Notice concerning Further Strengthening Management over Cultural and Artistic Programmes and Their Personnel
National Radio and Television Administration General Office
Guang Dian Ban Fa (2021) 267
All provincial, autonomous region and municipal radio and television bureaus, the Xinjiang Production-Construction Corps Culture, Sports, Radio, Television and Tourism Bureau, the Central Radio and Television Station Office, the Film Channel Programme Centre, the China Education Television Station:
In recent years, radio, television and online audiovisual cultural and artistic programmes have stressed quality, stressed style and stressed responsibility, and resisted vulgar, lowbrow and base tastes, incessantly pushed out excellent works, satisfying the popular masses’ spiritual and cultural needs. In order to further strengthen management, strictly deal with problems that artists violate the law and leave virtue behind, the “fan circle” mess, etc., and to establish a sectoral atmosphere of love for the Party and love for the country with all flags flying, of high virtue and noble art, hereby, the relevant matters are notified as follows:
I, Persisting in resisting unlawful and unvirtuous personnel. Radio and television bodies and online audiovisual platforms must strictly keep the gate in terms of programme actors and guest choices, and persist in making political quality, virtuous character, artistic levels and social evaluation as criteria for choice. Personnel with an incorrect political standpoint, who have dissension and discord with the Party and the country is resolutely not to be selected; personnel who violate laws and regulations and smash society’s baseline of fairness and justice is resolutely not to be selected; personnel who violate public order and fine customs, and whose acts and conduct are without virtue or norms is resolutely not to be selected.
II, Persisting in opposing the only-ratings-theory. Radio and television bodies and online audiovisual platforms may not broadcast idol cultivation-type programmes, they may not broadcast comprehensive arts, entertainment and reality shows where stars’ sons and daughters participate. Talent-type shows must strictly control the setup of the voting segment, they may not set up segments and channels outside of the venue for voting, ranking, reinforcement, etc., it is strictly prohibited to guide or encourage fans to covertly spend money to vote by materialized methods such as purchasing goods, pledging memberships, etc, and the harmful “fan circle” culture is to be resolutely resisted.
III, Persisting in resisting excessive entertainmentization. Persist in cultural self-confidence, forcefully hold high China’s excellent traditional culture, revolutionary culture and advanced Socialist culture. Establish a correct aesthetic orientation for programmes, strictly grasp actor and guest choice, acting styles, dress and make-up, etc, resolutely resist “sissies” and other such abnormal aesthetics. Resolutely resist excessive entertainmentization tendencies of playing up bragging about wealth and hedonism, rumours about sex scandals and personal lives, negative hot topics, vulgare “Internet celebrities”, anti-aesthetics without baselines, etc.
IV, Persisting in resisting high-value remuneration. Strictly implement remuneration regulations for actors and guest, strictly implement their remuneration management notification commitment system. Advocate and encourage actors and guests to bear social responsibility, and participate in public benefit-type programmes. Strictly punish violation of remuneration regulations, “yin-yang contracts”, and tax evasion activities.
Substantially strengthen employee management. Strictly implement that presenters must hold credentials to take up positions, standardize presenters’ participation in social activities and online information dissemination. Strengthen employees’ political quality training, deeply launch education on the Marxist view of news and view on culture and art, persist in the people’s standpoint from beginning to end, stick to the people’s mood. Perfect professional ethical norms, strengthen the construction of professional ethics, consciously resist the temptations of fame and wealth, professional identities and individual fame may not be used to seek improper gain, consciously accept social supervision, and be a model of social virtue and a builder of positive energy.
VI, Launching dedicated and authoritative culture and art criticism. Persist in the correct political orientation, public opinion orientation and value orientation, carry forward the true, the good and the beautiful, reject the false, the evil and the ugly, give full rein to the roles of values in guidance, spirits in leadership and aesthetic in enlightenment. Put social effect and social value first, unify profound thoughts, profound art and excellent production, and evaluate programmes strictly and objectively. Scientifically treat audience ratings, click ratings and other such quantified indicators, and strengthen the expansion and application of “China audiovisual big data”.
VII, Giving full rein to the role of sectoral organizations. Radio, television and online audiovisual sectoral associations and other such sectoral organizations must further perfect sectoral standards and self-discipline conventions, vigorously launch moral appraisal. Strengthen education and training on ideology and politics, professional ethics, etc., establish regularized training mechanisms, optimize teaching content, strengthen case-based teaching, discuss the law through cases, and demonstrate the law through cases. Criticize harmful phenomena in the sectors and negative models with clear banners flying, resolutely oppose circle culture and sectoral corrupt customs, effect a thorough overhaul, and safeguard the benign atmosphere in the sector.
VIII, Substantially implement management duties and responsibilities. Administrative radio and television departments must raise their political stance, earnestly implement ideology work responsibility systems, further compact and substantiate local management responsibilities, competence and supervision responsibilities and dominant responsibilities, guard the culture and art programme orientation gate, content gate, personnel gate, remuneration gate and propaganda gate well. We must pay high regard to listening to the calls of the popular masses, vigorously respond to the concerns of the popular masses, resolutely say “no” to law-breaking and immorality, playing up stars, excessive entertainmentization, “supremacy of ratings” etc., and let the main melody and positive energy fill the radio, television and online audiovisual space to the brim.
It is hereby notified
National Radio and Television Administration General Office
2 September 2021
All provincial, autonomous region and municipal Party Committee cybersecurity and informatization offices, the Xinjiang Production-Construction Corps Party Committee Cybersecurity and Informatization Office”
Since the “Clear and Crisp ‘Fan Circle’ Mess Control” campaign was held, all localities have implemented relevant work requirements, and have gained certain achievements focusing on star rankings, trending topics, fan communities, interactive comments and other such focus segments, and deeply dealt with the problem of the “fan circle” mess. In order to further strengthen control, bring greater and substantial pressure to the dominant responsibilities of websites and platforms, make substantial breakthroughs in focus and difficult issues, incessantly consolidate and expand the achievements of the campaign, attack and resolve the “fan circle” mess with a heavy fist, hereby, relevant work measures are notified as follows.
1. Cancel star and artist rankings. Cancel all rankings and lists involving individual stars and artists or groups, prohibit newly adding or covertly uploading individual rankings and related products or functions. Only rankings of music works, film and television works, etc. may be maintained, but no individual characteristic such as stars’ or artists’ names may appear.
2. Optimize and adjust ranking rules. When ranking music works, film and television works, etc., reduce the weight of registries, likes, comments and other such indicators, and increase the weight of indicators such as the work’s orientation and expert evaluation. Related functions that lead users to make lists may not be set up, paid-for registration functions or increasing registry numbers through added-value memberships and other such methods may not be set up, guide fans to pay more attention to the quality of cultural products, and reduce the heat of chasing stars.
3. Strictly manage star brokerage companies. Strengthen website platforms’ management responsibilities over the online conduct of star brokerage companies (offices), formulate related online operational standards, and make clear provisions concerning account registration and verification, content dissemination, commercial marketing, crisis PR, fan management and other such online conduct. Strengthen the responsibility of star brokerage companies (offices) to guide fan communities, adopt measures such as limiting flow, prohibition of speech, closure, etc., against stars and their brokerage companies (offices), fan groups and their accounts who incite mutual rifts of fans, struggles and incitements of battles, at the same time, the entire platform will reduce and even cancel all kinds of information dissemination related to [those] stars.
4. Standardize fan community accounts. Strengthen management of accounts of stars’ fan communities, backers, etc. require that fan communities and backers must be authorized or accredited by the star’s brokerage company (office), and their daily maintenance and supervision becomes the latter’s responsibility. Without authorization, no individual or organization may, without exception, register a star fan community account.
