Computer Information Network and Internet Security, Protection and Management Regulations

    (Approved by the State Council on December 11 1997 and promulgated by the Ministry of Public Security on December 30, 1997)

    Chapter One Comprehensive Regulations

    Section One -- In order to strengthen the security and the protection of computer information networks and of the Internet, and to preserve the social order and social stability, these regulations have been established on the basis of the "PRC Computer Information Network Protection Regulations", the "PRC Temporary Regulations on Computer Information Networks and the Internet" and other laws and administrative regulations.

    Section Two -- The security, protection and management of all computer information networks within the borders of the PRC fall under these regulations.

    Section Three -- The computer management and supervision organization of the Ministry of Public Security is responsible for the security, protection and management of computer information networks and the Internet. The Computer Management and Supervision organization of the Ministry of Public Security should protect the public security of computer information networks and the Internet as well as protect the legal rights of Internet service providing units and individuals as well as the public interest.

    Section Four -- No unit or individual may use the Internet to harm national security, disclose state secrets, harm the interests of the State, of society or of a group, the legal rights of citizens, or to take part in criminal activities.

    Section Five -- No unit or individual may use the Internet to create, replicate, retrieve, or transmit the following kinds of information:

      (1) Inciting to resist or breaking the Constitution or laws or the implementation of administrative regulations;

      (2) Inciting to overthrow the government or the socialist system;

      (3) Inciting division of the country, harming national unification;

      (4) Inciting hatred or discrimination among nationalities or harming the unity of the nationalities;

      (5) Making falsehoods or distorting the truth, spreading rumors, destroying the order of society;

      (6) Promoting feudal superstitions, sexually suggestive material, gambling, violence, murder,

      (7) Terrorism or inciting others to criminal activity; openly insulting other people or distorting the truth to slander people;

      (8) Injuring the reputation of state organs;

      (9) Other activities against the Constitution, laws or administrative regulations.

    Section Six No unit or individual may engage in the following activities which harm the security of computer information networks:

      (1) No-one may use computer networks or network resources without getting proper prior approval

      (2) No-one may without prior permission may change network functions or to add or delete information

      (3) No-one may without prior permission add to, delete, or alter materials stored, processed or being transmitted through the network.

      (4) No-one may deliberately create or transmit viruses.

      (5) Other activities which harm the network are also prohibited.

    Section Seven The freedom and privacy of network users is protected by law. No unit or individual may, in violation of these regulations, use the Internet to violate the freedom and privacy of network users.

    Chapter 2 Responsibility for Security and Protection

    Section 8 Units and individuals engaged in Internet business must accept the security supervision, inspection, and guidance of the Public Security organization. This includes providing to the Public Security organization information, materials and digital document, and assisting the Public Security organization to discover and properly handle incidents involving law violations and criminal activities involving computer information networks.

    Section 9 The supervisory section or supervisory units of units which provide service through information network gateways through which information is imported and exported and connecting network units should, according to the law and relevant state regulations assume responsibility for the Internet network gateways as well as the security, protection, and management of the subordinate networks.

    Section 10 Connecting network units, entry point units and corporations that use computer information networks and the Internet and other organizations must assume the following responsibilities for network security and protection:

      (1) Assume responsibility for network security, protection and management and establish a thoroughly secure, protected and well managed network.

      (2) Carry out technical measures for network security and protection. Ensure network operational security and information security.

      (3) Assume responsibility for the security education and training of network users

      (4) Register units and individuals to whom information is provided. Provide information according to the stipulations of article five.

      (5) Establish a system for registering the users of electronic bulletin board systems on the computer information network as well as a system for managing bulletin board information.

      (6) If a violation of articles four, five, six or seven is discovered than an unaltered record of the violation should be kept and reported to the local Public Security organization.

      (7) According to the relevant State regulations, remove from the network and address, directory or server which has content in violation of article five.

    Section 11 The network user should fill out a user application form when applying for network services. The format of this application form is determined by Public Security.

