《【中英文对照版】网络安全审查办法(2021).docx》由会员分享,可在线阅读,更多相关《【中英文对照版】网络安全审查办法(2021).docx(10页珍藏版)》请在taowenge.com淘文阁网|工程机械CAD图纸|机械工程制图|CAD装配图下载|SolidWorks_CaTia_CAD_UG_PROE_设计图分享下载上搜索。
1、网络平安审查方法(2021)Measures for Cybersecurity Review (2021)【中英文对照版】发布部门:国家互联网信息办公室国家开展和改革委员会(含原国家开展计划委员会、原国家计划委员会) 工业和信息化部公安部国家平安部财政部商务部中国人民银行国家市场监督管理总局国家广播电视总局 中国证券监督管理委员会国家保密局国家密码管理局发文字号:国家互联网信息办公室、中华人民共和国国家开展和改革委员会、中华人民共和国工业和信息化部、中 华人民共和国公安部、中华人民共和国国家平安部、中华人民共和国财政部、中华人民共和国商务部、中国人民银 行、国家市场监督管理总局、国家广播电视
2、总局、中国证券监督管理委员会、国家保密局、国家密码管理局令第8 号发布日期:实施日期:效力级别:部门规章法规类别:网络平安管理Issuing Authority : Cyberspace Administration of China State Development & Reform Commission (incl. former StateDevelopment Planning Commission) Ministry of Industry & Information Technology Ministry of Public Security Ministry of State
3、Security Ministry of Finance Ministry of Commerce Peoples Bank of China State Administration for Market Regulation National Radio and Television Administration China Securities Regulatory Commission State Secrets Bureau State Encryption AdministrationDocument Number : Order No. 8 of the Cyberspace A
4、dministration of China, the National Development and ReformCommission, the Ministry of Industry and Information Technology, the Ministry of Public Security, the Ministry of State Security, the Ministry of Finance, the Ministry of Commerce, the Peoples Bank of China, the State Administration for Mark
5、et Regulation, the National Radio and Television Administration, the National Administration of State Secrets Protection, and the State Cryptography AdministrationDate Issued : 12-28-2021Effective Date : 02-15-2022Level of Authority : Departmental RulesArea of Law : Network Security Management民共和国国家
6、开展和改革委员 会、中华人民共和国工业和信息 化部、中华人民共和国公安部、 中华人民共和国国家平安部、中 华人民共和国财政部、中华人民 共和国商务部、中国人民银行、 国家市场监督管理总局、国家广 播电视总局、中国证券监督管理 委员会、国家保密局、国家密码 管理局令民共和国国家开展和改革委员 会、中华人民共和国工业和信息 化部、中华人民共和国公安部、 中华人民共和国国家平安部、中 华人民共和国财政部、中华人民 共和国商务部、中国人民银行、 国家市场监督管理总局、国家广 播电视总局、中国证券监督管理 委员会、国家保密局、国家密码 管理局令国家互联网信息办公室、中华人Order of the Cyb
7、erspace Administration of China, the National Development and Reform Commission, the Ministry of Industry and Information Technology, the Ministry of Public Security, the Ministry of State Security, the Ministry of Finance, the Ministry of Commerce, the Peoples Bank of China, the State Administratio
8、n for Market Regulation, the National Radio and Television Administration, the National Administration of State Secrets Protection, and the State Cryptography Administration(No. 8)(第8号)The Measures for Cybersecurity Review, as deliberated 网络平安审查方法已经2021年n月16日国家互联网 信息办公室2021年第20次室务 会议审议通过,并经国家开展和 改革委
9、员会、工业和信息化部、 公安部、国家平安部、财政部、 商务部、中国人民银行、国家市 场监督管理总局、国家广播电视 总局、中国证券监督管理委员 会、国家保密局、国家密码管理 局同意,现予公布,自2022年 2月15日起施行。and adopted at the 20th executive meeting of the Cyberspace Administration of China on November 16, 2021, and with the approval of the National Development and Reform Commission, the Minist
10、ry of Industry and Information Technology, the Ministry of Public Security, the Ministry of State Security, the Ministry of Finance, the Ministry of Commerce, the Peoples Bank of China, the State Administration for Market Regulation, the National Radio and Television Administration, the China Securi
11、ties Regulatory Commission, the National Administration of State Secrets Protection, and the State Cryptography Administration, are hereby issued and shall come into force on February 15, 2022.Zhuang Rongwen, Director of theAdministration of ChinaCyberspace国家互联网信息办公室主任 庄 荣文He Lifeng, Director of the
12、 National Development and Reform Commission国家开展和改革委员会主任 何 立峰Xiao Yaqing, Minister of Industry and Information Technology工业和信息化部部长肖亚庆Zhao Kezhi, Minister of Public Security公安部部长赵克志Chen Wenqing, Minister of State Security国家平安部部长陈文清Liu Kun, Minister of Finance财政部部长刘昆Wang Wentao, Minister of Commerce商务部
