High-ranking Chinese officials are drafting the new security regulation that would require multifunctional office equipment procured by that country’s national and local governments to be designed and developed domestically, The Yomiuri Shimbun has learned.
This is a higher level of involvement than for national standards in other fields, illustrating Beijing’s emphasis on domestic development and controlling information.
According to sources, the new regulation is being drafted by the National Information Security Standardization Technical Committee (TC260), which is in charge of China’s national standards for information security technology. Guidance is being provided by the Standardization Administration, an organization under the State Council, China’s central government.
Members of the TC260 include high-ranking officials of the Chinese Communist Party’s Central Cyberspace Affairs Commission Office, which is under the direct control of President Xi Jinping and regulates cybersecurity, as well as officials from the Industry and Information Technology Ministry and Public Security Ministry.
In China, national standards are formulated by specialized committees in each respective field. “The TC260 is large with about 100 members, and includes more party and government officials than committees in other fields,” a source said.
The TC260 consists of seven working groups, including groups handling data and communication security, and password technology. The working group on information security assessment is responsible for the new standards for office devices, including multifunctional equipment with functions such as printing and scanning.
After the draft compiled by the working group is approved by the Standardization Administration, relevant domestic and foreign manufacturers will be invited to give their opinions in private. However, external opinions are not always reflected, according to a foreign company official.
Beijing is preparing to issue the new standard by the end of next year, according to sources. It previously issued standards for the security requirements and inspection methods for office devices in 2012 and 2020, and the TC260 was involved in drafting them.
Requirements related to the design and development of such devices were not included in the standards issued in 2012 and 2020, and will be added for the first time.