Overview & Analysis
The Measures for Cybersecurity Review establish a key review mechanism within China's cybersecurity and data-security framework. Their core purpose is to prevent risks to national security arising from the procurement of network products and services and from data-processing activities. Under the Measures, critical information infrastructure operators must assess national-security risk in advance when purchasing network products or services and must apply for cybersecurity review where national security may be affected. In addition, network platform operators may also fall within scope when their data-processing activities affect or may affect national security. The Measures further provide that a network platform operator holding personal information of more than 1 million users must apply for cybersecurity review before listing abroad. Structurally, the regime brings supply-chain security, data security, personal-information security, and national-security concerns into a single review framework.
The Measures matter for AI because modern AI projects typically rely on cloud services, high-performance computing, databases, application software, platform-based data processing, and large-scale flows of personal information and important data — all areas that the review regime expressly targets. The review focuses on factors such as supply interruption risk, source diversity, transparency, provider compliance with Chinese law, and the risk that core data, important data, or large volumes of personal information could be stolen, leaked, damaged, illegally used, or illegally transferred abroad. Legal commentary generally treats the Measures as one of the main tools through which China embeds a national-security lens into digital infrastructure, platform operations, and data processing — making them especially relevant for companies deploying AI infrastructure, using foreign technology, relying on cross-border corporate architectures, or handling large datasets in China.
In the AI context, the Measures are less about AI ethics in the narrow sense and more about the infrastructure, platform architecture, supply chain, data-processing activities, and national-security implications behind AI deployment. They function more like a rule for AI's structural and foundational risk than a content-governance instrument.
1. Procuring AI Infrastructure or Services in CII-Related Sectors
If a company is itself a critical information infrastructure operator, or serves one in sectors such as finance, energy, telecoms, transport, or public services, procurement of cloud services, servers, high-performance computing resources, large databases, application software, or other AI-related products and services with important cyber/data-security implications may require advance national-security risk assessment. If national security may be affected, an application for cybersecurity review should be filed, and procurement documents should require vendor cooperation and specific commitments.
2. Network Platform Operators Conducting Large-Scale AI Data Processing
The Measures do not only cover procurement — they also apply to data-processing activities carried out by network platform operators. For companies using AI for large-scale profiling, recommendation, analytics, training, automated customer service, content generation, or other platform-style processing, the regime may be triggered if the activity affects or may affect national security. The data-processing activity itself may be review-relevant, not just hardware or cloud procurement.
3. AI-Enabled Platforms with Large User Data Sets Planning Overseas Listings
Where a platform holds personal information of more than 1 million users and seeks to list abroad, cybersecurity review is mandatory. This matters especially for AI companies and heavily AI-enabled platforms because their business models often depend on large-scale user data, algorithm optimization, and platform operations. In that setting, the review is concerned not only with data volume but also with whether relevant data, systems, and platforms could be influenced, controlled, or maliciously used by foreign governments.
4. Using Foreign Suppliers, Cross-Border Architecture, or Geopolitically Exposed Supply Chains
The review expressly looks at security, openness, transparency, source diversity, supply-channel reliability, and the risk of disruption caused by political, diplomatic, or trade factors. That makes the Measures relevant where a company in China uses foreign cloud providers, foreign chips, cross-border remote support, global parent-company platforms, or a single overseas AI supplier. The issue is not just commercial efficiency — it is supply continuity and national-security exposure.
5. AI Projects Involving Core Data, Important Data, or Large Volumes of Personal Information
The Measures list the risk of theft, leakage, damage, illegal use, or illegal overseas transfer of core data, important data, or large volumes of personal information as key review factors. If an AI project relies on sensitive operational data, industrial data, user data, training-data lakes, cross-functional data integration, or model operations that connect to overseas systems, it should be assessed through a cybersecurity-review lens early — not only through ordinary privacy-compliance analysis.
The biggest mistake is to treat the Measures as relevant only to overseas listings or to traditional telecom infrastructure. In AI projects, they operate more like a foundational rule affecting vendor selection, system architecture, data layout, cross-border integration, contract drafting, and project timing. If a company waits until procurement signing, product launch, or a capital-markets transaction to consider them, it is often too late.
Start with an Upfront Trigger Assessment
Require each China AI project to answer a basic set of questions at launch: Does the project serve or connect into critical information infrastructure? Does it procure cloud computing, high-performance computing, databases, or major application software? Is a network platform operator conducting large-scale data processing? Does the project involve core data, important data, or large volumes of personal information? Is it tied to overseas listing plans, parent-company systems, cross-border remote access, or foreign suppliers? Turn these into an intake checklist.
Review AI Procurement Through a National-Security Lens
Companies often focus on performance, cost, model capability, and delivery speed when buying AI-related services. The Measures require something broader: evaluation of supply continuity, source diversity, channel reliability, transparency, provider compliance with Chinese law, and geopolitical interruption risk. China AI architecture reviews should not be left to engineers alone — legal, information security, procurement, and local business leaders should jointly assess single-vendor foreign dependence and hard-to-replace critical components.
