In the wake of the recent upgrade of the Central Leading Group for Cybersecurity and Informatization to a fully-fledged Commission, a national Work Conference on Cybersecurity and Informatization work took place in Beijing on 20 and 21 April. Xi Jinping gave a speech outlining adjusted priorities after the 19th Party Congress. The full text of the speech has not (yet) been made public. This is a translation of the official Xinhua report. Analysis will be published on the DigiChina platform.
Xi Jinping Stresses at the Cybersecurity and Informatization Work Conference to Keenly Grasp the Historical Opportunity in Informatization Development, and Move Forward the Construction of a Cyber Power through Indigenous Innovation
Li Keqiang Chairs, Li Zhanshu, Wang Yang, Wang Huning, Zhao Leji and Han Zheng Attend
Xinhua, 21 April, Beijing (Journalists Zhang Xiaosong, Zhu Jichai). The National Cybersecurity and Informatization Work Conference was convened on the 20th and 21st in Beijing. CCP Central Committee General Secretary, State President, Chair of the Central Military Commission and Chair of the Central Commission for Cybersecurity and Informatization Xi Jinping attended the Conference and gave an important speech. He stressed that informatization has brought extremely rare opportunities to the Chinese nation. We must acutely grasp the historical opportunity of informatization development, strengthen online positive propaganda, safeguard cybersecurity, promote breakthroughs in core technologies in the informatization area, give rein to the guiding role of informatization in economic development, strengthen civil-military convergence in the cybersecurity and informatization area, actively participate in international cyberspace governance processes, move forward the construction of a cyber power through indigenous innovation, and make new contributions to determine victory in comprehensively constructing a moderately prosperous society, seize new grand victories for Socialism with Chinese Characteristics in a new era, and realize the Chinese Dream of the Great Rejuvenation of the Chinese Nation. Read the rest of this entry »
Chapter I: General Principles
Article 1: In order to strengthen and standardize Internet security supervision and inspection work by public security bodies, prevent online law-breaking and crime, safeguard cybersecurity, protect the lawful rights and interests of citizens, legal persons and other organizations, on the basis of the “People’s Police Law of the People’s Republic of China”, the “Cybersecurity Law of the People’s Republic of China” and other such relevant laws and administrative regulations, these Regulations are formulated. Read the rest of this entry »
Opinions concerning Appropriately Limiting Specific Gravely Untrustworthy Persons from Traveling on Civil Aircraft for a Certain Period, and Promoting the Construction of the Social Credit System
All provincial, autonomous region, municipal and the Xinjiang Production-Construction Corps social credit system construction leading work units, spiritual civilization offices, higher people’s courts, finance offices (bureaus), human resources and social security offices (bureaus), the State Administration of Taxation, local taxation bureaus, all delegated agencies of the China Securities Regulatory Commission, all local civil aviation management bureaus, all transportation (general) airline companies, airport companies, the China Civil Aviation Information Group, airport public security bureaus: Read the rest of this entry »
Opinions concerning Appropriately Limiting Specific Gravely Untrustworthy Persons from Riding Trains for a Certain Period, and Promoting the Construction of the Social Credit System
All provincial, autonomous region, municipal and Xinjiang Production-Construction Corps social credit system construction leading work units, spiritual civilization offices, higher-level people’s courts, finance offices (bureaus), human resources and social security offices (bureaus), the State Administration of Taxation, local taxation bureaus, all delegated agencies of the China Securities Regulatory commission, railway transportation enterprises, the Academy of Railway Science, and all railway public security bureaus: Read the rest of this entry »
Chapter I: General provisions
Article 1: In order to strengthen management of content management staff in Internet news information service work units, safeguard the lawful rights and interests of staff and the social public, and stimulate the healthy and orderly development of internet news information services, on the basis of the “Cybersecurity Law of the People’s Republic of China” and the “Internet News Information Management Regulations”, these Rules are formulated. Read the rest of this entry »
Security Assessment and Management Regulations concerning New Technologies and New Applications in Internet News Information Services
Article 1: In order to standardize security assessment and management work concerning new technologies and new applications in Internet news information services, safeguard national security and the public interest, protect the lawful rights and interests of citizens, legal persons and other organizations, on the basis of the “Cybersecurity Law of the People’s Republic of China”, and the “Internet News Information Service Management Regulations”, these Regulations are formulated.
