|
Article 27
|
The central competent authority in charge of the relevant sector may restrict or prohibit a specific non-government agency from downloading, installing, or using products are harmful to national cyber security. The same shall apply to any broadcasting equipment or Internet access services provided to the public at facilities operated directly or outsourced by the specific non-government agency, when necessary to maintain cyber security. However, if such use is required for official duties with no alternative solutions, the specific non-government agency may, with approval from the Chief Information Security Officer of the agency, submit a written report to the central competent authority in charge of the relevant sector for approval to use the product on a case-by-case basis, with proper record-keeping.<br/>The control measures restricting or prohibiting the use of products are harmful to national cyber security by specific non-government agencies, as provided in the preceding paragraph, shall be prescribed by the central competent authority in charge of the relevant sector and submitted to the competent authority for recordation.
|