CHINA
Reported in 2007
Pillar Technical standards applied to ICT goods, products and online services |
Sub-pillar Self-certification for product safety
Administrative Measures for the Multi-level Protection of Information Security 《多层次保护信息安全的行政措施》
(i) GB/T 22239-2019 Information Security Technology – Baseline for Multi-level Protection of Cyber Security; (ii) GB/T 25070- 2019 Information Security Technology – Technical Requirements of Security Design for Multi-level Protection of Cyber Security; and (iii) GB/T 28448-2019 Information Security Technology – Evaluation Requirement for Multi-level Protection of Cyber Security (together known as "MLPS 2.0") (i) GB/T 22239-2019《信息安全技术--网络安全多级防护基准》; (ii) GB/T 25070-2019《信息安全技术--网络安全多级防护安全设计技术要求》; (iii) GB/T 28448-2019《信息安全技术--网络安全多级防护评估要求》(合称《MLPS 2.0》)
(i) GB/T 22239-2019 Information Security Technology – Baseline for Multi-level Protection of Cyber Security; (ii) GB/T 25070- 2019 Information Security Technology – Technical Requirements of Security Design for Multi-level Protection of Cyber Security; and (iii) GB/T 28448-2019 Information Security Technology – Evaluation Requirement for Multi-level Protection of Cyber Security (together known as "MLPS 2.0") (i) GB/T 22239-2019《信息安全技术--网络安全多级防护基准》; (ii) GB/T 25070-2019《信息安全技术--网络安全多级防护安全设计技术要求》; (iii) GB/T 28448-2019《信息安全技术--网络安全多级防护评估要求》(合称《MLPS 2.0》)
The MLPS requires all IT systems in China to be classified on different levels of security, from one to five (with the most sensitive systems designated as level 5). The MLPS 2.0 has expanded the definition of 'information systems' to broader systems including network infrastructure, cloud computing systems, mobile application platforms, connected devices and industrial control systems.
The MLPS 2.0 requires networks of level 3 and above to adopt network products and services appropriate to their security protection levels. Companies classified as level 2 and above require companies' procurement and use of encryption products and services to be preapproved by the Chinese government. Under the MLPS 2.0, companies must self-assess their security management and compliance and such assessment results are evaluated and endorsed by the MLPS regulatory body.
The MLPS 2.0 require companies to set up their cloud infrastructure, including servers, virtualized networks, software, and information systems, in China. Such cloud infrastructures are subject to testing and evaluation by the Chinese government. Overseas operation and maintenance of Chinese cloud computing platforms must also follow Chinese laws and regulations. The national standards also state that customers' data and users' personal information processed by cloud service providers should be stored inside China, which is an additional requirement. It is currently uncertain how these national standards would be enforced and there has not yet been reports of enforcement.
The MLPS 2.0 requires networks of level 3 and above to adopt network products and services appropriate to their security protection levels. Companies classified as level 2 and above require companies' procurement and use of encryption products and services to be preapproved by the Chinese government. Under the MLPS 2.0, companies must self-assess their security management and compliance and such assessment results are evaluated and endorsed by the MLPS regulatory body.
The MLPS 2.0 require companies to set up their cloud infrastructure, including servers, virtualized networks, software, and information systems, in China. Such cloud infrastructures are subject to testing and evaluation by the Chinese government. Overseas operation and maintenance of Chinese cloud computing platforms must also follow Chinese laws and regulations. The national standards also state that customers' data and users' personal information processed by cloud service providers should be stored inside China, which is an additional requirement. It is currently uncertain how these national standards would be enforced and there has not yet been reports of enforcement.
Coverage Information Systems including network infrastructure, cloud computing systems, mobile application platforms, connected devices and industrial control systems
Sources
- http://www.ustr.gov/sites/default/files/2014%20TBT%20Report.pdf
- http://csis.org/publication/national-security-and-chinas-information-security-standards
- http://www.amchamchina.org/information-cyber-security
- https://www.amcham-shanghai.org/en/article/mlps-20-set-take-effect-december-1
- https://assets.kpmg/content/dam/kpmg/cn/pdf/en/2019/05/mlps-insights-strategies.pdf
- https://www.csis.org/analysis/how-chinese-cybersecurity-standards-impact-doing-business-china
- https://www.tanovo.com/upload/sitearticle_file/208/【等保2.0-正式发布版】GBT25070-2019信息安全技术网络安全等级保护安全设计技术要求.pdf
- Show more...
