Recently the Office of State Commercial Cryptography Administration (OSCCA) released the Cryptography Law of the People’s Republic of China (Draft for Public Comments) (“the Draft”). Highlights of the Draft are as follows:

  • Article 11 sets forth that commercial encryption products that are sold or used in business activities, as well as the provision of commercial encryption services are subject to approval of competent authority in accordance with relevant catalogues.
  • Article 12 provides that Critical information infrastructure shall be protected by the use of encryption according to the provisions of laws and regulations as well as the mandatory requirements of encryption-related national standards.
  • Article 15 provides that the government will strengthen the encryption security system, improve the encryption security management regulations, and consolidate the encryption security protection capabilities.
  • Article 17 provides that the government will fortify the encryption monitoring and authentication systems, and will work out encryption monitoring and authentication rules. Article 18 provides that the government will conduct categorized and hierarchical evaluation of the encryption security in critical information infrastructure.
  • Article 22 provides for government support to scientific and technological research on encryption, academic exchanges and the development of the encryption industry. The government will provide legal protection to encryption intellectual property rights to stimulate innovation of encryption technology.
  • Article 23, 24, 25, and 26 provide for regulations on the encryption industry from the perspective of standardization system, awards for encryption technology, development of encryption talent teams and encryption education and popularization.