The key information infrastructure operators and network platform operators mentioned in the preceding paragraph are collectively referred to as parties. Article 3 Network security review shall adhere to the combination of preventing network security risks and promoting the application of advanced technologies, combining process fairness and transparency with intellectual property protection, combining prior review with continuous supervision, and combining enterprise commitment with social supervision to review the safety of products and services, data processing activities and possible national security risks. Article 4 Under the leadership of the Central Cyber Security and Informatization Committee, the National Internet Information Office will work with the National Development and Reform Commission of the People's Republic of China, the Ministry of Industry and Information Technology of the People's Republic of China, the Ministry of Public Security of the People's Republic of China, the Ministry of National Security of People's Republic of China (PRC), the Ministry of Finance of People's Republic of China (PRC), the Ministry of Commerce of People's Republic of China (PRC) and the State Administration of Markets.
The Network Security Review Office is located in the National Internet Information Office, which is responsible for formulating relevant system norms and organizing network security review. Article 5 When purchasing network products and services, key information infrastructure operators shall predict the national security risks that may be brought by the products and services after they are put into use. If it affects or may affect national security, it shall report to the network security review office for network security review.
The safety protection department of key information infrastructure can formulate the pre-judgment guide of this industry and this field. Article 6 In the procurement activities applying for network security review, key information infrastructure operators shall require product and service providers to cooperate with network security review through procurement documents and agreements, including undertaking not to illegally obtain user data by taking advantage of the convenience of providing products and services, not to illegally control and manipulate user equipment, and not to interrupt product supply or necessary technical support services without justifiable reasons. Article 7 Network platform operators with more than 6,543,800 pieces of personal information of users must apply to the Network Security Review Office for network security review when going public abroad. Article 8 When applying for network security review, the following materials shall be submitted:
(1) a statement.
(2) An analysis report that affects or may affect national security;
(3) The acquisition documents, agreements, contracts to be signed or other listing application documents to be listed;
(4) Other materials required for network security review. Article 9 The network security review office shall, within 10 working days after receiving the review application materials that meet the requirements of Article 8 of these Measures, determine whether it is necessary to review, and notify the parties in writing. Tenth network security review focuses on the following national security risk factors of related objects or situations:
(a) the risk of illegal control, interference or destruction of key information infrastructure brought about by the use of products and services;
(two) the harm of the interruption of the supply of products and services to the business continuity of key information infrastructure;
(3) the safety, openness and transparency of products and services, the diversity of sources, the reliability of supply channels and the risk of supply interruption due to political, diplomatic and trade factors;
(four) the compliance of the products and service providers with the laws, administrative regulations and departmental rules of China;
(5) The risk that core data, important data or a large amount of personal information are stolen, leaked, damaged, illegally used or illegally left the country;
(6) There are risks that key information infrastructure, core data, important data or a large amount of personal information are influenced, controlled or maliciously used by foreign governments, as well as network information security risks;
(seven) other factors that may endanger the security of key information infrastructure, network security and data security. Article 11 If the network security review office deems it necessary to conduct a network security review, it shall complete the preliminary review within 30 working days from the date of sending a written notice to the parties, including forming a review conclusion, and send the review conclusions and suggestions to the member units of the network security review institution and relevant departments for comments; If the situation is complicated, 15 working days may be extended. Article 12 The member units and relevant departments of the network security review institution shall give a written reply within 05 working days from the date of receiving the review conclusions and suggestions.
With the consent of the member units and relevant departments of the network security review institution, the network security review office will notify the parties in writing of the review conclusion; If there are different opinions, it should be handled according to the special review procedure and notify the relevant parties.