5. Strictly prohibit the emergence of mutual ripping information. Substantially implement management responsibilities, timely discover and clean up all kinds of harmful “fan circle” information where fans mutually tear at each other or hurl abuse, drag and trigger fights, start rumours and attacks, etc., strictly deal with accounts violating laws and regulations, effectively prevent heating up and fermentation of public opinion. Strictly punish website platforms where discovery is not timely and management is insufficient.
6. Clean up community pages violating regulations. Continue to dissolve fan communities and groups with themes such as rank voting, reinforcement, collecting money, controlling comments, gossip, explosive materials, etc., close boards, channels, etc. that easily lead to fans collecting and exchanging their ranking experiences, discuss stars’ sex scandals, mutually assign data scraping, etc, and block channels that generate harmful inducements to fans and encourage stirring up of trouble.
7. Fans may not be incited to consume. Formulate detailed rules that stars’ and artists’ magazines or other works, products, etc., in the sales segment, may not display fans’ individual purchase amounts, contribution amounts and other such data, may not rank fans’ individual product purchase data or amounts, may not set up marketing activities that stimulate fans to consume such as task-based unlocking, custom-made benefits, limited-time PK, etc.
8. Strengthen segment setup and management. Strengthen management of online arts and entertainment programmes’ online conduct, they may not set up “spend money to buy votes” functionalities, and are strictly prohibited from guiding or encouraging netizens to vote for candidates by material methods such as purchasing products, memberships etc.
9. Strictly control participation by minors. Further adopt measures to strictly prohibit minors from playing for rewards, it is strictly prohibited that minors respond to calls for consumption, minors may not act as related community heads or managers, minors are restricted from voting for rankings, clarify that star fan communities, backers, etc. may not, in their online conduct, influence minors’ regular study and rest, and may not organize minors to launch all kinds of online assemblies, etc.
10. Standardize reinforcement and fund-raising activities. Timely discover and clean up all kinds of information on calling for reinforcements and raising funds isolating regulations; deal with and punish website platforms where problems are concentrated, accountability is weak, who induce minors to participate in calls for reinforcement and fundraising according to laws and regulations; continue to investigate and prosecute foreign websites who provide ranking votes, reinforcement calls and fund-raising.
All localities must further raise their political stance, substantially strengthen their sense of responsibility, sense of mission and sense of urgency, and understand and advance their work in bringing the “fan circle” mess under control from the height of online political security and ideological security, and creating a clear and crisp cyberspace. They must, in the first instance, arrange and implement matters, take further steps to break the matter down, formulate detailed implementation plans, and supervise local website platforms’ realistic grasp and implementation of these.
25 August 2021
Chinese Banking and Insurance Supervisory Commission Notice concerning Further Standardizing Commercial Banks’Internet Lending Operations
YBJBF No. (2021)24
All banking supervisory bureaus, all large-scale banks, shareholding-type banks and foreign invested banks:
In order to promote commercial banks to effectively implement the “Provisional Rules for the Management of Commercial Banks’ Online Lending” (hereafter referred to as “Rules”), further standardize Internet lending operations and activities, stimulate the healthy development of the business, with the agreement of the CBIRC, the following notification is made on related matters:
I, Implementing risk control requirements. Commmercial banks shall strengthen their dominant responsibility in risk control, independently conduct Internet lending risk management, and autonomously complete lending risk assessment and risk control steps with an important influence for risk control, they are strictly prohibited from outsourcing crucial steps in management before, during and after loans.
II, Strengthening capital issue proportion management. Where commercial banks jointly issue capital for Internet loans with cooperating bodies, they shall strictly implement interregional capital issue proportion management requirements, the capital issue proportion from the cooperating party for a “single pen loan” [a loan not repayable in installments] may not be lower than 30%.
III, Strengthening management of concentration of cooperating party. Where commercial banks jointly issue capital for Internet loans with cooperating bodies, the balance of that bank’s lending issued with any one cooperating party may not exceed 25% of the net amount of that bank’s first-tier capital.
IV, Implementing aggregate control and quota management. The balance of Internet loans where commercial banks jointly issue capital with cooperating bodies may not exceed 50% of that bank’s total lending balance.
V, Strictly controlling cross-regional operations. Where banks with local legal personality conduct Internet lending activities, they shall serve local customers, they may not conduct Internet lending operations outside of the jurisdiction where they are registered. Those who do not have physical operational branches, who mainly conduct operations online, and furthermore conform to other CBIRC regulations and conditions are exempt.
VI, Article 2 and Article 5 of this Notification take effect from 1 January 2022, operational inventories will be settled naturally, the transition period for other provisions is consistent with the “Rules”. The CBIRC and its assigned bodies will, according to the principles of “one bank one policy, steady transition”, supervise commercial banks in formulating rectification plans for Internet lending operations that do not meet the requirements of this Notice, and in completing rectification within the notification period. Commercial banks meeting conditions are encouraged to meet targets early.
VII, The CBIRD and its assigned bodies may put forward stricter precautionary supervision and management requirements concerning capital issue proportions, concentration of cooperating bodies, Internet lending amounts and quotas on the basis of the operational management, risk levels and operational conduct status of commercial banks under their jurisdiction, and on the basis of the provisions of this Notice.
VIII, Foreign bank branches, trust companies, consumer finance companies or car finance companies conducting Internet lending operations will refer to and implement the requirements of this Notice and the “Rules”, where the CBIRC provides otherwise, those provisions are followed.
CBIRC General Office
19 February 2021
Guiding Opinions concerning Further Perfecting Structures to Restrain Trust-Breaking and Building Long-Term Mechanisms for Sincerity Construction
GBF No. (2020)49
All provincial, autonomous region and municipal People’s Governments, all State Council ministries and commissions, all directly subordinate bodies:
In order to deeply implement the requirements of the Party Centre and the State Council concerning enhancing sincerity construction, earnestly implementing the “Regulations on Optimizing the Commercial Environment” and other such relevant regulations, further clarify the scope of credit information, impose punishment for trust-breaking according to laws and regulations, perfect credit recovery mechanisms for untrustworthy subjects, and raise the rule of law and standardization levels of social credit system construction, with the approval of the State Council, the following Opinions are hereby put forward.
I, General requirements
With Xi Jinping Thought on Socialism with Chinese characteristics for a new era as guidance, comprehensively implement the spirit of the 19th Party Congress and the 2nd, 3rd, 4th and 5th Plenums of the 19th Party Congress, firmly take seeking progress in stability as a general foundation for work, firmly follow rule of law tracks, strive to build long-term mechanisms for sincerity construction, further standardize and complete mechanisms for the establishment, recording, collecting, sharing, publication, punishment and credit recovery of untrustworthy acts according to the general thinking lines of acting according to laws and regulations, protecting rights and interests, exercising caution and moderation, and checklist-based management, push the social credit system to enter a new phase of high quality development, let the social credit system play an even more positive role in supporting “release, management, service” reform and the transformation of government functions, creating a fair and sincere market environment and social environment.
