On 28 Dec. 2021, the Cyberspace Administration of China and other departments jointly revised and released the “Cybersecurity Review Measures” (hereinafter “the Measures”, 网络安全审查办法). The Measures shall come into effect on 15 Feb. 2022.
The Measures was originally promulgated in May 2020. Based on the 2020 Edition, the 2021 Revision adds the review requirements regarding overseas listings of Chinese online platform operators.
The Measures requires that online platform operators holding personal information of more than one million users and newly listing on foreign markets must report for cybersecurity review with the Cybersecurity Review Office.
If the operator’s listing brings about risks that critical information infrastructure, core data, important data or large amounts of personal information are affected, controlled or maliciously used by foreign governments as well as network information security risks, it will be subject to a focused assessment in the cybersecurity review process.
There may be any of the following three cases after reporting for cybersecurity review: first, no review is required; second, if the review is initiated and it is determined upon study that such listing does not affect the national security, the overseas listing procedures may be continued; third, if the review is initiated and it is determined upon study that such listing affects the national security, the overseas listing may not be allowed.