    Section 12 Connecting network units, entry point units, and corporations that use computer information networks and the Internet and other organizations (including connecting network units that are inter-provincial, autonomous region, municipalities directly under the Central Government or the branch organization of these units) should, within 30 days of the opening of network connection, carry out the proper registration procedures with a unit designated by the Public Security organization of the provincial, autonomous region, or municipality directly under the Central Government peoples' government.

    The units mentioned above have the responsibility to report for the record to the local public security organization information on the units and individuals which have connections to the network. The units must also report in a timely manner to Public Security organization any changes in the information about units or individuals using the network.

    Section 13 People who register public accounts should strengthen their management of the account and establish an account registration system. Accounts may not be lent or transferred.

    Section 14 Whenever units involved in matters such as national affairs, economic construction, building the national defense, and advanced science and technology are registered, evidence of the approval of the chief administrative section should be shown.

    Appropriate measures should be taken to ensure the security and protection of the computer information network and Internet network links of the units mentioned above.

    Chapter Three Security and Supervision

    Section 15 The provincial, autonomous region or municipal Public Security agency or bureau, as well as city and county Public Security organizations should have appropriate organizations to ensure the security, protection and management of the Internet.

    Section 16 The Public Security organization computer management and supervision organization should have information on the connecting network units, entry point unit, and users, establish a filing system for this information, maintain statistical information on these files and report to higher level units as appropriate.

    Section 17 The Public Security computer management and supervision organization should have establish a system for ensuring the security, protection and good management of the connecting network units, entry point unit, and users. The Public Security organization should supervise and inspect network security, protection and management and the implementation of security measures.

    Section 18 If the Public Security computer management and supervision organization discovers an address, directory or server with content in violation of section five, then the appropriate units should be notified to close or delete it.

    Section 19 The Public Security computer management and supervision organization is responsible for pursuing and dealing with illegal computer information network activities and criminal cases involving computer information networks. Criminal activities in violation of sections four or section seven should according to the relevant State regulations, be handed over to the relevant department or to the legal system for appropriate disposition.

    Chapter Four Legal Responsibility

    Section 20 For violations of law, administrative regulations or of section five or section six of these regulations, the Public Security organization gives a warning and if there income from illegal activities, confiscates the illegal earnings.

    For less serious offenses a fine not to exceed 5000 RMB to individuals and 15,000 RMB to work units may be assessed.

    For more serious offenses computer and network access can be closed down for six months, and if necessary Public Security can suggest that the business operating license of the concerned unit or the cancellation of its network registration. Management activities that constitute a threat to public order can be punished according to provisions of the public security management penalties articles. Where crimes have occurred, prosecutions for criminal responsibility should be made.

    Section 21 Where one of the activities listed below has occurred, the Public Security organization should order that remedial action should be taken with a specific period and give a warning; if there has been illegal income, the income should be confiscated; if remedial action is not taken within the specified period, then a fine of not more than 5000 RMB may be assessed against the head of the unit and persons directly under the unit head and a fine of not more than 15,000 RMB against the unit; in the case of more offenses, the network and equipment can be closed for up to six months. In serious cases Public Security may suggest that the business license of the organization be canceled and its network registration canceled.

      (1) Not setting up a secure system

      (2) Not implementing security techniques and protection measures

      (3) Not providing security education and training for network users

      (4) Not providing information, materials or electronic documentation needed for security, protection and management or providing false information

      (5) For not inspecting the content of information transmitted on behalf of someone else or not registering the unit or individual on whose behalf the information was transmitted

      (6) Not establishing a system for registering users and managing the information of electronic bulletin boards.

      (7) Not removing web addresses and directories or not closing servers according to the relevant state regulations.

      (8) Not establishing a system for registering users of public accounts

      (9) Lending or transferring accounts

    Section 22 Violation of section four or section seven of these regulations shall be punished according to the relevant laws and regulations.

    Section 23 Violations of section eleven or section twelve of these regulations or not fulfilling the responsibility or registering users shall be punished by a warning from Public Security or suspending network operations for six months.

    Chapter Five Additional Regulations

    Section 24 These regulations should be consulted with regards to the implementation of the security, protection and management of computer information networks connecting to networks in the Hong Kong Special Administrative Region as well as with networks in the Taiwan and Macao districts.

    Section 25 These regulations go into effect on the day of promulgation.