In the process of advancing and practically exploring social credit system construction work, we must grasp the following important principles: first, strictly act according to laws and regulations, the recording to untrustworthy acts, determining name lists of gravely untrustworthy subjects and punishment for untrustworthiness, and other such matters affecting the direct rights and interests of related individuals, enterprises and all other kinds of subjects, must be handled strictly along rule of law tracks. Second, define scopes accurately, accurately determine the assessment scope for credit information and name lists of gravely untrustworthy subjects, reasonably handle punishment measures for untrustworthiness, firmly prevent improper application and even abuse. Third, ensure punishment is matched to the error, implement different kinds and different degrees of punitive measures strictly according to the law, respectively according to the area in which the untrustworthy act took place, the gravity of the circumstances, the extent of its impact, etc, and ensure the lawful rights and interests of credit subjects are protected. Fourth, lean from international experiences, both act on the basis of our country’s national circumstances, and fully consider international precedents, advance social credit construction cautiously in areas of high social attention, where understandings are not yet in agreement, and push related measures to link tracks internationally.
II, Scientifically determine the scope and processes for public credit information entry
(1) Clearly determine the scope for public credit information. The entry of information on particular acts held by public bodies and organizations authorized by laws and regulations to have public affairs management functions, etc. (hereafter jointly named administrative bodies) into public credit information must be strictly based on laws, regulations or Party Centre and State Council policy documents, and a catalogue system implemented to manage it. The leading work unit of the Interministerial Joint Conference for Social Credit System Construction (hereafter simply named Interministerial Joint Conference) compiles and regularly renews a basic nationwide public credit information catalogue according to laws and regulations, and together with relevant departments, the Interministerial Joint Conference’s member work units and other relevant departments may, according to laws and regulations, put forward suggestions for information to be entered into the catalogue, the Interministerial Joint Conference’s leading work unit combs through them and collects a catalogue, solicits opinions from all localities, all relevant departments and related market subjects, sectoral associations and chambers of commerce, legal service bodies, exports, scholars and the social public, and after submission to the Interministerial Joint Conference for deliberation, [the catalogue] is published to society and its implementation organized. All localities may, on the basis of local regulations, and with reference to the formulation procedure for the basic nationwide public credit information catalogue, formulate supplementary public credit information catalogues suited to that locality.
(2) Strictly standardize bases for determining untrustworthy acts. Administrative bodies determining untrustworthy acts must have a document with legal validity as basis. The bases on which an untrustworthy act may be determined include: valid judicial judgment documents or mediation letters, documents on decisions of administrative acts such as administrative punishments, administrative arbitration, etc, as well as other documents where laws, administrative regulations or other Party Centre and State Council policy documents provide they may act as a basis for a basis determining an untrustworthy act. After administrative bodies determine an untrustworthy act, they shall truthfully record the untrustworthy act.
III, Standardize the scope and process for public credit information sharing and openness
(3) Standardize the scope and process for public credit information sharing. Whether public credit information may be shared or in which scope it may be shared, shall be determined on the basis of the principles of legality and necessity, and determined at the time where public credit information catalogues are compiled. Perfect credit sharing mechanisms, promote the interaction and interconnection, and data sharing between the Nationwide Credit Information Sharing Platform, the National Enterprise Credit Information Publication System as well as relevant departments’ credit information systems, collecting departments must be clarified for data that may be shared, ensuring that “what is collected in one window, is fully shared”.
(4) Determine the scope for publication of public credit information according to laws and regulations. Whether public credit information may be published, shall be determined on the basis of the principles of legality and necessity, and determined at the time where public credit information catalogues are compiled. Public credit information publication may not infringe commercial secrets and personal privacy, where laws and regulations provide otherwise, those provisions are followed. Where information related to an individual is published, the basis in law, regulation, State Council decision or degree must be clarified or the individual in question must consent, and the necessary desensitization must be performed.
(5) Strengthen comprehensive management of public credit information publication channels. Departments determining public credit information shall, according to government information openness and other relevant regulations, publish the related information on that department’s portal website, all levels’ governments’ portal websites or other appointed websites. The “Credit China” website, and the National Enterprise Credit Information Publication System must, according to relevant regulations, conduct uniform publication of public credit information that is collected and shall be published, consistency is to be maintained on the content and time period of publication with the department determining public credit information.
IV, Standardize determination standards and procedures for name lists of gravely untrustworthy subjects
(6) Strictly limit the areas and scopes for the institutions of name lists of gravely untrustworthy subjects. Areas where a name list of gravely untrustworthy subjects ins instituted, must have a basis in laws, regulations or Party Centre or State Council policy documents, no department (work unit) may increase or expand them without authorization. The scope of the institution of name lists of gravely untrustworthy subjects is to be limited strictly to subjects responsible for grave harm to the physical health and life safety of the popular masses, gravely harm fair market competition order and regular social order, refuse to carry out statutory duties with grave influence on the credibility of judicial bodies and administrative bodies, refuse to implement national defence duties and other such grave unlawful and untrustworthy acts, according to the provisions of the “State Council Guiding Opinions concerning Establishing and Perfecting Joint Incentive Structures for Trust-Keeping and Joint Punishment Structures for Untrustworthiness, and Accelerating the Construction of Social Sincerity” (GF No. (2016)33).
(7) Strictly standardize determination standards for name lists of gravely untrustworthy subjects. For name list systems of gravely untrustworthy subjects implemented at the national level, the name list determination standards shall be determined in the form of laws, administrative regulations or Party Centre or State Council policy documents, those temporarily not meeting conditions may be determined by the competent (supervision) department of the area in question through departmental rules, for determination standards, the opinions of the Interministerial Joint Conference leading work unit and other relevant departments, related market subjects, sectoral associations and chambers of commerce, legal service bodies, experts, scholars and the social public shall be fully solicited, the period of public opinion solicitation shall not be less than 30 days. Determination standards shall be published through the “Credit China” website and websites appointed by the competent (supervision) department. Determination standards shall, at the same time, clarify conditions and procedures to leave the name lists as well as relief measures. Departments formulating determination standards shall regularly organize third-party assessment of the outcome of standards implementation and timely revise them. For name list structures for gravely untrustworthy subjects only implemented on a local scale, name list determination standards shall be provided in departmental regulations.
(8) Strictly implement determination procedures for name lists of gravely untrustworthy subjects. Administrative bodies shall, before making determination decisions about name lists of gravely untrustworthy subjects, notify the party concerned about the grounds and basis for the decision, and the rights the party concerned has according to the law; where the party concern raises an objection, this shall be verified and feedback made on the outcome within stipulated time limits. To list a market subject on a name list for gravely untrustworthy subjects, the determining department shall rely on corresponding administrative decision documents, bearing the grounds, basis, untrustworthiness punishment measure notes, withdrawal conditions and procedures as swell as relief measures, when necessary, it is also permitted for the determining department to produce a stand-alone determination decision document about name lists for gravely untrustworthy subjects. In principle, name lists for gravely untrustworthy subjects shall be determined by relevant departments of county-level and higher (including county-level) People’s Governments according to related standards, where laws, regulations and departmental rules provide otherwise, those provisions are followed.
V, Imposing punishment for untrustworthiness according to laws and regulations
(9) Determining punishment measures for untrustworthiness according to laws and regulations. Punitive measures reducing rights or adding to duties of untrustworthy subjects must be based on the facts of the concrete untrustworthy act, directly cite laws, regulations , or Party Centre or State Council policy documents as a basis, ad implement name list structure management. The work unit leading the Interministerial Joint Conference will, together with relevant departments, compile and regularly renew a nationwide basic list of punishment measures against untrustworthiness according to laws and regulations, member work units of the Interministerial Joint Conference and other relevant departments may, on the basis of laws and regulations, put forward suggestions on punitive measures for untrustworthiness to be included in the list, the work unit leading the Interministerial Joint Conference combs through them and collects a general list, solicits opinions from all localities, all relevant departments and related market subjects, sectoral associations and chambers of commerce, legal service bodies, experts, scholars and the social public, and after submission to the Interministerial Joint Conference, publishes [the list] to society and organizes implementation. All localities may, on the basis of local regulations, and with reference to the procedure for the formulation of the basic nationwide list for punitive measures against untrustworthiness, formulate supplementary lists of punitive measures against untrustworthiness suited to these localities. No department (work unit) may coercively require financial bodies, credit service bodies, sectoral associations, chambers of commerce, etc. to punish untrustworthy subjects.
