Version 27.0, February 2013
© Bert-Jaap Koops **Portions © Analog Devices, Inc. **
Licensed under Creative Commons Attribution Share Alike 4.0 International.
SPDX-License-Identifier: CC-BY-SA-4.0
[People's Republic of China]{#prc} [Sources 3, 5]
See also Hong Kong Special Administrative Region.
By State Council Order No. 273, "Commercial Use Password Management
Regulations" (text in
Chinese; inofficial
translation here), published on 15 October 1999 and
in effect since 7 October 1999, import and export of encryption products
requires a license by the State Encryption Management Commission. The
SEMC was later renamed the State Cryptography Administration, which
manages the Office of State Commercial Cryptography Administration
(OSCCA). According to a "clarification letter" sent to US businesses
in China in early March 2000, this involves only hardware and software
for which encryption and decoding operations are core functions. As a
result, products in which cryptography is only built-in (such as mobile
phones and browser software) are exempted. Moreover, the letter
clarified that the regulations do not entail key escrow.
However, the clarification letter only seems to apply to pre-2000
products. All products since 2000 seem to require a license.
By State Council Order No. 273, "Commercial Use Password Management Regulations" (text in Chinese), published on 15 October 1999 and in effect since 7 October 1999, domestic crypto manufacture and use is severely restricted. Officially designated manufacturers must obtain aproval from the State Encryption Management Commission / State Cryptography Administration (OSCCA) for the type and model (including key length) of their crypto products. Organisations and individuals may not distribute encryption products produced abroad. People may only use encryption products approved by the Commission, and they may not use commercial encryption products developed by themselves or produced abroad. For this use, they must have approval by the Commission. Only foreign diplomatic missions and consulates are exempted from this approval. The deadline for registration of crypto users was 31 January 2000.
According to a "clarification letter" sent to US businesses in China
in early March 2000, this involves, however, only specialized hardware
and software for which encryption and decoding operations are core
functions. As a result, products in which cryptography is only built-in
are exempted. Moreover, the letter clarified that the regulations do not
entail key escrow.
However, the clarification letter only seems to apply to pre-2000
products. All products since 2000 seem to require a license.
For wireless crypto products, China seems to require use of a Chinese proprietary algorithm (WAPI), and AES and WEP must be disabled.
Back to the Table of Contents