13、部长王文涛Yi Gang, Governor of the Peoples Bank of China中国人民银行行长易纲Zhang Gong, Head of the State Administration for Market Regulation国家市场监督管理总局局长 张 工Nie Chenxi, Head of the National Radio and Television Administration国家广播电视总局局长聂辰席Yi Huiman, Chairman of the China Securities Regulatory Commission中国证券监督管理委员会
14、主席 易会满Li Zhaozong, Head of the National Administration of State Secrets Protection国家保密局局长李兆宗Liu Dongfang, AdministrationHead of the State Cryptography国家密码管理局局长刘东方December 28, 20212021年12月28日Measures for Cybersecurity Review网络平安审查方法Article 1 In accordance with the National Security Law of the Peoples
15、 Republic of China and the Cybersecurity Law of the Peoples Republic of China, the Data Security Law of the Peoples Republic of China, and the Regulation on Protecting the Security of Critical Information Infrastructure, these Measures are developed for purposes of ensuring the security of the suppl
16、y chain of critical information infrastructure, cybersecurity and data security and safeguarding national security.第一条 为了确保关键信息 基础设施供应链平安,保障网络 平安和数据平安,维护国家安 全,根据中华人民共和国国家 平安法、中华人民共和国网 络平安法、中华人民共和国 数据平安法、关键信息基础 设施平安保护条例,制定本办 法。Article 2 If a critical information infrastructure operator purchases netw
17、ork products and services or an online platform operator conducts data processing, either of which affects or may affect national security, a cybersecurity review shall be carried out according to these Measures.第二条关键信息基础设施 运营者采购网络产品和服务,网 络平台运营者开展数据处理活 动,影响或者可能影响国家平安 的,应当按照本方法进行网络安 全审查。Key informati
18、on infrastructure operators and online platform operators specified in the preceding paragraph are collectively referred to as the parties.前款规定的关键信息基础设施运 营者、网络平台运营者统称为当 事人。Article 3 For cybersecurity review, the focus shall be on the combination of preventing network security risks and promoting the
19、 application of advanced technologies, the combination of process fairness and transparency and intellectual property protection, the combination of exante review and ongoing supervision, and the第三条网络平安审查坚持 防范网络平安风险与促进先进技 术应用相结合、过程公正透明与 知识产权保护相结合、事前审查 与持续监管相结合、企业承诺与combination of enterprise commitme
20、nt and social supervision. Such review shall be conducted from the aspects of, among other factors, the security of products and services and data processing activities, and the possible national security risks.社会监督相结合,从产品和服务 以及数据处理活动平安性、可能 带来的国家平安风险等方面进行 审查。第四条在中央网络平安和 信息化委员会领导下,国家互联 网信息办公室会同中华人民共和
21、 国国家开展和改革委员会、中华 人民共和国工业和信息化部、中 华人民共和国公安部、中华人民 共和国国家平安部、中华人民共 和国财政部、中华人民共和国商 务部、中国人民银行、国家市场 监督管理总局、国家广播电视总 局、中国证券监督管理委员会、 国家保密局、国家密码管理局建 立国家网络平安审查工作机制。网络平安审查办公室设在国家互 联网信息办公室,负责制定网络 平安审查相关制度规范,组织网 络平安审查。第五条关键信息基础设施 运营者采购网络产品和服务的, 应当预判该产品和服务投入使用 后可能带来的国家平安风险。影 响或者可能影响国家平安的,应 当向网络平安审查办公室申报网 络平安审查。关键信息基础
22、设施平安保护工作 部门可以制定本行业、本领域预 判指南。第六条对于申报网络平安 审查的采购活动,关键信息基础 设施运营者应当通过采购文件、 协议等要求产品和服务提供者配 合网络平安审查,包括承诺不利 用提供产品和服务的便利条件非 法获取用户数据、非法控制和操 纵用户设备,无正当理由不中断 产品供应或者必要的技术支持服Article 4 Under the leadership of the Central Cyberspace Affairs Commission, the Cyberspace Administration of China shall establish a nationa
23、l working mechanism for cybersecurity reviews in conjunction with the National Development and Reform Commission, the Ministry of Industry and Information Technology, the Ministry of Public Security, the Ministry of State Security, the Ministry of Finance, the Ministry of Commerce, the Peoples Bank
24、of China, the State Administration for Market Regulation, the National Radio and Television Administration, China Securities Regulatory Commission, the National Administration of State Secrets Protection, and the State Cryptography Administration.The Cybersecurity Review Office shall be based in the
