Administrative Measures on Security Protection for International Connections to Computer Information Networks (2011 Revision)

By Todd KuhnsLast Updated on Jan 8, 2011
Administrative Measures on Security Protection for International Connections to Computer Information Networks (2011 Revision)

Release Date: 01-08-2011

Source: Baidu

Chinese Title: 计算机信息网络国际联网安全保护管理办法(2011修订)

Chapter I General Provisions

Article 1 These Measures are formulated in accordance with the Regulations of the People’s Republic of China on the Security Protection of Computer Information System, the Provisional Administrative Regulations of the People’s Republic of China on International Connections to Computer Information Networks and other laws and administrative regulations in order to strengthen security protection for international connections to computer information networks and to safeguard public order and social stability.

Article 2 These Measures will apply to security protection administration of international connections to computer information networks within the People’s Republic of China.

Article 3 The computer administrative supervisory organizations of the Ministry of Public Security will be responsible for the security protection administrative work involving international connections to computer information networks.

The computer administrative supervisory organizations of public security organs must protect the public security of international connections to computer information networks and safeguard the legal rights and interests of entities and individuals involved in international connection work and the public interests.

Article 4 No entity or individual will be permitted to make use of international connections to harm national security, disclose State secrets, infringe on the national, social or collective interests or the legal rights and interests of citizens, or engage in other illegal or criminal activities.

Article 5 No entity or individual will be permitted to make use of international connections to produce, reproduce, consult or transmit any of the following content:

  • that which incites defiance or violation of the Constitution, laws or administrative regulations;
  • that which incites subversion of State power and the overturning of the socialist system;
  • that which incites national division and harms national unification;
  • that which incites hatred and discrimination among nationalities and destroys national unity;
  • that which fabricates or distorts the truth, spreads rumors or disrupts social order;
  • that which spreads feudal superstition, involves obscenities, pornography, gambling, violence, murder, horrific acts or instigates criminal acts;
  • that which openly humiliates another party or slanders another party through a fabrication of the truth;
  • that which damages the reputation of a State organ; or
  • other content which violates the Constitution, laws or administrative statutes.

Article 6 No entity or individual will be permitted to endanger the security of a computer information network by engaging in any of the following activities:

  • accessing a computer information network or using computer information network resources without prior approval;
  • deleting, altering or adding to the functions of a computer information network without prior approval;
  • deleting, altering or adding to the data or applications stored, processed or transmitted in a computer information network without prior approval;
  • deliberately producing or spreading a computer virus or other harmful program; or
  • other acts which endanger the security of computer information networks.

Article 7 The freedom and privacy of network users are protected by law. No entity or individual may, in violation of the provisions of the law, use the Internet to infringe on the freedom and privacy of network users.

Chapter II Security Protection Liability

Article 8 All entities and individuals which engage in international connection work must accept supervision, inspection and guidance of the public security organs. They must provide the public security organs with information, materials and digital files on security protection matters in strict accordance with the facts and help the public security organs to investigate any illegal and criminal acts which are conducted through international connections to computer information networks.

Article 9 The departments or entities in charge of international gateway channel providers and inter-connected organizations will be responsible for security protection administrative work in respect of these international gateway channels and inter-connected networks in accordance with the laws and relevant State regulations.

Article 10 Inter-connected organizations and node network organizations, as well as legal persons and other organizations which use international connections to computer information networks, must perform the following security protection duties:

  • be responsible for security protection administration for their own networks, and establish and improve the security protection administration system;
  • implement the technical measures for security protection, and safeguard the operational security and information security of their own networks;
  • be responsible for security education and training for their own network users;
  • register the entities and individuals that commission the release of information, and examine and verify the content of the information provided in accordance with Article 5 of these Measures;
  • establish a user registration and information administration system in respect of the computer information network bulletin board system;
  • on the discovery of any of the circumstances listed in Article 4, Article 5, Article 6 or Article 7 of these Measures, retain the original records and report the matter to the local public security organ within twenty four (24) hours; and
  • delete from their networks the address or table that contains any information as specified in Article 5 of these Measures or shut down the server in accordance with relevant State regulations.

Article 11 When a user carries out network entry procedures with a node network organization, it must fill out a registration form. The format of the registration form will be determined by the Ministry of Public Security.

Article 12 Inter-connected organizations, node network organizations, legal persons and other organizations which use international connections to computer information networks (including entities with connections that cross provinces, autonomous regions or centrally- administered municipalities and their branch organizations) must go through the procedure for registration with the relevant authorities designated by the public security organs of the local people’s governments of the relevant provinces, autonomous regions or centrally-administered municipality within thirty (30) days of the official connection of the network.