Build a Clear Data Map Early
One of the central review concerns is the handling of core data, important data, and large volumes of personal information. The most practical step is not to begin with abstract legal debate, but with a clear operational data map: what data is collected in China, what enters training or inference, what enters cloud logs or monitoring systems, and what is shared with headquarters, vendors, or overseas teams. Once that map exists, the company can more quickly judge whether meaningful cybersecurity review risks exist.
Put Review-Cooperation & Continuity Commitments in Vendor Contracts
The Measures expressly require operators to use procurement documents and agreements to make vendors commit — not to illegally obtain user data, not to illegally control devices, and not to interrupt supply or technical support without justified reason. AI procurement contracts should cover China regulatory cooperation, limits on data access, support for local review, supply continuity, and assistance if a review is triggered. That reduces the risk of a project stalling because a vendor refuses to cooperate.
Do Not Treat AI Data Processing as a Privacy Issue Only
Many companies assign AI data questions solely to privacy teams. The Measures show that Chinese regulators may view some data-processing activities through a national-security lens — especially platformized AI, cross-functional data consolidation, large-user model optimization, behavioral profiling, and cross-border analytical linkage. In those scenarios, the issue is not only whether consent was obtained, but also whether the activity could be viewed as national-security-relevant data processing.
Create a China Escalation Path for Higher-Risk AI Projects
If a China AI project involves sensitive-sector customers, large volumes of personal information, industrial or operationally sensitive data, foreign suppliers, cross-border integration, or overseas capital-markets activity, establish a local escalation path led by China legal, compliance, the CISO function, or data-governance leadership. Use a three-tier structure: fast approval for ordinary projects, supplemental review for medium-risk projects, and a China governance group for high-risk projects needing structural analysis.
Consider Overseas Listing, Group Access & AI Platform Design Together
For AI platform businesses, the mandatory filing rule for overseas listings is not the only issue. Even without a listing, a China AI platform tightly integrated with overseas headquarters systems, overseas R&D teams, global data platforms, foreign cloud, or centralized maintenance arrangements may raise greater sensitivity around supply-chain security, data leakage, illegal outbound transfer, and foreign influence risk. Decide early which capabilities must be localized and which access rights must be ring-fenced.
Leave Time in the Plan for Review and Remediation
Once compliant materials are received, the Office decides within 10 working days whether a review is needed; preliminary review takes up to 30 + 15 working days; special review generally takes up to 90 working days and may be extended for complex cases. A project with visible trigger risk should not have an overcompressed procurement, deployment, launch, or transaction timetable. Build regulatory uncertainty into milestone planning and prepare analysis reports and contract materials early.
For multinational managers, the real significance of the Measures is not that they say "AI cannot be done" in China. It is that AI sustainability in China often depends less on model performance than on underlying architecture, supply-chain resilience, data-handling pathways, and national-security sensitivity. When those issues are addressed early through project screening, procurement design, contract drafting, architecture review, and local China governance mechanisms, companies can usually move ahead without materially sacrificing speed while greatly reducing the risk of later disruption or forced restructuring.
Complete Regulatory Text
Article Index
- Article 1 — Purpose and Legal Basis
- Article 2 — Scope of Application
- Article 3 — Review Principles
- Article 4 — Review Working Mechanism
- Article 5 — CII Operator Obligations & Advance Assessment
- Article 6 — Vendor Commitments in Procurement
- Article 7 — Mandatory Filing: Overseas Listing (1M+ Users)
- Article 8 — Application Materials
- Article 9 — Initial Determination (10 Working Days)
- Article 10 — National Security Risk Factors
- Article 11 — Preliminary Review (30 + 15 Working Days)
- Article 12 — Member Responses & Review Conclusion
- Article 13 — Special Review Procedure
- Article 14 — Special Review Timeline (90 Working Days)
- Article 15 — Supplementary Materials
- Article 16 — Member-Initiated Review
- Article 17 — Confidentiality & IP Protection
- Article 18 — Reporting Mechanism
- Article 19 — Post-Review Supervision
- Article 20 — Legal Liability
- Article 21 — Definition of Network Products and Services
- Article 22 — State Secrets & Other Review Regimes
- Article 23 — Effective Date & Repeal
The operators of critical information infrastructure and network platform operators referred to in the preceding paragraph are collectively referred to as the "parties."
The Office of Cybersecurity Review is located in the Cyberspace Administration of China and is responsible for formulating relevant institutional rules and standards for cybersecurity review and organizing cybersecurity review.
Departments responsible for the protection of the security of critical information infrastructure may formulate advance assessment guidelines for their respective industries and fields.