(10) Ensure wrongdoings and punishments are proportional. According to the principles of legality, correlation and balance, according to the list of punishment measures against untrustworthiness, on the basis of the nature of the untrustworthy act and the extent of its gravity, adopt punitive measures of suitable weight, and prevent that small wrongdoings are punished heavily. No department (work unit) may, for the reason of existing regulations not sufficiently strongly punishing untrustworthy acts, expand punitive measures outside the provisions of laws, regulations, or Party Centre or State Council policy documents, or increase punishment on top of statutory punishment standards.
VI, Completing and perfecting credit recovery mechanisms
(11) Establishing and completing a set of credit recovery mechanisms. Related sectoral competent (supervision) departments shall establish credit recovery mechanisms beneficial to self-correction and active self-renewal. Except where laws, administrations, or Party Centre or State Council policy documents clearly provide untrustworthiness information cannot be recovered, where untrustworthy subjects correct the untrustworthy act according to requirements or eliminate the harmful influence, they may in all cases apply for credit recovery. Related departments (work units) shall formulate concrete regulations for credit recovery, clarifying recovery methods and procedures. Where they conform to recovery conditions, they will be timely removed from the name list of untrustworthy subjects according to relevant regulations, the sharing and publication of related untrustworthiness information ceases, or the related untrustworthiness information will be indicated, shielded off or deleted.
(12) Raising credit recovery rates. Strengthen credit recovery information sharing, accelerate the construction and perfection of coordinated and joint “running everything on one network” mechanisms, realistically resolve the problem that “credit recovery is difficult”. Related sectoral competent (supervision) departments as well as the Nationwide Credit Information Sharing Platform and the “Credit China” website shall appoint specialized personnel responsible for credit recovery work, and process credit recovery requests meeting conditions within statutory time limits, they may in no way collect fees from subjects applying for credit recovery.
VII, Strengthening information security and privacy protection
(13) Strengthening credit information security management. All levels’ public credit information systems must, according to the requirement of protecting market subjects’ rights and interests, clarify information inquiry and use privileges and procedures, establish and perfect information inquiry and use registration and inspection structures, and prevent information leaks, where information leaks intentionally or due to work errors, the responsibility of related work units and personnel must be prosecuted strictly, according to laws and regulations. Strictly investigate and prosecute acts of credit information leaks, distortion, damage and theft, or use of credit information to seek improper gain, strictly attack unlawful activities such as the illegal collection, sale or purchase of credit information under the guise of social credit system construction.
(14) Strengthening personal privacy protection. All localities and all relevant departments shall abide by the principles of legality, justification, necessity and minimization, collect and use personal credit information strictly according to the public credit information catalogue, clearly indicate the goal, method and scope of information collection and use and obtain consent from the person in question, where laws or regulations provide otherwise, those provisions are followed. It is prohibited for any work unit or individual to collect and use a person’s credit information without authorization, having coerced authorization or to do so life-long with a one-time authorization. Strengthen investigation and prosecution of the illegal collection, transmission, use, leakage, distortion, damaging, theft or sale of personal credit information and other such act. Related departments must implement focused supervision and management of financial bodies, credit investigation bodies, Internet enterprises, big data enterprises and mobile application software work units, and strictly standardize their personal information collection, storage, use, processing, transmission, provision and publication activities.
VIII, Striving to strengthen credit rule of law construction
(15) Accelerating the progress of credit law and regulation construction. Persist in following rule of law tracks, accelerate the research and advance of legislative processes for laws and regulations in the social credit area, smoothen the relationship between punishment for untrustworthiness and administrative management measures, lay a firm rule of law basis. Where the punitive strength of existing laws and regulations is insufficient, and it is necessary to strengthen punishment, all localities and all relevant departments shall put forward legislative revision suggestions in a timely manner, and ensure punishment for untrustworthiness is conducted strictly according to laws and regulations.
(16) Advancing social credit system construction strictly according to laws and regulations. Strictly standardize credit information, collection and publication scopes according to laws and regulations, strictly standardize determination of name lists of gravely untrustworthy subjects, punishment for untrustworthiness and credit recovery work, ensure that all areas of social credit system construction work operate along rule of law tracks. Minors’ untrustworthy acts, untrustworthy acts resulting from natural disasters, epidemics and other inevitable influences as well as acts with non-subjective intent or minor untrustworthy acts, shall be determined, recorded and punished in a tolerant and cautious manner. Firmly investigate, prosecute and attack all kinds of infringing acts, protect credit information security, commercial secrets and personal privacy according to laws and regulations, and protect the lawful rights and interests of all kinds of credit subjects according to laws and regulations.
IX, Strengthening organizational implementation safeguards.
Implementing dominant responsibilities. All sectoral competent (supervision) departments must realistically fulfil their dominant responsibility in supervising and managing credit in their sector, and perform untrustworthy conduct determination, recording, collection, sharing, publication, punishment and credit recovery work according to laws and regulations, the Interministerial Joint Conference’s leading work units must coordinate with judicial bodies as well as other responsible work units who have already obtained clear authorization in performing related work well. All local levels’ social credit system construction leading work units must realistically implement their comprehensive coordination responsibilities, and strengthen standardization and guidance of social credit system construction work in their areas.
Strengthening responsibility and accountability. With regard to recording, sharing and publication of credit information outside of public credit information catalogues and in violation of laws and regulations, implementing punitive measures outside of the punishment list for untrustworthiness in violation of laws and regulations, as well as acts such as unauthorized determination about name lists of gravely untrustworthy subjects not according to standards and procedures, not processing credit recovery timely or according to regulations, the liability of related work units and personnel must be prosecuted according to laws and regulations
Strengthening propaganda and explanation. All kinds of media are encouraged to vigorously conduct sincerity propaganda and education, deeply report on advanced models of sincerity and promise-keeping, launch constructive public opinion supervision of untrustworthy conduct and incidents, advocate sincerity and promise-keeping. Let relevant departments, sectoral associations and chambers of commerce, experts and scholars, news media, etc. play their role fully, timely explain and interpret credit policies, vigorously respond to concerns from all sides, strengthen positive guidance, and create a benign public opinion environment.
Grasping the moment. All localities and all relevant departments must, according to the requirements of these Opinions, conduct a comb-through and assessment of measures on untrustworthy conduct determination, recording, collection, sharing, publication, punishment and credit recovery measures already published, and those not meeting the requirements of these Opinions must be timely standardized. Set up a transitional period for name list structures of gravely untrustworthy subjects having a clear basis for their continued retention, complete renewal determination standards and procedures of name lists that these Opinions require to be adjusted before the end of 2021, after the transition period, those not conform to the requirements of these Opinions will be abolished without exception.
State Council General Office
7 December 2020
Internet Public User Account Information Service Management Regulations (Revision Draft – Opinion-seeking Version)
Chapter I: General provisions
Article 1: These Regulations are formulated in order to standardize Internet public account information services, safeguard national security and the public interest, and protect the lawful interests of citizens, legal persons and other organizations, on the basis of the “Cybersecurity Law of the People’s Republic of China”, the “Internet Information Service Management Rules”, the “Online Information Content Ecology Governance Regulations” and other such laws, regulations and relevant State provisions.
