"Regulations on the Management and Use of Commercial Passwords for Critical Information Infrastructure" (#中国加密新规 ): On August 1, 2025, the "Regulations on the Management and Use of Commercial Passwords for Critical Information Infrastructure" will officially come into effect. This new regulation, jointly issued by the National Cryptography Administration, the National Internet Information Office, and the Ministry of Public Security, sets forth mandatory password application requirements for information infrastructure in critical sectors such as energy, finance, transportation, and communication. The new regulations establish the "Three Synchronization Principle," which requires that critical information infrastructure synchronize the supporting commercial password security system during the planning, construction, and operation phases. Operators must establish systems for password usage, emergency response, and reporting of significant events, and use commercially certified password products and services. If the procurement of network products involving commercial passwords affects national security, it must be reviewed according to the "Cybersecurity Review Measures."