April 30, 2009

China Changes IT Disclosure Policy

China has revised its previous policy of demanding operational information for all imported computer security technology.

Foreign suppliers to China will no longer be required to disclose how their products work for commercial sales. However, they will have to provide such information for products supplied to the government, according the China Certification and Accreditation Administration on Wednesday.

The new rule revision comes after pressure from Washington as IT suppliers were concerned that the government could be using the rule to reveal crucial business information.

The revisions were met with favor from Washington, although some concerns still exist over disclosure of products supplied to the government.

"China's action is a step in the right direction," said U.S. Trade Representative Ron Kirk in a statement.

"We remain very concerned about China's plans to mandate on May 1, 2010, the information security testing and certification rules for products procured by China's government in a manner not consistent with global norms."

American officials voiced concerns over the rules during a series of talks in August, claiming they were infringing on global trade policies.

Chinese officials said the new rule was expected to go into effect on Friday, but it has been pushed back one year to May 1, 2010.

According to the Associated Press, 13 products are involved with the Chinese rule, they include database and network security systems, secure routers, data backup and recovery systems and anti-spam and anti-hacking software.

An official of a state-sanctioned industry group told the AP that the rules were meant to support development of Chinese technology by shielding companies from foreign competition.

The information provided to China could allow them to read encrypted messages or develop similar products.

The Chinese state agencies are the largest segment of computer technology consumers in China.


On the Net: