Chapter III Network Operation Security

Article 40

Permalink

Translation Notice

This is an unofficial English translation prepared for general informational purposes only. It does not constitute legal advice. In case of any discrepancy, the official Chinese text published by the competent authority shall prevail.

本文为非官方英文翻译,仅供一般信息参考,不构成法律意见。如与主管机关发布的中文正式文本不一致,以中文正式文本为准。

Chinese Original

第四十条 关键信息基础设施的运营者应当自行或者委托网络安全服务机构对其网络的安全性和可能存在的风险每年至少进行一次检测评估,并将检测评估情况和改进措施报送相关负责关键信息基础设施安全保护工作的部门。

English Translation

Operators of critical information infrastructure shall, by themselves or by entrusting cybersecurity service institutions, conduct testing and assessment of the security and possible risks of their networks at least once each year, and submit the testing and assessment results and improvement measures to the relevant departments responsible for critical information infrastructure security protection.

Free web reference version. Editable bilingual Word/PDF/Excel packages may be provided separately after editorial review.

  • cybersecurity
  • critical information infrastructure

Related rules: Critical Information Infrastructure Security Protection Regulation

Related standards: GB/T 22239; GB/T 28448

Source reference: CSL Article 40. Source authority: Cyberspace Administration of China publication; source text from the Standing Committee of the National People's Congress. Effective version: 2026-01-01 amended effective version. Amendment status: amended by 2025-10-28 amendment decision; current official text uses article-number gaps. Last verified: 2026-05-20. Last updated: 2026-05-25. Official source.

Source Reference

Official source

Last updated: 2026-05-25. Last verified: 2026-05-20. Independent reference only. Chinese text shall prevail.