摘要
国务院46号文和国密局336号文体现出在《国家安全法》《网络安全法》实施和《密码法》《出口管制法》制定过程中"以我为主"、"张弛有度"的监管趋势,从涉外(或称跨境)企业的合规角度而言,需要从研发生产、销售、使用、进出口等多维度构筑因应策略,以实现对新近密集立法的必要遵从.特别是《网络安全法》的"数据本地化"和出境评估要求下,如何对密码技术和基于密码的数据进出境进行规范,亦是企业需加以审视的全新角度.对相关发文和配套指引进行了相应解读,并对涉及的与前述网络空间安全基本法相关的若干问题进行梳理和分析,以供合规参考.
Complying with National Security Law and Cybersecurity Law of PRC, the # 46 document of State Council, as well as the # 336 document of State Cryptography Administration honored and encouraged the idea to rely more on the FOEs and be more flexible in regulating commercial cryptography. In response to massive newly enacted rules and regulations, FOEs must adapt their policies in multiple dimensions including research, production, sale, use, exportation,and importation. More importantly, the requirements of data localization and export evaluation requirement under Cybersecurity Law created a new demand for FOEs to regulate its cryptography technology and international data exchange. This article takes on the perspective of corporations,interprets the two documents mentioned above and their related instructions, and further analyzes the issues posed under Cybersecurity laws and regulations.
出处
《信息安全研究》
2018年第3期238-241,共4页
Journal of Information Security Research
关键词
商用密码
技术审查
型号证书
标准密码
出境评估
commercial cryptography
technical review
type certificate
standard cryptography
export evaluation