The entities mentioned in the previous paragraph have the responsibility to report for the record to the local public security organ the information on the entities and individuals which have connections to the network. They must also promptly report any change in the information about entities or individuals using the network.

Article 13 People who register public accounts shall strengthen the management of the accounts, and establish an account registration system. Accounts may not be lent or transferred.

Article 14 When an entity which is involved in national affairs, economic construction, national defense development, sophisticated science and technology or other important fields goes through the procedure for registration, it must present an approval certificate issued by its administrative department in charge.

Appropriate security protection measures must be adopted in respect of the computer information networks and international connections of the entities mentioned in the previous paragraph.

Chapter III Security Supervision

Article 15 The public security departments (bureaus) of the provinces, autonomous regions and centrally-administered municipalities, and the prefectural and county public security bureaus must establish appropriate organizations to be responsible for security protection administrative work for international connections.

Article 16 The computer administrative supervisory organizations of public security organs must keep abreast of the information on registration of inter-connected organizations, node network organizations and users, establish a filing system for such information, maintain statistical information on these files and submit the information to their next highest level in accordance with relevant State regulations.

Article 17 The computer administrative supervisory organizations of public security organs must urge inter-connected organizations, node network organizations and users to establish a sound and comprehensive security protection administrative system. They must also supervise and inspect network security protection administration and the implementation of technological measures.

When the computer administrative supervisory organization of a public security organ organizes a security inspection, the relevant entities must send personnel to participate. If a computer administrative supervisory organization of a public security organ discovers a problem during a security inspection, it must put forward a proposal to rectify the matter, take detailed records, and file the details of the case for future reference.

Article 18 When the computer administrative supervisory organization of a public security organ discovers an address, table, or server that contains any information as specified in Article 5 of these Measures, it must notify the relevant entity to shut down or delete the address or table.

Article 19 The computer administrative supervisory organization of a public security organ will be responsible for pursuing and investigating illegal acts carried out through computer information networks and criminal cases which target computer information networks. If an illegal or criminal act violates Article 4 or Article 7 of these Measures, the case must be handed over to the relevant department or judicial organ for handling in accordance with relevant State regulations.

Chapter IV Legal Liability

Article 20 If a party, in violation of laws or administrative regulations, commits any of the acts specified in Article 5 or Article 6 of these Measures, the public security organ will issue a warning and confiscate any illegal income, and may also impose a fine of up to 5,000 yuan in the case of an individual, or up to 15,000 yuan in the case of an entity. In serious circumstances, it may also order the party to terminate its network connection for up to six (6) months and suspend its operations to undergo internal rectification. If necessary, the public security organ may also recommend that the original certificate examination, approval and issuing organizations revoke the party’s business permit or cancel its network connection qualifications. If an act constitutes a violation of public security administration, a penalty will be imposed in accordance with the Law on Administrative Penalties for Public Security. If an act constitutes a crime, criminal liability will be pursued in accordance with the law.

Article 21 If a party commits any of the following acts, the public security organ will order the matter to be rectified within a specified period, issue a warning and confiscate any illegal income. If the matter is not rectified within the specified period, it may also impose a fine of up to 5,000 yuan on the person chiefly in charge and other person(s) directly liable, and may also impose a fine of up to 10,000 yuan on the entity. In serious circumstances, it may also order the party to terminate its network connection for up to six (6) months and suspend its operations to undergo internal rectification. If necessary, the public security organ may also recommend that the original certificate examination, approval and issuing organizations revoke the party’s business permit or cancel its network connection qualifications. The acts are as follows:

  • failure to establish a security protection administration system;
  • failure to adopt security technology protection measures;
  • failure to provide its network users with security education and training;
  • failure to submit the information, materials and digital files required for security protection administration, or submission of false information;
  • failure to examine and verify the content of information it is commissioned to release, or failure to register the commissioning entities and individuals;
  • failure to establish a user registration and information administration system in respect of bulletin board systems;
  • failure to delete a network address or table, or to shut down a server in accordance with relevant State regulations;
  • failure to establish a user registration system for public accounts; or
  • lending or transferring accounts.

Article 22 In the case of a violation of Article 4 or Article 7 of these Measures, a penalty will be imposed in accordance with relevant laws and regulations.

Article 23 If a party violates Article 11 or Article 12 of these Measures by failing to perform its duties for registration, the public security organ will issue a warning or will order the party to suspend operations for a period of up to six (6) months to undergo internal rectification.

Chapter V Supplementary Provisions

Article 24 Security protection administration of computer information networks connected with the Hong Kong Special Administrative Region and the regions of Taiwan and Macao will be implemented with reference to these Measures.

Article 25 These Measures will take effect from the date of promulgation.