BEIJING: Draft Chinese government regulation would force technology vendors to meet stringent security tests before they can sell to China’s banks, an acceleration of efforts to curb the country’s reliance on foreign technology that has drawn a sharp response from US business groups.

But a translation of the proposed rules viewed by Reuters shows its immediate impact on foreign firms may not be as tough as feared.

The draft shows the regulation would initially focus on types of hardware and software where domestic suppliers already have a strong market position compared with their foreign rivals.

Western companies say the rules have not yet been formally adopted, and some said they believed Beijing would retreat on some of the most onerous ideas, including demanding that firms’ proprietary source code be reviewable.

Chinese leaders are to review the plan next week, US tech industry sources said.

On Wednesday, 18 American business groups urged Beijing to postpone rolling out the regulation, which they argued were motivated by protectionism as well as security concerns that intensified in the wake of disclosures of US spying techniques by former National Security Agency contractor Edward Snowden.

The guidelines by the Chinese Banking Regulatory Commission were issued on Dec. 26 in a 22-page paper that outlines security criteria that tech products must meet in order to be considered “secure and controllable” for use in the financial sector, according to sources with knowledge of the matter.

A translation shows an exhaustive table of equipment it applies to, containing 68 categories of tech products from PC servers to wireless routers to automatic teller machines to air conditioners.

Source code powering operating systems, database software, and middleware must be registered with the commission to be considered “secure and controllable,” while only wireless routers that have approved encryption or virtual private networking (VPN) certificates may receive the designation.

The document also specified what percentage of new purchases in each product category in 2015 must be considered “secure and controllable”. Every new PC purchased this year, for instance, must carry the designation.

The new regulations represent one of China’s most significant steps toward banishing foreign technology, 18 months after Snowden disclosed that US spy agencies planted code in American tech exports to snoop on overseas targets.

The banking commission brie­fed representatives from major banks on the regulation in Jan­uary, Chinese sources with knowledge of the matter said.

Published in Dawn, February 1st, 2015

On a mobile phone? Get the Dawn Mobile App: Apple Store | Google Play