China’s new cybersecurity inspection regulation
Scope and applicability. The regulation allows PSBs to conduct cybersecurity inspection on four types of Internet service providers and network-using entities (联网使用单位):
- Providers of Internet, data centers, content distribution and domain name services;
- Providers of Internet information services;
- Providers of public Internet access (such as Internet cafés); and
- Providers of other Internet services, which will be determined at the PSBs’ discretion.
PSBs are granted considerable discretion to determine whether the regulation applies to a specific business. Notably, the regulation is silent on what constitutes Internet service providers and network-using entities, the latter of which was defined in a 1997 MPS regulation as entities connected to the Internet that are required to register with the local PSB. Arguably, these two types of entities would also be deemed network operators under the CSL, defined to mean “owners, operators, and service providers of computer networks,” and further subject to various obligations imposed by the CSL.