Article 2: These Regulations apply to the provision and conduct of Internet public account information services within the territory of the People’s Republic of China.
Internet public accounts as mentioned in these Regulations, refers to online accounts of Internet users registered and operated on Internet sites, application software and other such online platforms, to produce and disseminate written, pictorial, audiovisual and other such information content to the social public.
public account platform as mentioned in these Regulations, refers to online information service providers providing public account registration and operation, information content dissemination and technical protection services to Internet users.
Public account producers and operators as mentioned in these Regulations, refers to natural persons, legal persons and non-legal person organizations registering and operating public accounts and engaging in content dissemination.
Article 3: The national cybersecurity and informatization department is responsible for Internet public account information service supervision, management and law enforcement work nationwide. Local cybersecurity and informatization departments are, according to their duties and responsibilities, responsible for Internet public account information service supervision, management and law enforcement work within their administrative areas.
Article 4: Public service information service platforms and public account producers and operators shall abide by laws and regulations, fulfil social responsibilities and moral responsibilities, uphold the correct public opinion orientation and value orientation, carry forward the Socialist core value view, produce and disseminate healthy and upward, true and objective excellent information content, create a crisp and bright cyberspace, and stimulate progress of society and civilization.
All levels’ Party and government bodies, enterprise and undertaking work units, and people’s organizations are encouraged to register and operate public accounts, produce and disseminate high-quality government affairs information or public service information, satisfying public information demand, and promoting economic and social development.
Public service information service platforms are encouraged to vigorously enhance government affairs information publication, public service and social government levels for Party and government bodies, enterprise and undertaking work units, and people’s organizations, provide full and necessary technical support and security protection.
Article 5: Public account information service platforms providing Internet public account information services, shall obtain corresponding qualifications as provided in national laws and regulations.
Public service information service platforms and public account producers and operators shall obtain an Internet news information service licence to provide Internet news information services to the social public.
Chapter II: Public service information service platforms
Article 6: Public service information service platforms shall bear dominant responsibility for information content and public account management, allocate management personnel and technical capabilities suited to the business scale, appoint persons to position responsible for content security, establish, complete and strictly implement management structures for account registration, content examination and verification, information inspection, ecological governance, emergency response, cybersecurity, data security, personal information protection, copyright protection, credit evaluation, etc., and uphold the security of the platform’s information content and public accounts, and the security of data and personal information.
Public service information service platforms shall, on the basis of relevant laws and regulations and relevant State provisions, formulate and publish management norms and platform conventions for information content production, public account operations, etc., and conclude service agreements with public account producers and operators, clarifying both sides’ content dissemination limitations, account management responsibilities and other such rights and obligations.
Article 7: Public service information service platforms shall, according to relevant national standards and norms, establish categorized public account registration and categorized production structures, implement categorized management, and file the matter with the provincial, autonomous region or municipal cybersecurity and informatization department of the locality of the public account.
Public service information service platforms shall, on the basis of indicators and dimensions such as an account’s information content quality, the credit evaluation of the account’s subject, etc., establish tiered management structures, and implement tiered account management.
Public service information service platforms formulating content production and account operations management norms, platform conventions and other such important structures and measures shall file them with the local provincial, autonomous region or municipal cybersecurity and informatization department; when bringing related new technologies, new applications or new functions online, they shall conduct a security assessment according to relevant regulations.
Article 8: Public service information service platforms shall adopt measures such as composite verification, etc., to conduct real identity information authentication of Internet users applying to register for a public account, based on mobile telephone number, resident identity card number or unified social credit code and other such methods, and raise the accuracy of authentication. Where users do not provide real identity information, or improperly use real identity information of organizations, bodies or other persons to conduct a false registration, no related service may be provided to them.
Public service information service platforms shall conduct inspection of the legal and regulatory compliance of public account names, portraits, bios, etc. of public accounts registered by Internet users, where they discover an account name, portrait or bio does not conform to the subject’s real identity information, and especially where they use or link to Party or government bodies, enterprise and undertaking work units and other such organizations and bodies or well-known social personalities without authorization, as well as where the corresponding registration information contains unlawful or harmful information, they shall suspend the provision of services and notify the user to correct matters within a limited time, where these refuse to correct the matter, the provision of services shall be terminated.
Public service information service platforms shall prohibit public accounts closed according to the law or to the convention to re-register under a similar name; where an account name with a high degree of connectedness to them is registered, the real identity information, service qualifications, etc. of the account subject shall also be subject to necessary checks.
Article 9: Public service information service platforms shall require public accounts applying to register and engage in the production of information content in areas such as economics, education, health, judicial affairs, etc., require users to provide their specialized background at the time of registration, as well as corresponding materials to prove professional qualifications or service qualifications they have acquired according to laws and administrative regulations, and conduct the necessary checks.
Public service information service platforms shall add a special symbol to public accounts after they are checked and passed, and according to the different subject nature of the user, externally announce content production categories, the name of operating subjects, the registered business address, uniform social credit code, contact method and other such registration information, to facilitate social supervision and inspection.
Public service information service platforms shall establish dynamic checking and inspection structures, and at suitable times check the veracity and validity of registration information of producers and operators.
Article 10: Public service information service platforms shall set reasonable upper limits to the number of registered public accounts of the same subject on their platform. Where users apply to register for multiple public accounts, their subject nature, service qualifications, business scope, credit evaluation etc. shall also be checked.
Public service information service platforms may, on the basis of the service agreement suspend or terminate provision of services to public accounts who have not logged on or have been used for over six months after the Internet user registered.
Public service information service platforms shall complete technical measures to prevent and deal with unlawful registration acts by Internet users such as registration in excess of quota, malicious registration, false registration, etc.
Article 11: Public service information service platforms shall, according to the law and the convention, prohibit public account producers and operators to transfer, lend or illegally trade, sell or buy public accounts in violation of regulations.
Where public account producers and operators transfer or donate public account use rights to other users, they shall put forward an application with the platform. The platform shall, on the basis of the provisions in the previous Paragraph, authenticate and check the user on the receiving side, and publish the subject change information. Where the platform discovers a producer or operator has transferred a public account without inspection or authorization, it shall timely suspend or terminate the provision of services.
Public account producers and operators voluntarily terminating account operations may apply with the platform for suspension or termination of use. The platform shall suspend or terminate the provision of services according to the service agreement.
Article 12: Public service information service platforms shall establish public account supervision and assessment mechanisms, and prevent acts of falsification of account subscriptions, user following numbers, content click rates, repost or comment quantities and other such data.
Public service information service platforms shall standardize public account recommendation, subscription and following mechanisms, and complete technological measures to timely discover and deal with unusual changing circumstances in account subscription and following numbers. Without the knowledge and agreement of the Internet user, subscription and following of other users’ public accounts may not be forced.
Article 13: Public service information service platforms shall establish tiered credit management systems, and provide corresponding services on the basis of credit tiers.
Public service information service platforms shall establish and complete mechanisms to warn for, discover, trace, refute, delete and in other ways deal with online rumours and other such false information, and reduce the credit tier or blacklist public account producers and operators who produced and disseminated rumours and other such false information.
Article 14: Public service information service platforms shall, when conducting content supply and account recommendation cooperation with producers and users, standardize commercial activities such as management of advertising and operations, knowledge payment, e-commerce sales, user gratuities, etc., they may not disseminate false advertising, conduct exaggerated propaganda, commit commercial fraud, etc., preventing operations violating laws and regulations.
Public service information service platforms shall strengthen copyright protection of originally produced information content, preventing acts of piracy and infringement. Platforms may not abuse their advantaged position to interfere in the lawful and compliant operations of producers and operators, or infringe users’ lawful rights and interests.