Article 2: These Regulations apply to national, provincial, autonomous region and municipal Internet information offices’ organization and execution of security assessments of new technologies and new applications concerning Internet news information services. Read the rest of this entry »
Yesterday, Xi Jinping presented his political report to the 19th Party Congress – a 32000 word behemoth comprehensively covering all areas of economic, political and social life. The report announces a new era in China’s historical progress. In CCP theory, history is divided in stages, which are characterised by various contradictions that are subordinate manifestations of one fundamental contradiction. Once that contradiction is solved, history moves to the next phase. Xi now announced that the primary contradiction is no longer the one defined by Deng Xiaoping: the tension between China’s material poverty and the needs of its population. Instead, Xi claims the major problem that must now be solved is China’s imbalanced development. In other words, GDP growth at all costs is out, in favour of a more comprehensive approach to social and economic governance. Technology will obviously play a central role in this regard, as a governance tool and a potential economic growth pole, but also as a source of potential risk and disruption. The journal China Information Security very usefully listed the excerpts referring to cybersecurity and informatization, which are translated here:
I, The work from the past five years and historical changes
Public culture service levels have incessantly risen, literature and art creation continues to flourish, cultural undertakings and cultural industries thrive and develop, Internet construction, management and use has incessantly been perfected, and the entire people’s fitness and competitive sports levels have developed comprehensively.
III, The thought and basic orientation of Socialism with Chinese Characteristics for a New Era and
(4) Persisting in new development ideas. […] Push forward the synchronized development of new kinds of industrialization, informatization, urbanization and agricultural modernization, actively participate in and promote the progress of economic globalization, and develop and ever higher-level, open economy, incessantly expand our country’s economic strength and comprehensive national strength.
(10) Persist in the overall view of national security. […] Comprehensively manage external security and internal security, territorial security and citizens’ security, traditional security and non-traditional security, our own security and common security, perfect national security structures and systems, strengthen the construction of national security capabilities, and determinedly defend the country’s sovereignty, security and development interests.
V, Implement new development ideas, build modernized economic systems
(1) Deepen supply-side structural reform. […] Accelerate the development of advanced manufacturing sectors, promote the profound convergence of the Internet, big data, artificial intelligence and the real economy, foster new growth points and create new drivers in areas such as mid- and high-end consumption, innovative leadership, greenness and low-carbon, the sharing economy, modern supply chains, human capital services and other such areas. […] Strengthen the construction of basic infrastructure networks for irrigation, railways, roads, waterways, aviation, pipelines, the electricity grid, information, logistics, etc.
(2) Accelerate the construction of an innovative country. […] Strengthen the use of basic research, expand the implementation of national major science and technology programmes, give prominence to critical and common technologies, advanced forerunner technologies, modern engineering technologies, disruptive technology innovation, in order to provide powerful support for the construction of a strong science and technology country, a strong quality country, a strong aviation country, a strong cyber country, a strong transportation country, a strong digital country and a smart society.
VII, Persist in cultural self-confidence, promote the flourishing and ascendance of Socialist culture
(1) Firmly grasp leadership power in ideological work. […] Deepen Marxist theory research and construction, accelerate the construction of philosophy and social science with Chinese characteristics, and strengthen the construction of new types of think tanks with Chinese characteristics. Give high regard to construction and innovation in means of dissemination, and raise the communication power, guiding power, influence and credibility of news and public opinion. Strengthen the construction of Internet content, establish comprehensive network governance systems, and create a clear and crisp cyber space.
VIII, Raising, guaranteeing and improving people’s living standards, strengthening and innovating social governance
(1) Giving priority to development of education. […] Promote the integrated development of urban and rural compulsory education, give high regard to rural compulsory education, run preschool education, special education and online education well, universalize education at the higher secondary stage, and strive to let every child enjoy fair and high-quality education.
(7) Effectively safeguard national security. National security is an important cornerstone to bring peace and stability to the nation, safeguarding national security is the locus of the fundamental interest of the people of all ethnicities in the entire country. We must perfect the national security strategy and national security policies, firmly safeguard national political security, and comprehensively advance security work in all areas. Complete national security systems, strengthen legal guarantees for national security, and raise capabilities to guard against and resist security risks. Closely guard against and resolutely attack all kinds of infiltration, subversive and destructive activities, violent and terrorist activities, ethnic separatist activities, and religious extremist activities. Strengthen national security education, strengthen the national security consciousness of the entire Party and the people in the entire country, and promote all of society to create and safeguard powerful polled efforts for national security.