CHINA
Radio Type Approval since January 1996
Network Access License since June 2001
China Compulsory Certification since August 2003
Network Access License since June 2001
China Compulsory Certification since August 2003
Pillar Technical standards applied to ICT goods, products and online services |
Sub-pillar Self-certification for product safety
State Radio Regulation of China SRRC 无线电设备型号核准证(SRRC)
Network Access License (NAL) 进网许可证(NAL)
China Compulsory Certification (CCC) requirement 中国强制认证(CCC)要求
Network Access License (NAL) 进网许可证(NAL)
China Compulsory Certification (CCC) requirement 中国强制认证(CCC)要求
China’s current certification requirements for telecommunications equipment are reported to conflict with its WTO obligations of limiting imported products to no more than one conformity assessment scheme and requiring the same mark for all products (Article 13.4.a of China’s WTO Accession).
China has three different licensing regimes: State Radio Regulation of China (SRRC), the Network Access License (NAL) and the China Compulsory Certification (CCC). The CCC is required for a list of products that includes many types of IT products, video and audio equipment etc. The NAL is required for all telecommunications equipment in China. The NAL license requires extensive testing and support and may include network trials and review of the product by a local panel of experts, in addition to laboratory testing against China's national standards. Radio communication equipment intended to be marketed in China requires radio type approval granted by the Ministry of Industry and Information Technology of the People’s Republic of China (MIIT)’s ‘State Radio Regulation Committee’ (SRRC). Specified equipment samples are tested in designated laboratories according to local Chinese standards.
Therefore, for a given piece of equipment, it can cost between USD 30,000-35,000 to test for all three licenses (SRRC, NAL, and CCC). The CCC mark is used for both Chinese and foreign products. Moreover, all testing for the CCC mark must be conducted in China and US exporters are often required to submit their products to Chinese laboratories for additional tests.
The CCC certificate and permission of printing the CCC mark must be renewed annually as part of a follow-up certification. Part of the follow-up certification is also a one-day factory audit.
China is also reported as having limitations on foreign invested conformity assessment bodies in country.
China has three different licensing regimes: State Radio Regulation of China (SRRC), the Network Access License (NAL) and the China Compulsory Certification (CCC). The CCC is required for a list of products that includes many types of IT products, video and audio equipment etc. The NAL is required for all telecommunications equipment in China. The NAL license requires extensive testing and support and may include network trials and review of the product by a local panel of experts, in addition to laboratory testing against China's national standards. Radio communication equipment intended to be marketed in China requires radio type approval granted by the Ministry of Industry and Information Technology of the People’s Republic of China (MIIT)’s ‘State Radio Regulation Committee’ (SRRC). Specified equipment samples are tested in designated laboratories according to local Chinese standards.
Therefore, for a given piece of equipment, it can cost between USD 30,000-35,000 to test for all three licenses (SRRC, NAL, and CCC). The CCC mark is used for both Chinese and foreign products. Moreover, all testing for the CCC mark must be conducted in China and US exporters are often required to submit their products to Chinese laboratories for additional tests.
The CCC certificate and permission of printing the CCC mark must be renewed annually as part of a follow-up certification. Part of the follow-up certification is also a one-day factory audit.
China is also reported as having limitations on foreign invested conformity assessment bodies in country.
Coverage Electrical and ICT goods
Sources
- http://www.tiaonline.org/gov_affairs/fcc_filings/documents/P%20Telecommunications%20Industry%20Association%201377%20Report.pdf
- http://www.china-certification.com/en/network-access-license-nal-for-telecommunication-equipment
- http://www.china-certification.com/en/list-of-ccc-mandatory-products
- http://www.cnca.gov.cn/cnca/cncatest/20040420/column/227.htm
- http://www.typeapproval.com/china#telecommunications-equipment
- https://www.tuv.com/market-access-services/en/certification-filter/srrc-approval.html
- http://www.gov.cn/flfg/2009-07/21/content_1369826.htm
- http://www.lcs-rf.com/readnews.asp?id=158
- http://www.tinglitu.com/html/200305/law_97539.html
- Show more...
