On June 12, the State Cryptography Administration (SCA) drafted the Administrative Measures for Commercial Cryptography Testing Institutions (Draft for Comment) and the Administrative Measures for the Security Assessment of Commercial Cryptography Application (Draft for Comment) (the "Draft") for public consultation by July 9, 2023.

The formulation of the Draft highlights the following concepts: (1) refining the provisions to implement the requirements for "three synchronous efforts and one assessment"; (2) demonstrating the systematic principles for the security assessment of commercial cryptography application; and (3) clarifying the basis for security assessment activities. Among others, the Draft specifies that, for the network and information systems that are lawfully required to be protected with commercial cryptography, efforts should be made to synchronously plan, build, and operate commercial cryptography security systems, and conduct security assessment of commercial cryptography application on a regular basis. The requirements for security assessment are detailed and arrangements are made for each stage ranging from planning, building and operation, so as to set up a basic framework for the systems regarding security assessment of commercial cryptography application. 

(Source: State Cryptography Administration of China)