X, Firmly march the path of a strong military with Chinese characteristics, comprehensively move national defence and military modernization forward
Adapt to new global military changes and development trends and national security demands, raise construction quality and efficiency, ensure that mechanization is basically realized by 2020, that informatization concentration sees major progress, and strategic capabilities increase greatly.
The military must prepare to wage war, all work must target the norm of combat effectiveness, the focus must be on waging war and waging war victoriously. Firmly prepare for military struggles in all strategic orientations, comprehensively advance military struggle preparation in traditional security areas and new strategic areas, develop new kinds of battle forces and protection forces, launch combat-type military training, strengthen the use of military forces, accelerate the development of military smartification, raise joint warfare capabilities and all-area warfare capabilities based on online information systems, effectively mould situations, manage and control crises, contain war, and fight war victoriously.
XII, Persist in the path of peaceful development, promote the construction of a community of common destiny for humanity.
At the same time, the world faces prominent instabilities and indeterminacies, global economic growth drivers are insufficient, the difference between rich and poor grows graver daily, regional hotspots and problems rise one after another, terrorism, cybersecurity, major epidemics, climate change and other such non-traditional security threats continue to proliferate, humanity faces many common challenges.
XIII, Unwaveringly, comprehensively and strictly govern the Party, incessantly raise the Party’s governing ability and leadership levels.
Strengthen reform and innovation skills, maintain a tenacious and enterprising spiritual bearing, be good at integrating real creativeness in moving work forward, and be good at using Internet technologies and informatized means to carry out work.
This translation was kindly provided by John Costello
Ministry of Industry and Information Technology Network  No. 202
Provincial, autonomous region, and municipal communications authorities, China Telecom Group Corporation, China Mobile Communications Corporation, China Unicom Group Corporation, China National Computer Emergency Technical Team/Coordination Center of China (CNCERT), China Information Communications Research Institute, National Industrial Information Security Development Research Center, China Internet Association, domain name registration management and service organs, internet companies, and cybersecurity enterprises:
In order to deepen the implementation of the spirit of General Secretary Xi Jinping’s important speeches on cybersecurity, actively respond to the dire and complex cybersecurity situation, to move forward robust public internet cybersecurity threat monitoring and mitigation mechanism, safeguard the legitimate rights and interests of citizens, legals person, and other organizations, and in accordance with “Cybersecurity Law of the People’s Republic of China” and other relevant laws and regulations, the “Public Internet Cybersecurity Threat Monitoring and Mitigation Measures”. Hereby issued to you, please realistically and effectively implement and carry out.
Ministry of Industry and Information Technology Read the rest of this entry »
This documents was translated jointly by Graham Webster, Paul Triolo, Elsa Kania, and Rogier Creemers. John Costello assisted with helpful comments. An analysis of this document can be found on the New America website.
State Council Notice on the Issuance of the Next Generation Artificial Intelligence Development Plan
Completed: July 8, 2017
Released: July 20, 2017
A Next Generation Artificial Intelligence Development Plan
The rapid development of artificial intelligence (AI) will profoundly change human society and life and change the world. To seize the major strategic opportunity for the development of AI, to build China’s first-mover advantage in the development of AI, to accelerate the construction of an innovative nation and global power in science and technology, in accordance with the requirements of the CCP Central Committee and the State Council, this plan has been formulated.
I. The Strategic Situation
This document was translated jointly by Graham Webster, Paul Triolo and Rogier Creemers
CAC Notice concerning the Public Solicitation of Opinions on the “Critical Information Infrastructure Security Protection Regulations (Opinion-seeking Draft)”
In order to guarantee the security of critical information infrastructure, based on the “Cybersecurity Law of the People’s Republic of China”, our Administration, jointly with relevant departments, has drafted the “Critical Information Infrastructure Security Protection Regulations (Opinion-seeking Draft)”, which is now made public for open solicitation of opinions. Relevant work units and individuals from all circles may, before 10 August, put forward opinions through the following ways:
1, Sending opinions in a letter form to: Beijing Xicheng Chegongzhuang Avenue 11, CAC Cybersecurity Coordination Bureau, Post Code 100044, and clearly indicate “opinion solicitation” on the envelope
2, Sending an e-mail to: firstname.lastname@example.org.