Chapter III: Public account information producers and operators.
Article 15: Public account information producers and operators shall, on the basis of categorized platform management norms, at the time of registering the public account, accurately fill out user’s subject nature, registered location, business location, content production category, contact method and other such basic information, enterprises, organizations, bodies and other such Internet users shall also indicate their main activity or business scope.
Public account producers shall aide by platform management norms, platform conventions and service agreements, and engage in information content production and dissemination in the relevant sectoral area on the basis of the registered content production category indicated at the time of public account registration.
Article 16: Public account producers and operators shall bear dominant responsibility for information content production and public account operations and management, and engage in information content production and account operations and activities according to laws and regulations.
Public account producers and operators shall establish and complete information content security examination and verification mechanism for the entire process of topic planning, editing and production, dissemination and popularization, interactive comments, etc., strengthen gatekeeping over information content’s orientation, veracity and legality, and maintain a benign order in online communication.
Public account information producers and operators shall establish and complete security management mechanisms for the entire process of public account registration and use, operations and popularization, etc., manage and operate the account in a civilized, rational and standardized manner, attract the public’s attention, subscription, interaction and sharing with high-quality information content, and maintain a benign social image of the account.
Article 17: Public account producers and operators shall, when reposting information content originally created by other persons, abide by copyright protection-related laws and regulations, indicate the original creator and a traceable information source, and respect and protect the lawful rights and interests of copyright holders.
Public account producers and operators shall manage messages, posts, comments and other such interactive segments on their account. Platforms may, on the basis of the subject nature and credit tier of the public account, rationally set up management limits, and provide corresponding technological support.
Where public account producers and operators conduct account operations, content provision and other such cooperation with third-party bodies , both sides shall conduct checks and gatekeeping of the account’s operations and activities, supplied information content, etc.
Article 18: Public account producers and operators may not commit the following acts in violation of laws and regulations:
(1) Not registering with real identity information, or registering with a public account name, portrait, bio, etc. that is not conform with one’s own real identity information;
(2) Maliciously posing as, imitating or misappropriating the public account of an organization, body or other person to produce and disseminate information content;
(3) Providing Internet news information gathering, dissemination and other such services without a licence or in excess of a licence’s scope;
(4) Manipulatively using accounts on multiple platforms, to publish batches of homogenous information content, generating false flow data, and creating false public opinion hot spots;
(5) Using sudden public incidents to incite extreme emotions and acts, or commit online violence harming the reputation of other persons and organizations, influencing social harmony and stability;
(6) Fabricating false information, counterfeiting originally-created content, quoting or concocting untrue information sources, distorting facts and truths, misleading the social public;
(7) Using paid dissemination and deletion of information and other such methods to commit illegal online surveillance, marketing frauds, extortion and blackmail, in pursuit of improper gain;
(8) Registering in batches, hoarding or illegally trading, buying and selling public accounts;
(9) Producing, reproducing or disseminating unlawful information, or not adopting measures to prevent and resist the production, reproduction or dissemination of harmful information;
(10) Other acts prohibited in laws and administrative regulations.
Chapter IV: Supervision and management
Article 19: Public service information service platforms shall strengthen supervision and management of public service information service activities, and timely discover and deal with information or activities violating laws and regulations.
Public service information service platforms shall, on the basis of service agreements and platform conventions, adopt measures to deal with public accounts violating these regulations and relegated laws and regulations including warnings and alerts, limiting account functions, suspending content renewal, ceasing advertising dissemination, closing or cancelling accounts, blacklisting, termination of re-registration, etc., preserve relevant records, and timely report the matter to cybersecurity and informatization and other such relevant competent department.
Article 20: Public service information service platforms and producers and operators shall consciously accept social supervision.
Public service information service platforms shall set up eye-catching and convenient reporting interfaces, publish appeals, complaints and reporting methods and other such information, complete reporting information acceptance, screening, handling and feed-back mechanisms, clarify handling workflows and feed-back time limits, and timely and effectively deal with complaints by producers and operators, and complaints and reports from the public.
Internet sectoral organizations are encouraged to conduct public appraisal, promote strict self-discipline of public service information service platforms and producers and operators, establish authoritative mediation mechanisms with participation from multiple sides, fairly and relationally resolve sectoral disputes, and safeguard users’ lawful rights and interests according to the law.
Article 21: All levels’ cybersecurity and informatization departments will establish and complete coordinated supervision and management work mechanisms together with relevant competent departments, to supervise and guide public service information service platforms and producers and operators to conduct related information service activities according to laws and regulations.
Public service information service platforms and producers and operators shall cooperate with relevant competent departments’ lawful conduct of supervision and inspection, and provide the necessary technical support and assistance.
Where public service information service platforms and producers and operators violate these Regulations, cybersecurity and informatization departments and relevant competent departments will impose punishment according to relevant laws and regulations within their scope of duties and responsibilities.
Article 22: These Regulations take effect on (day, month) 2020.
第二十二条 本规定自2020年 月 日起施行。
Deliberated and approved at the CCP Central Committee Politburo meeting of 28 September 2020, and issued on 30 September 2020 by the CCP Central Committee
Chapter I: General Provisions
Article 1: These Regulations are formulated in order to strengthen the work of the Party’s Central Committee, on the basis of the “Charter of the Communist Party of China”.
Article 2: The Party’s highest leading body is the Party’s National Congress and the Central Committee this produces. During times where the National Congress is not in session, the Central Committee leads the Party’s overall work, and represents the Chinese Communist Party externally.
Article 3: The Central Committee holds high the magnificent banner of Socialism with Chinese characteristics, takes Marxism-Leninism, Mao Zedong Thought, Deng Xiaoping Theory, the important “Three Represents” thought, the scientific development concept, and Xi Jinping Thought on Socialism with Chinese Characteristics for a new era, it takes the lead in strengthening the “Four Consciousnesses”, steadfastly upholds the “Four Self-Confidences”, ensuring the “Two Safeguards”, it does not forget its original intention, keeps its mission firmly in mind, assumes all responsibility for the entire picture, coordinates all sides, and unites and leads the entire Party, the entire military, the entire country and the people of all ethnicities in the untiring struggle to comprehensively construct a strong, modern Socialist country, and realize the Chinese Dream of the great rejuvenation of the Chinese nation with a firm and correct political position and political direction.
Article 4: The Central Committee will firmly grasp the following principles in conducting its work:
(1) Upholding Party leadership over all work, ensuring the concentrated and united leadership of the Party centre.
(2) Upholding and developing Socialism with Chinese characteristics, comprehensively implementing the Party’s basic theory, basic line and basic general plan.
(3) Upholding liberating thoughts, seeking truth from facts, progressing with the times, seeking reality in a pragmatic manner.
(4) Upholding service to the people with all hearts and minds, putting the people central, governing for the sake of the people, and relying on the people in governing.
(5) Upholding democratic centralism, fully carrying intra-Party democracy forward, implementing correct and effective centralization, safeguarding Party unity and uniformity.
(6) Upholding strict Party management and Party governance, forever preserving the Party’s advanced nature and purity.
Chapter II: Leading position
Article 5: The Central Committee, the Politburo, and the Politburo Standing Committee are the brains and central axis of the Party’s organizational system, they grasp the orientation, plan the overall picture, direct policy and stimulate reform in the undertaking of advancing Socialism with Chinese characteristics. Only the Party Centre has the power to decide and resolve major issues of programmes and policies involving the entire Party and the entire country.
The Party Centre’s major policy decisions and arrangements are the basis for the entire Party, the entire military, the entire country and the people of all ethnicities to unify thoughts, unify intentions and unify actions.