(1) not to illegally obtain user data or illegally control or manipulate user devices by taking advantage of the convenience of providing products and services;
(2) not to interrupt product supply or necessary technical support services without justified reasons.
(1) an application form;
(2) an analysis report on whether national security is affected or may be affected;
(3) procurement documents, agreements, contracts to be signed, or listing application documents to be submitted such as an initial public offering (IPO);
(4) other materials required for cybersecurity review.
(1) the risk that critical information infrastructure may be illegally controlled, interfered with, or destroyed after the products and services are used;
(2) the harm to the continuity of critical information infrastructure business caused by interruption of the supply of products and services;
(3) the security, openness, transparency, and diversity of sources of products and services, the reliability of supply channels, and the risk of supply interruption due to political, diplomatic, trade, or other factors;
(4) the compliance of providers of products and services with Chinese laws, administrative regulations, and departmental rules;
(5) the risk that core data, important data, or a large volume of personal information may be stolen, leaked, damaged, illegally used, or illegally transferred abroad;
(6) the risk, in connection with listing, that critical information infrastructure, core data, important data, or a large volume of personal information may be influenced, controlled, or maliciously used by foreign governments, as well as risks to network information security;
(7) other factors that may endanger the security of critical information infrastructure, cybersecurity, or data security.
Where the members of the cybersecurity review working mechanism and relevant departments have consistent opinions, the Office of Cybersecurity Review shall notify the parties of the review conclusion in writing; where opinions are inconsistent, the matter shall be handled in accordance with the special review procedure, and the parties shall be notified.
In order to prevent risks, the parties shall, during the review period, take preventive and risk-mitigation measures in accordance with the requirements of cybersecurity review.
The Office of Cybersecurity Review shall strengthen supervision before, during, and after the event by means such as accepting reports.
Where the State has separate provisions on data security review or security review of foreign investment, those provisions shall also be complied with.
网络安全审查办法
(2021年12月28日公布,自2022年2月15日起施行,第8号令)
来源:中国网信网
条文索引
- 第一条 — 立法目的和法律依据
- 第二条 — 适用范围
- 第三条 — 审查原则
- 第四条 — 审查工作机制
- 第五条 — 关键信息基础设施运营者义务
- 第六条 — 供应商承诺要求
- 第七条 — 赴境外上市强制申报(超100万用户)
- 第八条 — 申报材料
- 第九条 — 是否启动审查(10个工作日)
- 第十条 — 国家安全风险评估因素
- 第十一条 — 初步审查(30+15个工作日)
- 第十二条 — 成员单位意见与审查结论
- 第十三条 — 特别审查程序
- 第十四条 — 特别审查时限(90个工作日)
- 第十五条 — 补充材料
- 第十六条 — 成员单位主动发起审查
- 第十七条 — 保密义务与知识产权保护
- 第十八条 — 投诉举报机制
- 第十九条 — 事前事中事后监督
- 第二十条 — 法律责任
- 第二十一条 — 网络产品和服务的定义
- 第二十二条 — 国家秘密与其他审查制度衔接
- 第二十三条 — 施行日期与废止
前款规定的关键信息基础设施运营者、网络平台运营者统称为当事人。
网络安全审查办公室设在国家互联网信息办公室,负责制定网络安全审查相关制度规范,组织网络安全审查。
关键信息基础设施安全保护工作部门可以制定本行业、本领域预判指南。
(一)申报书;
(二)关于影响或者可能影响国家安全的分析报告;
(三)采购文件、协议、拟签订的合同或者拟提交的首次公开募股(IPO)等上市申请文件;
(四)网络安全审查工作需要的其他材料。
(一)产品和服务使用后带来的关键信息基础设施被非法控制、遭受干扰或者破坏的风险;
(二)产品和服务供应中断对关键信息基础设施业务连续性的危害;
(三)产品和服务的安全性、开放性、透明性、来源的多样性,供应渠道的可靠性以及因为政治、外交、贸易等因素导致供应中断的风险;
(四)产品和服务提供者遵守中国法律、行政法规、部门规章情况;
(五)核心数据、重要数据或者大量个人信息被窃取、泄露、毁损以及非法利用、非法出境的风险;
(六)上市存在关键信息基础设施、核心数据、重要数据或者大量个人信息被外国政府影响、控制、恶意利用的风险,以及网络信息安全风险;
(七)其他可能危害关键信息基础设施安全、网络安全和数据安全的因素。
网络安全审查工作机制成员单位、相关部门意见一致的,网络安全审查办公室以书面形式将审查结论通知当事人;意见不一致的,按照特别审查程序处理,并通知当事人。
为了防范风险,当事人应当在审查期间按照网络安全审查要求采取预防和消减风险的措施。
网络安全审查办公室通过接受举报等形式加强事前事中事后监督。
国家对数据安全审查、外商投资安全审查另有规定的,应当同时符合其规定。