10 July 2017
Critical Information Infrastructure Security Protection Regulations
Chapter 1: General principles Read the rest of this entry »
Chapter I: General Provisions
Article 1: In order to strengthen and guarantee national intelligence work, and safeguard national security and interests, on the basis of the Constitution, this Law is formulated.
Article 2: National intelligence work shall persist in an overall national security view, provide intelligence reference for major national policy decisions, provide intelligence support for preventing and dissolving risks endangering national security, and safeguard the national regime, sovereignty, unity, independence and territorial integrity, the prosperity of the people, economic and social sustainable development and other major national interests. Read the rest of this entry »
This translation was kindly provided by Paul Triolo
Article 1 These Measures are developed with a view to enhancing the secure and controllable levels of network products and services, guarding against cyber security risks, and safeguarding the national security, and in accordance with the laws and regulations such as National Security Law of the People’s Republic of China and the Cybersecurity Law of the People’s Republic of China.
Article 2 Important network products and services procured for use in networks and information systems that touch on national security are subject to a cybersecurity review.
Article 3 A cybersecurity review shall be conducted for network products and services and their supply chains, in a manner that combines enterprise commitments with public supervision, combines third-party assessments with government continuous regulation, and combines laboratory testing with on-site checks, on-line monitoring and background investigations. Read the rest of this entry »
This translation was kindly provided by John Costello
State Internet Information Office
Decree No. 2
“Regulations for Internet Content Management Administration Law Enforcement Procedures” approved in a meeting of the State Internet Information Office is hereby announced, to be implemented from June 1, 2017 onward.
Director Xu Lin
May 2, 2017
Regulations for Internet Content Management Administration Law Enforcement Procedures Read the rest of this entry »
Circular of the State Internet Information Office on the Public Consultation on the Measures for the Assessment of Personal Information and Important Data Exit Security (Draft for Soliciting Opinions)
This translation was kindly provided by Paul Triolo
To safeguard personal information and important data security, to safeguard cyberspace sovereignty and national security, and social and public interests, and promote the orderly free flow of network information according to the law, according to the People’s Republic of China National Security Law, the People’s Republic of China Cybersecurity Law, and other laws and regulations , our office has worked with relevant departments and drafted the “Personal Information and Important Data Outbound Security Assessment Measures (draft)”, is now open to the public for comments.
Relevant units and people of all walks of life may submit their views by May 11, 2017, in the following manner:
First, through a letter to the views sent to: Beijing Dongcheng District Chaoyang Gate Street 225, the State Internet Information Office Cybersecurity Coordination Bureau, Zip code: 100010, and in the envelope marked “comments”.
Second, by e-mail to: email@example.com.
State Internet Information Office
April 11, 2017
Personal Information and Important Data Outbound Security Assessment Measures (draft)
Article 1 These Measures have been drafted in order to protect the security of personal information and important data, safeguard cyberspace sovereignty and national security, and social and public interests, while protecting the legitimate interests of citizens, legal persons and other organizations, in accordance with the People’s Republic of China National Security Law, the People’s Republic of China Cybersecurity Law, and other laws and regulations.
Article 2 The personal information and important data collected and generated by network operators within the People’s Republic of China during operations shall be stored within the [national] territory. If the business requirements make it necessary to provide data outside of China, a security assessment shall be carried out in accordance with these Measures.
Article 3 The security assessment for outbound data shall follow the principle of impartiality, objectivity and validity, protect the security of personal information and important data, and promote the orderly and free flow of network information according to law.
Article 4 Where personal information leaves China’s borders, the purpose, scope, content, recipient and destination country of the data shall be explained to the subject of the personal information and agreed upon. Minors’ personal information is subject to the consent of their guardian.
Article 5 State cybersecurity and informatization departments shall coordinate the outbound data outbound security assessment work and guide the industry regulatory or supervisory departments in organizing the outbound data security assessment.
Article 6 Industry regulatory or supervisory departments shall be responsible for the security assessment of the industry outbound data and shall regularly organize the inspection of the specific industry outbound data.
