China will start carrying out security checks of IT suppliers in the country, with the intent of keeping out internet products vulnerable to spying and hacking.
The new rules, which take effect in June, mean that foreign vendors will face more scrutiny -- including government-mandated background checks, and supply chain vetting -- when selling IT products to China’s major business sectors.
On Tuesday, the country’s Cyberspace Administration of China released the new rules, which call for the review of any important internet products and services that relate to the country’s security.
The rules appear to be quite broad. IT vendors selling to China’s finance, telecommunication, energy, and transportation sectors -- along with any other industry the government deems critical -- must have their products undergo the security checks.
Those checks will involve both third-party evaluators and government inspectors. They will also include product testing in labs, on-site examinations, and online monitoring.
The checks are designed to look at whether a product can be controlled or disrupted through illegal means, and whether it can unlawfully store or collect data on users.
The government will also review how the products are manufactured, tested, and delivered.
China didn’t give any technical details on how the security reviews will occur. But a key concern is whether foreign tech companies will need to hand over any sensitive intellectual property, such as a product’s source code.
The rules released on Tuesday only state that third-party evaluators and other staff conducting the security checks must do so confidentially. Any information obtained about the products cannot be used for any other purposes.
China has been talking about the need for IT product security checks since 2014, following several high-profile leaks from Edward Snowden that claimed the U.S. was secretly spying on the country’s schools and companies. However, trade groups are concerned Chinese action will push out foreign vendors from the market.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.