China requires tech companies to report vulnerabilities within 2 days, and shares the info with "government bodies".

[Article from ArsTechnica](https://arstechnica.com/security/2023/09/how-china-gets-free-intel-on-tech-companies-vulnerabilities/#:~:text=The%20law%20requires%2C%20among%20other,of%20Industry%20and%20Information%20Technology.).

The law requires companies that discover or learn of a hackable flaw in their product must share the info about it within two days with the Ministry of Industry and Information Technology and other bodies.

"*One such partner is the Beijing bureau of China's Ministry of State Security, the agency responsible for many of the country's most aggressive state-sponsored hacking operations in recent years, from spy campaigns to disruptive cyberattacks.*"

The submission requires that companies provide, "*...the …

agency beijing bureau china companies cybersecurity discover flaw hacking industry info information information technology law learn partner product responsible security share sponsored state state-sponsored hacking technology