The Cyberspace Administration of China ("CAC") recently issued the Administrative Measures for Publication of Information on Network Security Threats (Draft for Comments) (the "Draft for Comments") for public opinions. Comments solicitation has ended by now.

The Draft for Comments stipulates that the published information on network security threats shall not contain seven types of content, including "the source codes of and methods on how to create computer viruses, Trojan horses, ransomware and other malwares". In addition, the Draft for Comments expressly states that prior to the publication of information about a network security incident, such as attack, damage or illegal access to a network or information system, the incident shall be reported to the public security organ above the prefecture level of the place where such incident occurs. Any enterprise, social organization or individual shall submit a report beforehand to the cyberspace regulator and the public security organ above the prefecture level of the place involved, before publishing a regional comprehensive analysis report on network security attacks, incidents, risks and vulnerability. Moreover, the Draft for Comments notes that without approval or authorization of the government agency, any enterprises, social organizations and individuals shall not add the phase "early warning" to the titles of messages on network security threats they publish.

(Source: Cyberspace Administration of China)