On 12 July 2021, the Ministry of Industry and Information Technology (MIIT) issued the Three-year Action Plan for High-quality Development of the Cybersecurity Industry (2021-2023) , with the possibility to submit public comments by 16 July. The objective of the Action Plan is to support the high-quality development of the cybersecurity industry, enhance its competitiveness, and guide the overall development of the industry.

Specifically, the Action Plan specifies the following goals to be achieved by the cybersecurity industry by 2023:

  • The scale of cybersecurity industry has exceeded CNY 250 billion, with a compound annual growth rate of over 15%
  • Breakthroughs have been made in a number of core cybersecurity technologies, reaching advanced levels
  • A number of small and medium-sized enterprises (SMEs) have developed rapidly in the field of the Internet Connected Vehicles, the Industrial Internet, the Internet of Things and smart cities
  • The investment in cybersecurity on telecommunications and other key industries have accounted for 10% of the investment in information technologies.

In addition, the Action Plan outlines 19 key tasks for cybersecurity development, which focus on aspects such as: i) the supply of cybersecurity products, services and innovation, especially on the security on 5G, cloud, artificial intelligence and data; ii) the cybersecurity development both in traditional industries and emerging industries; iii) increasing the investment in the promotion of new products and services; iv) the cultivation of cybersecurity experts; and v) the collaboration among cybersecurity enterprises to foster a fair market environment for competition.

Apart from this Action Plan, China also issued other documents in the cybersecurity field, showing that the country is making efforts to gradually perfect its cybersecurity scheme. An example are the revised Measures for Cybersecurity Review and Provisions on the Management of Network Product Security Vulnerability in July 2021, which stipulate that no organization or individual shall take advantage of the security vulnerabilities of network products to engage in activities endangering network security, and shall not illegally collect, sell or release information about security vulnerabilities of network products.