Article 7 Network operators shall, before data leaves China’s borders, on their own initiative organize the conduct of a security assessment for outbound data and be responsible for the evaluation results.
Article 8 The outbound data security assessment shall focus on the following:
(A) the necessity of outbound data;
(B) the conditions touching on personal information, including the amount, scope, type, and sensitivity, and whether or not the subject of the personal information agrees that his/her personal information can leave China’s borders;
(C) the conditions touching on important data, including the amount, scope, type and sensitivity level of important data;
(D) the security protection measures and capability level of the data receiving party, and the cybersecurity environment in the country and region;
(E) risks such as disclosure, damage, tampering and abuse after the data leaves China’s borders and after re-transfer;
(F) the risks that may be brought to national security, social and public interests, and personal legitimate interests arising from the data leaving China’s borders and outbound data collection;
(G) other important matters that need to be assessed.
Article 9 If outbound data is stored in one of the following circumstances, network operators should report to the industry regulators or supervisory authorities and organize a security assessment:
(A) the [data set] contains or has accumulated personal information of more than 500,000 people;
(B) the amount of data is over 1000 GB;
(C) the data includes sector data on nuclear facilities, chemical and biological facilities, the national defense industry, or population health, large-scale engineering activities, the marine environment, and sensitive geographic information data;
(D) the data includes cybersecurity information including system vulnerabilities and security protection for critical information infrastructure;
(E) personal information and important data provided by critical information infrastructure operators to [parties] outside China;
(F) other data that could affect national security and social and public interests that industry regulators or supervisory departments consider should be assessed.
For areas where the is no clear industry regulator or supervisory department, an assessment shall be organized by national cybersecurity and informatization departments.
Article 10 The security assessment organized by industry regulatory or supervisory departments shall be completed within 60 working days, and feedback on the security assessment shall be provided to the network operator in a timely manner and reported to the national cybersecurity and informatization departments.
Article 11 In any of the following circumstances, data shall not be allowed to leave the country:
(A) personal information leaving China’s borders without the consent of the subject of the personal information, or that may be against the interests of the individual;
(B) there is a risk that the data leaving China’s borders could impact national politics, the economy, S&T, and national defense, and could affect national security and harm social and public interests;
(C) other data that national cybersecurity and informatization departments, public security departments, state security departments, and other relevant departments deem cannot leave China.
Article 12 Network operators should, according to business development and the network operation situation, annually conduct at least once a security assessment of outbound data, ad in a timely manner assess the situation and report to industry regulatory and supervisory departments.
When the data receiver changes, or there is a relatively large change in the destination, scope, quantity, type of data, etc., or a major security incident occurs with the data receiver or outbound data, a new security assessment should be conducted.
Article 13 Any individual or organization shall have the right to report to the relevant cybersecurity and informatization departments, public security department, and other relevant departments any violations of relevant laws and regulations and these Measures in terms of providing data outside of China’s borders.
Article 14 Whoever violates the provisions of these Measures shall be punished in accordance with the relevant laws and regulations.
Article 15 Agreements between the Chinese government and other countries and regions on outbound data shall be carried out in accordance with the provisions of the agreement.
Data involving state secret information shall be handled in accordance with the relevant provisions.
Article 16 Security assessment work for the personal information and important data sent outside China’s borders that was collected and produced by other individuals and organizations within the territory of the People’s Republic of China shall be carried out in accordance with the present Measures.
Article 17 The definitions for the following terms used in the present Measures:
A network operator is the owner of a network, a manager, and a network service provider.
Outbound data refers to personal and important information co9llection and generated by network operators during operations within the territory of the People’s Republic of China, and provided to overseas institutions, organizations, or individuals.
Personal information refers to various types of information recorded by electronic or other means capable of identifying a person’s personal identity alone or in combination with other information, including but not limited to the name of the natural person, date of birth, identity document number, personal biometric information, telephone number and so on. Important data refers to data that is closely related to national security, economic development, and social and public interests, with specific reference to national relevant standards and important data identification guidelines.
Article 18 These Measures shall come into force on the day X of 2017.