Article 6: The Party Centre embodies the magnificent struggle, the magnificent project, the magnificent undertaking and the magnificent dream, it comprehensively advances the general “Five into One” arrangement, it coordinates the advance of the strategic “Four Comprehensives” arrangement, it completely leads work in all areas and all aspects including stable reform and development, internal politics, foreign affairs and national defence, governing the Party, governing the country, and governing the military, etc., and implements concentrated and united leadership over major work in the Party’s and the country’s undertaking and development.
Article 7: All levels’ Peoples Congresses, governments, consultative conferences, supervision bodies, judicial bodies, procuratorate bodies and armed forces, all democratic parties and non-party affiliated persons, people’s organizations, enterprise and undertaking work units, grass-roots mass self-governance organizations, social organizations, etc., must all consciously accept the leadership of the Party Centre.
Article 8: All organizations of entire Party and the entire body of Party members must consciously serve the Party Centre, emulate the Party Centre, determinedly uphold the authority of the Party Centre and its concentrated, united leadership, and consciously maintain a high degree of consistency with the Party Centre in their thoughts, their politics and their actions.
Chapter III: Leadership systems
Article 9: The Central Committee is produced through election by the Party’s National Congress, it is composed of Committee members and alternate members, with a term of office of five years. If the National Congress is organized earlier or later, the Central Committee’s term of office will correspondingly change.
The number of Central Committee members and alternate members is decided by the National Congress. Central Committee members and alternate members must have more than five years of Party seniority. The selection shall bring together governing backbones and excellent representatives from all regions, all departments, all battle fronts and all sectors of the Party, with firm politics, excellent qualities, a balanced distribution and a rational structure, who are able to take up the historical burden of governing the Party, the country and the military, and advancing the undertaking of Socialism with Chinese characteristics for a new era.
If a Central Committee membership post is vacant, the Central Committee alternate members will successively fill vacancies according to the number of votes they received.
Article 10: The Politburo, Politburo Standing Committee and General Secretary are chose by the whole Central Committee. The Central Committee General Secretary must be produced from the members of the Politburo Standing Committee.
The Central Secretariat is the office body of the Politburo and its Standing Committee; its members are nominated by the members of the Politburo Standing Committee, and passed by the whole Central Committee.
The Central leading bodies and Central leaders produced by every Central Committee will, during the sitting period of the next National Congress, continue to take charge of everyday Party work, until the point where the next Central Committee has produced new Central leading organs and Central leaders.
Article 11: Under the leadership of the Party Centre, the Central Military Commission exercises the duties and responsibilities of the highest military leading body of Party and State. A chairman responsibility system is implemented for the Central Military Commission.
Article 12: Under the leadership of the Party Centre, the Central Discipline Inspection Committee (National Supervision Committee) exercises the duties and responsibilities of the highest disciplinary inspection body of the Party (and the highest supervisory body of the State).
Article 13: The Party Centre establishes several policy-making and deliberation coordination bodies who, under the leadership of the Party Centre, are responsible for top-level design, comprehensive planning and coordination, overall advance and supervision of implementation in related major work areas.
The Party Centre establishes several work bodies who, under the leadership of the Party Centre, are in charge of or conduct relevant Centre work.
The Party Centre establishes Party Groups in the National People’s Congress, the State Council, the Chinese People’s Political Consultative Conference, the Supreme People’s Court, the Supreme People’s Procuratorate, etc., who are responsible to the Party Centre and implement the Party Centre’s policy decisions and arrangements.
Chapter IV: Leadership powers
Article 14: During periods where the Party’s National Congress is not in session, the Central Committee executes the resolutions of the National Congress, and exercises the following powers:
(1) It convenes the National Congress, deciding on the number and selection methods for National Congress delegates; discussing the Central Committee report to the National Congress, the Central Discipline Inspection Committee report to the National Congress, the revision draft of the Party Charter, and decides on requesting inspection and deliberation by the National Congress. When necessary, it decides to convene a national Party delegate conference, and decides the quota and production rules of national Party conference delegates.
(2) It elects and produces Central leading bodies and the Central Committee General Secretary, it passes the members of the Central Secretariat, it decides on the members composing the Central Military Commission, approves the standing committee, secretary and vice-secretary elected and produced by the plenary session of the Central Discipline Inspection Committee; it elects more or supplementary members of Central leading bodies, supplements members of the Central Secretariat and members composing the Central Military Commission.
(3) It hears and discusses the work report of the Politburo.
(4) It discusses and decides upon major issues relating to the entire picture of the development of the Party and State’s undertaking.
(5) It discusses and decides upon recommendation of candidates for national president and vice-president, and recommendation of candidates for leading positions in the National People’s Congress, State Council, Chinese People’s Political Consultative Conference, Central Military Commission, National Supervision Committee, Supreme People’s Court, and Supreme People’s Procuratorate.
(6) It decides upon filling vacant Central Committee positions; it decides or retroactively recognizes punishments of Central Committee members and alternate members by dismissal from intra-Party positions, Party probation or removal of Party membership.
(7) It discusses and decides upon other major issues and matters concerning the Party’s governance of the country and management of the administration, as well as Party management and Party governance.
During periods where the Central Committee plenary meeting is not in session, the Central Committee’s duties are exercised by the Politburo and its Standing Committee.
Article 15: The politburo executes the resolutions and decisions of the National Congress and the Central Committee, it reports its work to the plenary Central Committee and accepts its supervision, and exercises the following powers.
(1) It convenes and chairs the plenary meetings of the Central Committee, researches and decides upon issues and matters to be submitted to the plenary Central Committee meeting for deliberation.
(2) It discusses and decides upon major issues and affairs relating to the entire picture of the development of the Party and State’s undertaking
(3) During periods where the Central Committee plenary meeting is not in session, it decides upon punishing Central Committee members and alternate members with dismissal from intra-Party positions, Party probation or removal of Party membership, in expectation of recognition when the Central Committee plenary conference convenes; it decides upon removing from Party membership of Central Committee members and alternate members gravely violating criminal law.
(4) It recommends, nominates, appoints and dismisses cadres according to relevant regulations,; and decides ways of dealing with or punishing relevant Party leading cadres.
(5) It researches and decides upon other major issues and matters that should be decided by the Politburo.
Article 16: The Politburo Standing Committee executes the decisions and resolutions, of the National Congress and the Central Committee, it organizes the implementation of the programmes and policies formulated by the Politburo, and exercises the following powers:
(1) It handles the daily work of the Party Centre.
(2) It researches and discusses major issues and matters relating to the entire picture of the development of the Party and State’s undertaking and puts forward opinions, submitting then to the Politburo for deliberation.
(3) It researches and decides upon major issues and matters concerning Party and State work.
(4) It decides on the handling and work arrangements for major sudden incidents.
(5) It listens to the Central Secretariat work report ad the work reports of the Central Discipline Inspection Committee (National Supervision Council), the National People’s Congress Party Group, the State Council Party Group, the Chinese People’s Political Consultative Conference Party Group, the Supreme People’s Court Party Group, the Supreme People’s Procuratorate Party Group, etc.
(6) It recommends, nominates, appoints and dismisses cadres according to relevant regulations; and decides ways of dealing with or publishing relevant Party cadres.
(7) It researches and decides upon other major issues and matters that should be decided by the Politburo Standing Committee.
Article 17: The Central Committee General Secretary is responsible for convening the meetings of the Politburo and the Politburo Standing Committee, and chairs the work of the Central Secretariat.
