As mentioned in one of our recent client briefings, in December 2014 the China Banking Regulatory Commission (the “CBRC”) issued the Notice on the Promotion Guidelines for Banking Applications of Secure and Controllable Information Technology (2014-2015) (“Notice 317”). Among other things, Notice 317 required the source code for software applications used by banks to be submitted to the CBRC. It also appeared to require that banks source IT products and encryption algorithms primarily from Chinese vendors. Since its issuance, Notice 317 has attracted great attention and concern from foreign governments and businesses, as well as other market participants.
Last week, the CBRC suspended its implementation of Notice 317. According a copy of the suspension notice which we have reviewed (but which is not publicly available at present), the CBRC has stated that, in the interests of a steady and rational promotion of information security in the banking industry, it will halt the implementation of Notice 317 and issue new rules in due course.
For more commentary from a political/economic perspective, please refer to a recent NY Times article published at the end of last week.