x
Asia

China takes aim at foreign vendors with new security rules

While the US has Chinese tech firms on an ever-shortening leash, China is pushing back with some restrictions of its own.

For one, Chinese authorities are set to introduce a new layer of security checks on critical infrastructure kit.

New regulations, announced in April, don't include much detail, but they are endorsed by 12 government agencies, including Internet regulator CAC, the MIIT and the Ministry of Public Security – a sign of broad backing and intent.

The measures, due to come into effect on June 1, were foreshadowed in China's 2017 Cybersecurity Law.

In Chinese legal terms it is known as a basic law that enables further laws and regulations. Since being enacted, authorities have introduced a data privacy law, a cryptography law, and rules allowing police to enter the premises of an ISP and inspect or seize its data.

The latest regulations aren't arriving in a vacuum. Network suppliers must already undergo multiple checks, including an information security certification, network access licensing and sales licensing for specialized IT security products.

The government now requires "an operator of critical infrastructure" to carry out a national security assessment during procurement and to file a security review if it believes any risks are evident.

The rules don't specify the companies or sectors covered, but they will certainly apply to telecom operators and utilities and most likely financial services firms, mass transport providers, smart city networks and others.

The new measures will give government agencies additional tools to wield against foreign suppliers.

One clause requires that buyers consider the "reliability of supply channels, and the risk of supply disruption due to political, diplomatic, and trade factors."

An analysis published this week on the CAC website says the measures are aimed at ensuring supply chain integrity, preventing data theft and, in an echo of US concerns, the possibility of network backdoors that would lead to "information infrastructure being illegally controlled."

In a direct US reference, it also flagged possible trade controls and sales restrictions which would make it impossible to obtain necessary components.

Besides the new security check, China is working on a plan to drive global standards that might also give foreign vendors pause.

Later this year, Beijing will release a plan called "China Standards 2035." It aims to shape the next generation of global standards for key tech such as 5G, AI, cloud and IoT, reports CNBC.

In a standards-driven industry like telecom, the advantages of standards dominance are obvious, allowing companies to mold the industry toward their own technologies.

Experts note that China quite often mandates its own standards in economic agreements with developing countries, including its ambitious Belt-Road program, CNBC reports.

But foreign companies have long complained about China's use of indigenous standards to deny market access, excluding them from standards-setting bodies, and for a lack of transparency around the standards themselves.

The latest EU Chamber position paper says China is increasingly mandating domestic cryptography algorithms but refusing to issue licenses that would allow foreign firms to implement them.

The issue has caught Washington's attention. The US-China Security Commission held a virtual hearing on China's "promotion of alternative global norms and standards" on April 27.

— Robert Clark, contributing editor, special to Light Reading

Be the first to post a comment regarding this story.
HOME
Sign In
SEARCH
CLOSE
MORE
CLOSE