25、 Cyberspace Administration of China, and shall be responsible for formulating cybersecurity review systems and standards and organizing cybersecurity reviews.Article 5 If a key information infrastructure operator purchases network products and services, it shall anticipate the potential national sec
26、urity risks that may arise from the use of such products and services. Those that affect or may affect national security shall be reported to the Cybersecurity Review Office for cybersecurity review.The department for the security protection of critical information infrastructure may develop guideli
27、nes for the anticipation of its own industry or field.Article 6 For the purchasing activities subject to applying for cybersecurity reviews, critical information infrastructure operators shall, through purchase documents and agreements, require product and service providers to cooperate with cyberse
28、curity reviews, including the commitments not to use their convenience of providing products and services to illegally obtain user data or control and manipulate user equipment and not to interrupt product supply or necessary technical support without justifiable grounds.务等。Article 7 An online platf
29、orm operator who have more than 1 million users* personal information must report to the Cybersecurity Review Office for cybersecurity review when going public abroad.第七条掌握超过100万用 户个人信息的网络平台运营者赴 国外上市,必须向网络平安审查 办公室申报网络平安审查。Article 8 When applying for cybersecurity review, a party shall submit the fol
30、lowing materials:第八条当事人申报网络安 全审查,应当提交以下材料:1. A written application;(一)申报书;2. An analytical report on whether national security is affected or may be affected;(二)关于影响或者可能影响国 家平安的分析报告;3. The purchase document or agreement and the contract to be signed, or initial public offering (IPO) and other listin
31、g application documents to be submitted;(三)采购文件、协议、拟签订 的合同或者拟提交的首次公开募 股(IP0)等上市申请文件;4. Other materials required for cybersecurity review.(四)网络平安审查工作需要的 其他材料。Article 9 The Cybersecurity Review Office shall, within ten working days of receipt of the review application materials that comply with Articl
32、e 8 of these Measures, determine whether a review is required and notify the parties in writing.第九条网络平安审查办公 室应当自收到符合本方法第八条 规定的审查申报材料起10个工 作日内,确定是否需要审查并书 面通知当事人。Article 10 A cybersecurity review shall focus on assessing the following national security risk factors for the relevant targets or situatio
33、ns:第十条网络平安审查重点 评估相关对象或者情形的以下国 家平安风险因素:1. The risks of illegal control of, interference in, or destruction of critical information infrastructure arising from the use of the products and services;(一)产品和服务使用后带来的 关键信息基础设施被非法控制、 遭受干扰或者破坏的风险;(二)产品和服务供应中断对关 键信息基础设施业务连续性的危 害;2. The harm to the business con
34、tinuity of key information infrastructure caused by the interruption of the supply of the products and services;(三)产品和服务的平安性、开 放性、透明性、来源的多样性, 供应渠道的可靠性以及因为政 治、外交、贸易等因素导致供应 中断的风险;(三)产品和服务的平安性、开 放性、透明性、来源的多样性, 供应渠道的可靠性以及因为政 治、外交、贸易等因素导致供应 中断的风险;3. The security, openness, transparency, diversity of sour
35、ces of products and services, reliability of supply channels, and the risks of supply disruption caused by political, diplomatic, and trade factors;(四)产品和服务提供者遵守中 国法律、行政法规、部门规章情 况;(四)产品和服务提供者遵守中 国法律、行政法规、部门规章情 况;4. The compliance by product and service providers with Chinese laws, administrative reg
36、ulations, and departmental rules;(五)核心数据、重要数据或者 大量个人信息被窃取、泄露、毁 损以及非法利用、非法出境的风 险;(五)核心数据、重要数据或者 大量个人信息被窃取、泄露、毁 损以及非法利用、非法出境的风 险;5. The risks of core data, important data, or a large amount of personal information being stolen, leaked, damaged, illegally used, or illegally transferred to another count