CHINA
Since July 2009
Pillar Technical standards applied to ICT goods, products and online services |
Sub-pillar Self-certification for product safety
Revised Management Regulations for Compulsory Product Certification (CCC) 《修订后的强制性产品认证(CCC)管理规定》
Since 2009, Administration of Quality Supervision, Inspection, and Quarantine (AQSIQ) bureaus have greater authority to conduct on-site investigations and increase penalties for non-compliance.
The regulations add more categories of non-compliance and refine and expand penalties. They also penalize companies that counterfeit or sells CCC marks or use canceled or expired certification documents. The revised regulations also raise fines for some violations—the fine for companies that are certified but do not apply CCC labels to their products has doubled to ¥20,000 ($2,928). The new provisions specify a five-year validity period for CCC certification and require a company to apply for an extension within 90 days of expiration.
The regulations add more categories of non-compliance and refine and expand penalties. They also penalize companies that counterfeit or sells CCC marks or use canceled or expired certification documents. The revised regulations also raise fines for some violations—the fine for companies that are certified but do not apply CCC labels to their products has doubled to ¥20,000 ($2,928). The new provisions specify a five-year validity period for CCC certification and require a company to apply for an extension within 90 days of expiration.
Coverage ICT goods
CHINA
Accessed in January 2016
Pillar Technical standards applied to ICT goods, products and online services |
Sub-pillar Self-certification for product safety
China Compulsory Certification (CCC) requirement 中国强制认证(CCC)要求
Companies have expressed concerns about duplication of safety certification requirements, particularly for radio and telecommunications equipment, medical equipment, and automobiles, which result in increased costs and slow down of product introduction in the market.
Twelve categories of ICT products and nine categories of telecommunication equipment are subject to compulsory EMC and safety regulation. Whether EMC, safety only or both tests are required depends on the certification guidelines for a particular product. Suppliers' declaration of conformity is not sufficient, while certification by a third party and/or certification by a government agency is not accepted unless the third party meets the requirements prescribed in Articles 10 and 11 of the Regulations of People's Republic of China on Certification and Accreditation.
Moreover, China retains the right to reconfirm sample machines or conduct tests on inconsistent items.
Twelve categories of ICT products and nine categories of telecommunication equipment are subject to compulsory EMC and safety regulation. Whether EMC, safety only or both tests are required depends on the certification guidelines for a particular product. Suppliers' declaration of conformity is not sufficient, while certification by a third party and/or certification by a government agency is not accepted unless the third party meets the requirements prescribed in Articles 10 and 11 of the Regulations of People's Republic of China on Certification and Accreditation.
Moreover, China retains the right to reconfirm sample machines or conduct tests on inconsistent items.
Coverage Twelve categories of ICT products and nine categories of telecom equipment
CHINA
Since October 2019
Pillar Technical standards applied to ICT goods, products and online services |
Sub-pillar Self-certification for product safety
Omission of Compulsory CCC Certification for Certain Products and Implementation of CCC Self-Declaration for Other Products 对某些产品不进行强制性CCC认证,对其他产品实施CCC自我声明
The Self-Declaration of Compulsory Product Certification has two product types known as “Type A” and “Type B.” Type A products can be allowed to be tested in own or self-determined laboratories, whereas Type B products must be tested in laboratories accredited by the Chinese authority CNAS. Products for which self-certification is allowed include electrical tools, IT equipment, certain audio and video equipment. The complete list of the products is set out in Annex 2 of the notification.
Coverage Several products including IT, audio and video equipment
CHINA
Since August 2003
Pillar Technical standards applied to ICT goods, products and online services |
Sub-pillar Self-certification for product safety
China Compulsory Certification (CCC) requirement中国强制认证(CCC)要求
It is reported that China applies the China Compulsory Certification (CCC) mark requirement inconsistently and that many Chinese produced goods continue to be sold without the mark.
