bring after they are put into use. If it affects or may affect the national security, it shall file a cyber security review with the cyber security review office,” CAC added.
The Chinese government also said that the special review procedure should generally be completed within 45 working days.
The new regulation comes into effect from June 1.
U.S. firms have raised concerns the proposed new rules could put overseas companies at a disadvantage in the Chinese market.
In a statement, the CAC said the new rules aren’t intended to restrict or discriminate against overseas suppliers, according to The Wall Street Journal.
