It sounds like a combination of US CERT, the US computer access laws, and additional items from the wish list of what people want the US to make mandatory instead of just "suggest". A lot of US regulation operates on the principle of companies being told to "voluntarily" do something "or else". This allows the government to create defacto regulations without having to go through the time and bother of passing legislation to enable them and perhaps not passing legal review.
The bit forbidding people from selling vulnerabilities to exploit brokers is potentially the most significant item in the list. It's also however going to be difficult to actually enforce as these exploit brokers tend to be located in places such as Italy or Israel, with companies in the latter country being suspected by many of being fronts for the national intelligence agencies.
Unless this new legislation is replacing existing laws then I'm surprised that China don't have something like this in place already.