Coverage Several goods including electrical/electronic products and ICT products
Sources
- http://web.ita.doc.gov/ITI/itiHome.nsf/ea087b1279d5fb1985256ce00053c33c/473d375d186b10e085256f42005caef5?OpenDocument
- http://www.china-certification.com/en/list-of-ccc-mandatory-products
- http://www.cnca.gov.cn/mra/NewZealand/english/ccccertificationofproductfromnewzealand/cccimplementationrules/images/2009/11/30/71A7AB5F47453E4B644ECA6FB43A79FA.pdf
- http://www.gov.cn/flfg/2009-07/21/content_1369826.htm
- Show more...
CHINA
Reported in 2012
Pillar Technical standards applied to ICT goods, products and online services |
Sub-pillar Open and transparent standard-setting process
Lack of foreign participation in standard-setting
It is reported that most of the standards are drafted by the Chinese government alone, without foreign or public input. Even if foreign companies are allowed to sit in on the drafting process, they do not have a vote when the technical committees actually vote on a draft standard. In recent years, existing technical committees continue to develop standards but more foreign participation is being allowed in some cases. For example, the technical committee for cybersecurity standards has begun allowing foreign companies to participate in some standards development and setting, with a few U.S. and other foreign companies being allowed to vote and to participate at the working group level in standards development. However, foreign companies’ ability to participate in technical committee activities remains restricted.
China is also increasingly developing and mandating national algorithms for its encryption technology that differ from global standards. These standards are developed in technical committees that are closed to foreign participation.
The Chinese government has also supported the development of mandated domestic radio frequency identification (RFID) standards, without international participation or consensus, despite the fact that global standards for RFID already exist.
China is also increasingly developing and mandating national algorithms for its encryption technology that differ from global standards. These standards are developed in technical committees that are closed to foreign participation.
The Chinese government has also supported the development of mandated domestic radio frequency identification (RFID) standards, without international participation or consensus, despite the fact that global standards for RFID already exist.
Coverage Horizontal
CHINA
Since 2001, amended in 2007, 2008 and 2020
Pillar Quantitative trade restrictions for ICT goods, products and online services |
Sub-pillar Export restrictions on ICT goods, products and online services
Announcement [2020] No. 38 to amend the Catalogue of Technologies Prohibited or Restricted from Export关于调整发布《中国禁止出口限制出口技术目录》的公告公告[2020]第38号
Announcement No. 38 amends the Catalogue of Technologies Prohibited or Restricted from Export adding 23 categories of technologies to the list of technologies restricted from export, modifying the control parameters of 21 categories of technologies already included on such list. The announcement also removes certain products from the prohibited and restricted list including informational security firewall technology. The export of restricted products can only be undertaken pursuant to obtaining permission from the Chinese government, while export of technologies such as AI and interactive interface technologies is prohibited. Newly added categories of technologies, the export of which is restricted as a result of the amendments, include cryptographic security technologies, information countermeasure and defense technologies, 3D printing technologies, laser technologies, cryptographic chip design and implementation technology, information processing technology, basic software security enhancement technology, among others.
Coverage Several technologies, including 3D printing, cryptographic chip design and implementation, information processing, basic software security enhancement
Sources
- http://www.mofcom.gov.cn/article/ae/sjjd/202008/20200802996696.shtml
- https://globalcompliancenews.com/china-amends-catalogue-of-technologies-prohibited-or-restricted-from-export01092020/
- http://www.mofcom.gov.cn/article/b/xxfb/202008/20200802996641.shtml
- https://www.taxathand.com/article/15346/China/2020/Catalogue-of-technologies-subject-to-export-restrictions-and-prohibitions-updated
- http://www.gov.cn/zhengce/zhengceku/2020-08/29/content_5538299.htm
- Show more...
CHINA
Reported in July 2016
Pillar Quantitative trade restrictions for ICT goods, products and online services |
Sub-pillar Export restrictions on ICT goods, products and online services
Export restrictions on rare-earths
It is reported that China imposes a set of export restrictions, including export duties and export quotas, on selected raw materials: graphite, cobalt, copper, lead, chromium, magnesia, talcum, tantalum, tin, antimony, and indium. Some of these raw materials (e.g. graphite, copper, tin, and indium) are used to produce smartphones and batteries. The export restrictions limit access to these products for companies outside China. In addition, a draft regulation on rare earths is pending approval to provide for total quota control over rare-earth mining, smelting, and separation, and the approval system for investment projects of rare earths.