37、ry or jurisdiction;(六)上市存在关键信息基础设 施、核心数据、重要数据或者大 量个人信息被外国政府影响、控 制、恶意利用的风险,以及网络 信息平安风险;(六)上市存在关键信息基础设 施、核心数据、重要数据或者大 量个人信息被外国政府影响、控 制、恶意利用的风险,以及网络 信息平安风险;6. There are risks when an initial public offering is launched that key information infrastructure, core data, important data, or a large amount of
38、 personal information are influenced, controlled, or maliciously used by a foreign government and that network information security is endangered; and(七)其他可能危害关键信息基 础设施平安、网络平安和数据安 全的因素。(七)其他可能危害关键信息基 础设施平安、网络平安和数据安 全的因素。7. Other factors that may endanger the security of key information infrastructur
39、e, cybersecurity, and data security.第十一条网络平安审查办 公室认为需要开展网络平安审查 的,应当自向当事人发出书面通 知之日起30个工作日内完成初 步审查,包括形成审查结论建议 和将审查结论建议发送网络平安 审查工作机制成员单位、相关部 门征求意见;情况复杂的,可以 延长15个工作日。Article 11 If the Cybersecurity Review Office deems it necessary to launch a cybersecurity review, it shall, within 30 working days of rec
40、eipt of the written notice from the party, complete a preliminary review, including forming a proposal for review conclusions and sending it to the member entities of the working mechanism for cybersecurity reviews and relevant departments for comments* If the circumstances are complicated, an exten
41、sion may be granted for additional 15 working days.第十二条网络平安审查工Article 12 The member entities of the working作机制成员单位和相关部门应当 自收到审查结论建议之日起15 个工作日内书面回复意见。作机制成员单位和相关部门应当 自收到审查结论建议之日起15 个工作日内书面回复意见。mechanism for cybersecurity reviews and relevant departments shall reply to their comments in writing within
42、15 working days of receiving the proposal for review conclusions.网络平安审查工作机制成员单 位、相关部门意见一致的,网络 平安审查办公室以书面形式将审 查结论通知当事人;意见不一致 的,按照特别审查程序处理,并 通知当事人。If the member entities of the working mechanism for cybersecurity reviews and relevant departments reach a consensus, the Cybersecurity Review Office shall
43、 notify the parties of the review conclusions in written form. If their opinions are inconsistent, such inconsistency shall be handled according to the special review procedure, and the parties shall be notified.第十三条按照特别审查程 序处理的,网络平安审查办公室 应当听取相关单位和部门意见, 进行深入分析评估,再次形成审 查结论建议,并征求网络平安审 查工作机制成员单位和相关部门 意
44、见,按程序报中央网络平安和 信息化委员会批准后,形成审查 结论并书面通知当事人。Article 13 If the aforementioned inconsistency has been done according to the special review procedure, the Cybersecurity Review Office shall listen to the opinions of the relevant entities and departments, conduct in-depth analysis and assessment, and form a
45、renewed proposal for review conclusions before submitting to the member entities of the working mechanism for cybersecurity reviews and relevant departments for comments. After the proposal is submitted to the Central Cyberspace Affairs Commission for approval according to the procedures, review con
46、clusions will be formed, and the Cybersecurity Review Office shall notify the parties in writing of the review conclusions.第十四条特别审查程序一 般应当在90个工作日内完成, 情况复杂的可以延长。Article 14 The special review procedure shall generally be completed within 90 working days, and may be extended if the circumstances are co
47、mplicated.第十五条网络平安审查办 公室要求提供补充材料的,当事 人、产品和服务提供者应当予以 配合。提交补充材料的时间不计 入审查时间。Article 15 If the Cybersecurity Review Office requests supplementary materials, the parties and the product and service provider shall cooperate on that. The time for submitting supplementary materials shall not be included in
48、the review time.第十六条网络平安审查工 作机制成员单位认为影响或者可Article 16 If a member entity of the working mechanism for cybersecurity reviews deems that a network product or能影响国家平安的网络产品和服 务以及数据处理活动,由网络安 全审查办公室按程序报中央网络 平安和信息化委员会批准后,依 照本方法的规定进行审查。能影响国家平安的网络产品和服 务以及数据处理活动,由网络安 全审查办公室按程序报中央网络 平安和信息化委员会批准后,依 照本方法的规定进行审查。service or a data processing activity may affect or potentially affect national security, the Cybersecurity Review Office shall submit it to the Central Cyberspace Affa