Office of the Central Cybersecurity and Informatization Leading Small Group
(Cyberspace Administration of China)
Cybersecurity Coordination Bureau
第十八条 本办法自2017年 月 日起实施。
This is the official translation of this text, as published by Xinhua
Chapter I. Opportunities and Challenges
Chapter II. Basic Principles
1.The Principle of Peace
2.The Principle of Sovereignty
3.The Principle of Shared Governance
4.The Principle of Shared Benefits
Chapter III. Strategic Goals
1. Safeguarding Sovereignty and Security
2. Developing A System of International Rules
3. Promoting Fair Internet Governance
4. Protecting Legitimate Rights and Interests of Citizens
5. Promoting Cooperation on Digital Economy
6. Building Platform for Cyber Culture Exchange
Chapter IV. Plan of Action
1. Peace and Stability in Cyberspace
2. Rule-based Order in Cyberspace
3. Partnership in Cyberspace
4. Reform of Global Internet Governance System
5. International Cooperation on Cyber Terrorism and Cyber Crimes
6. Protection of Citizens’ Rights and Interests Including Privacy
7. Digital Economy and Sharing of Digital Dividends
8. Global Information Infrastructure Development and Protection
9. Exchange of Cyber Cultures
Cyberspace is the common space of activities for mankind. The future of cyberspace should be in the hands of all countries. Countries should step up communications, broaden consensus and deepen cooperation to jointly build a community of shared future in cyberspace.
—Remarks by H.E. Xi Jinping, President of the People’s Republic of China, 2015/12/16
This translation was kindly provided by Paul Triolo
The Central Cybersecurity and Informatization Leading Group Office, the Central Internet Security and Informatization Leading Group (CCILSG) Office
The People’s Republic of China State Internet Information Office, The State Internet Information Office
Notice of the on Public Consultation on the Measures for the Security Review of Internet Products and Services (Opinion-seeking draft)
In order to improve the security and controllability of network products and services, prevent supply chain security risks, and safeguard national security and the public interest, the CCILSG Office has drafted the Measures for the Security Review of Network Products and Services (draft for soliciting opinions ) “, and it is now open to the public for comments The relevant units and people of all walks of life can make comments according to the following procedure, before March 4, 2017.
First, send comments by letter to: Beijing Dongcheng District, Chaoyang Gate Street 225 State Internet Information Office Cybersecurity Coordination Bureau, Zip Code: 100010, and mark on the envelope “solicited comments.”
Second, by e-mail send to: firstname.lastname@example.org.
Annex: Measures for Network Products and Services Security Review (draft)
State Internet Information Office
February 4, 2017
Measures for Network Products and Services Security Review
Article 1: The security and controllability of network products and services directly affect the interests of users and the national security. These Measures are formulated in accordance with the National Security Law of the People’s Republic of China and the Cybersecurity Law of the People’s Republic of China to improve the security and controllability of network products and services, guard against supply chain safety risks, and safeguard national security and the public interest.
Article 2: Important network products and services that are used by the national security and public interest information systems shall undergo a cybersecurity review.
Article 3: A cybersecurity review of network products and services and their providers shall be carried out, insisting on the combination of enterprise commitment and social supervision, combining third-party evaluation and government supervision, combining laboratory testing, on-site inspection, on-line monitoring, and background investigations.
Article 4: The review shall focus on the the security and controllability of network products and services, including:
(1) the risks of illegal control, interference and interruption of the operation of products and services;
(2) risks in the R&D, delivery, and technical support of products and key components;
(3) risks related to product and services providers utilizing the convenience of providing products and services to engage in illegal collection, storage, handling and utilization of user-related information;
(4) products and service providers taking advantage of users’ reliance on products and services, and carrying out unfair competition or harm to the interests of users;
(5) other risks that may endanger national security and the public interest.
Article 5 The State Internet Information Office, in conjunction with relevant departments, shall set up a Cybersecurity Review Committee to review important policies of the cybersecurity review, organize cybersecurity review work, and coordinate the relevant important issues related to the cybersecurity review.
The Cybersecurity Review Office shall concretely organize and implement the cybersecurity review.
Article 6: The Cybersecurity Review Committee shall appoint relevant experts to form a Cybersecurity Review Experts Committee to conduct a comprehensive evaluation on the security risks of network products and services and the security and trustworthiness of suppliers on the basis of the third-party evaluation.
Read the rest of this entry »