Coverage Rare-earths
Sources
- http://www.wto.org/english/tratop_e/dispu_e/cases_e/ds431_e.htm
- http://www.wsj.com/articles/china-ends-rare-earth-minerals-export-quotas-1420441285
- http://www.statista.com/statistics/215216/chinese-rare-earth-element-export-quotas/
- https://www.wto.org/english/tratop_e/dispu_e/cases_e/ds508_e.htm
- https://www.globaltimes.cn/page/202101/1212941.shtml
- https://www.miit.gov.cn/gzcy/yjzj/art/2021/art_863f0f1671cf44b28e6ed8cb60eae7f6.html
- Show more...
CHINA
Reported in 2015
Pillar Quantitative trade restrictions for ICT goods, products and online services |
Sub-pillar Export restrictions on ICT goods, products and online services
Licensing regime for imports of drones and supercomputers
It is reported that China limits exports of advanced drones and supercomputers for national security reasons. Affected vendors have to apply for a government permit to ship their technology outside China.
Coverage Drone and high-performance computing technologies
CHINA
Since April 2016
Since June 2017
Since 2000
Since June 2017
Since 2000
Pillar Quantitative trade restrictions for ICT goods, products and online services |
Sub-pillar Local content requirements (LCRs) on ICT goods for the commercial market
Provisions on Insurance System Informatization, 2016 《关于保险系统信息化的规定》, 2016
Cybersecurity Law of the People’s Republic of China, 《2017 中华人民共和国网络安全法》,2017年
Information Security Technology – Guidelines for Grading of Classified Cybersecurity Protection, 2020 《信息安全技术- 网络安全等级保护定级指南》
Cybersecurity Law of the People’s Republic of China, 《2017 中华人民共和国网络安全法》,2017年
Information Security Technology – Guidelines for Grading of Classified Cybersecurity Protection, 2020 《信息安全技术- 网络安全等级保护定级指南》
Art. 53 of the Provisions on Insurance System Informatization, 2016 states, "Insurance institutions shall give first priority to the procurement of secure and controllable hardware equipment and software products, steadily introduce the application of secure and controllable products; actively create conditions to raise the indigenous research and development level, and continuously enhance insurance institutions' strength in security and controllability of informatization". It is reported that the phrase "secure and controllable" technology in conjunction with the reference to "conditions to raise the indigenous research and development level" could be read in context as reference to local technology. Further, it is reported that the requirement to procure "secure and controllable" requirements was not explained adequately by authorities and had been understood in the past to domestic technology. It has been argued that companies sourcing ICT products were interpreting this language constructively and consequently believe that they are required to purchase only domestic goods.
Coverage Information and telecommunications equipment used by the banking and insurance sectors
Sources
- http://www.strtrade.com/news-publications-local-content-requirements-WTO-042215.html
- https://docs.wto.org/dol2fe/Pages/FE_Search/FE_S_S009-DP.aspx?language=E&CatalogueIdList=248360,243819,237567,233509,230496,226631,133523,128795,126916,121567&CurrentCatalogueIdIndex=0&FullTextHash=&H...
- https://docs.wto.org/dol2fe/Pages/FE_Search/FE_S_S009-DP.aspx?language=E&CatalogueIdList=230496,226631,133523,128795,126916,121567,117444,97678,105647,40338&CurrentCatalogueIdIndex=0&FullTextHash=&Has...
- http://www.gov.cn/xinwen/2015-10/09/content_2944287.htm
- http://www.cac.gov.cn/2016-11/07/c_1119867116.htm
- https://www.tanovo.com/upload/sitearticle_file/404/GBT22240-2020信息安全技术网络安全等级保护定级指南.pdf
- Show more...
CHINA
Since September 2014
Pillar Quantitative trade restrictions for ICT goods, products and online services |
Sub-pillar Local content requirements (LCRs) on ICT goods for the commercial market
Notice concerning Further Implementing Regulations on the Management of Online Foreign Film and Television Dramas 《关于进一步落实网上境外影视剧管理有关规定的通知
Since September 2014, the Chinese State Administration of Radio, Film and Television (SARFT) tightened the regulation for foreign TV and online streaming content. Online platforms will have to limit foreign content to 30% of the streaming content made available online.
Coverage Online Broadcast Content
Sources
- http://www.nytimes.com/2012/02/15/world/asia/aiming-at-asian-competitors-china-limits-foreign-television.html
- http://www.globaltradealert.org/intervention/11229
- https://www.wsj.com/articles/china-to-tighten-limit-on-foreign-tv-and-video-imports-1447672849
- https://www.straitstimes.com/asia/east-asia/china-plans-to-outlaw-foreign-tv-shows-in-prime-time
- https://chinacopyrightandmedia.wordpress.com/2014/09/02/notice-concerning-further-implementing-regulations-on-the-management-of-online-foreign-film-and-television-dramas/
- Show more...
CHINA
Since October 2019
Pillar Quantitative trade restrictions for ICT goods, products and online services |
Sub-pillar Other import restrictions, including non-transparent/discriminatory import procedures
Cryptography Law of the People's Republic of China, 2019 《中华人民共和国密码法》, 2019年
Under the Cryptography Law, the import and export of commercial encryption products, technologies, and services remain subject to government approval. Commercial encryption products that may affect national security, and public interest and have encryption-based protective functions can only be imported under a permit. The Ministry of Commerce together with the Office of State Commercial Cryptography Administration (OSCCA) and the General Administration of Customs publish the catalogs of commercial encryption products that are subject to the above import permit and export controls. The aforesaid requirements do not apply to commercial encryption used in products for consumption by the general population. However, the Cryptography Law does not define the term leaving it unclear as to how this is implemented in practice.
In addition, the Cryptography Law has removed the requirement for mandatory certification and has instead established a voluntary certification scheme, which encourages manufacturers to apply to qualified agencies for the testing and certification of their commercial encryption products. The products set out in the Product Catalogue are no longer subject to mandatory approval requirements before launching their product in the market. The voluntary certification provides a marking that serves to assure customers that their commercial encryption products conform with Chinese encryption standards. Products included in the product catalog are smart password keys, smart IC cards, ATM application systems, security authentication, financial data encryption machines, etc.
In addition, the Cryptography Law has removed the requirement for mandatory certification and has instead established a voluntary certification scheme, which encourages manufacturers to apply to qualified agencies for the testing and certification of their commercial encryption products. The products set out in the Product Catalogue are no longer subject to mandatory approval requirements before launching their product in the market. The voluntary certification provides a marking that serves to assure customers that their commercial encryption products conform with Chinese encryption standards. Products included in the product catalog are smart password keys, smart IC cards, ATM application systems, security authentication, financial data encryption machines, etc.
Coverage Encryption products and encryption software
CHINA
Since January 2019
Pillar Quantitative trade restrictions for ICT goods, products and online services |
Sub-pillar Import ban applied on ICT goods, products and online services
MOFCOM Notice 106/2018 商务部第106/2018号公告
In December 2018, the Ministry of Commerce (MOFCOM) and the General Administration of Customs issued the adjusted catalog of used mechanical and electrical products prohibited from import, effective from 1 January 2019. The adjusted catalog includes part of the mechanical and electrical products. Some of the products included in this list are video recorders, sound recorders or playback equipment using semiconductor media, disc-type broadcast video recorders, color LCD monitors that can be directly connected and designed for automatic data processing equipment.
Coverage Certain mechanical and electrical products
Sources
CHINA
Since January 2020
Pillar Quantitative trade restrictions for ICT goods, products and online services |
Sub-pillar Other import restrictions, including non-transparent/discriminatory import procedures
MOFCOM Notice 97/2013 商务部第97/2013号公告
MOFCOM Notice 63/2019 imposes non-automatic import licensing procedure upon certain chemicals, machinery and electrical goods. Some of the products included in this list are satellite TV receptors, antenna for satellite TV reception, decoder for satellite TV reception, special parts for satellite TV reception.
Coverage Certain chemicals, machinery and electrical goods