Article 18: The Central Secretariat arranges and conducts its work according to the instructions of the Politburo, the Politburo Standing Committee and the Central Committee General Secretary.
Chapter V: Leadership methods
Article 19: The Party Centre deeply grasps the governance laws of the Communist Party, the laws of Socialist construction, and the laws of human social development, it upholds and develops Marxist ways of thinking and ways of working, it adapts to new times and new requirements, improves and perfects leadership methods, strengthens the construction of the Party’s long-term governance capacity, and raises the Party’s level of scientific governance, democratic governance, and governance according to the law.
Article 20: The Party Centre holds high the banner and directs the orientation, it navigates and steers the ship, and leads the advanced direction of the undertaking of the Party and the State. It strengthens political leadership, unwaveringly marching the path of Socialism with Chinese characteristics. It strengthens ideological leadership, and uses Xi Jinping Thought on Socialism with Chinese characteristics for a new era to arm the entire Party and educate the people. It strengthens leadership in demeanour, and concentrates the Party’s hearts, the military’s hearts and the people’s hearts with the force of formidable truths and the force of human dignity.
Article 21: The Party Centre assumes responsibility of the entire picture and coordinates all sides, it ensures that the entire Party, the entire military, the entire country and the people of all ethnicities advance together with united determination, united actions and in step. It takes charge of all work matters, comprehensively advancing the undertaking of the Party and the State in all aspects. It takes charge of forces of all sides, leading all levels’ and all kinds of organizations and the broad Party members, cadres and the masses to act unitedly. It takes charge of national governance, upholds and perfects the Socialist system with Chinese characteristics, and advances the modernization of the national governance system and governing capacity.
Article 22: The Party Centre leads the entire Party in a magnificent self-revolution and a magnificent social revolution with a high sense of responsibility, a strong worrying mentality, and a dauntless revolutionary spirit, incessantly promoting the advance of the magnificent undertaking of Socialism with Chinese characteristics in a new era.
Chapter VI: Policy decisions and arrangements
Article 23: The Party Centre makes policy decisions on major issues in Party and State work according to the principles of collective leadership, democratic centralism, individual fermentation, and decisions by meetings. On the basis of requirement, meetings of the plenary Central Committee, the Politburo or the Politburo Standing Committee are convened to discuss and decide on matters.
When the Party Centre makes major policy decisions and arrangements, it must deeply investigate and research matters, broadly listen to opinions and suggestions from all sides, strengthen analysis and elucidation, concentrate a consensus of wisdom, ensure scientific policymaking, democratic policymaking, and policymaking according to the law.
Article 24: The Central Committee’s plenary meeting is to be organized at least once every year. The agenda of the meeting will be determined after soliciting opinions from a certain scope inside the Party.
The Central Committee’s plenary meeting may only be convened if more than half of the Central Committee members are present at the meeting venue. If Central Committee members and alternate members cannot participate for some reason, they shall ask for leave before the meeting, their opinions may be expressed in written form. On the basis of requirement, it may be arranged for relevant persons to attend the meeting in a non-voting capacity.
On the basis of differences in matters under discussion and decision, methods such as raising hands, secret ballots, etc. are adopted to make decisions by vote, where affirmative votes exceed half of the number of members, they are passed. The opinions of non-present members is not counted into the vote tally. Alternate members do not participate in voting.
Punishment of Central Committee members and alternate members by dismissal from intra-Party positions, Party probation or removal of Party membership must be decided by a two-thirds majority of the Central Committee’s plenary meeting. During periods where the Central Committee’s plenary meeting is not in session, this may be decided first by the Politburo, in expectation of the convention of a plenary Central Committee meeting, at which time it will be recognized.
Article 25: Politburo meetings are generally organized regularly, in the event of important circumstances, they may be organized whenever necessary. The topic of the meeting is decided by the Central Committee General Secretary.
Politburo meetings may only be convened if more than half of the Politburo members are present at the meeting venue. On the basis of requirement, it may be arranged for relevant persons to attend the meeting in a non-voting capacity.
Politburo meetings shall, when deciding issues, fully discuss them, and where they involve multiple matters, conduct item-by-item discussion and decisions.
Article 26: Politburo Standing Committee meetings are generally organized regularly, in the event of important circumstances, they may be organized whenever necessary. The topic of the meeting is decided by the Central Committee General Secretary.
Politburo Standing Committee meetings may only be convened if more than half of the Politburo members are present at the meeting venue. On the basis of requirement, it may be arranged for relevant persons to attend the meeting in a non-voting capacity.
Politburo Standing Committee meetings shall, when deciding issues, fully discuss them, and where they involve multiple matters, conduct item-by-item discussion and decisions.
Article 27: The Central Secretariat convenes office meetings to research and discuss relevant matters according to the policy decisions and arrangements of the Central Committee, and the instructions and requirements of the General Secretary. The topics of the meetings are decided by the Central Committee General Secretary.
Article 28: The Party Centre convenes work conferences, special topic conferences, etc. on the basis of requirements, to analyse trends and arrange work.
Article 29: According to the policy decisions and arrangements of the Central Committee, and the instructions and requirements of the General Secretary, the Party Centre’s policy decision, deliberation and coordination bodies convene meetings, to research policy decisions, and arrange and coordinate major work in relevant areas. The topic of the meeting is determined or authorized by the General Secretary.
After relevant matters are deliberated by a meeting of a Central policy decision, deliberation and coordinating body, it is submitted to a Politburo Standing Committee meeting for deliberation on the basis of requirement.
Article 30: The Party Centre conducts consultation on major Party and State programmes and policies, major issues, major personnel arrangements, etc., it listens to opinions and suggestions from all democratic parties’ centres, the All-China Federation of Industry and Commerce, and non-party affiliated persons and representatives, who report on major situations, communicate thoughts, and enhance consensus.
Chapter VII: Self-construction
Article 31: The members composing the Central Committee, the Politburo and the Politburo Standing Committee must make the “Two Upholds” into a fundamental political requirement, take the lead in achieving the “Two Upholds”, ensure the smooth passing of Party Centre decrees, and strict enforcement of orders and prohibitions, and ensure the Party Centre’s policy decisions and arrangements touch the ground and become effective.
Article 32: The members composing the Central Committee, the Politburo and the Politburo Standing Committee must keep firmly in mind that they a member of the Party’s highest leading bodies, uphold organizational principles and the principles of the Party nature, closely observe political discipline and political manners, conduct affairs according to procedures, conduct affairs according to norms, and conduct affairs according to the collective will, upholding and maintaining the unity of the Party.
The members composing the Central Committee, the Politburo and the Politburo Standing Committee shall consciously execute the Party Charter and other such intra-Party regulations, consciously implement the Party’s mass line, strictly implement the Centre’s eight rules, uphold a spirit of opposing formalism, bureaucratism, hedonism and extravagance, consciously struggle with privileged thinking and privileged appearances, and maintain a upright and just, honest and clean political quality throughout.
Politburo members shall timely submit reports to the Party Centre on major policy decisions, major matters and major circumstances. Where it is necessary, in the process of execution, to adjust major Party Centre policies or decisions and major work arrangements, it must be reported to the Party Centre for approval.
Article 33: The members composing the Central Committee, the Politburo and the Politburo Standing Committee shall take the lead in carrying forward intra-Party democracy, and earnestly implement the democratic centralist principles and procedures determined in the Party Charter and other such intra-Party regulations. The Politburo annually organizes a democratic life meeting. The Central Committee members and alternate members participating in plenary Central Committee meetings shall vigorously express opinions and put forward suggestions on Party and State work.
Chapter VIII: Supplementary provisions
Article 34: The interpretation of these Regulations is the responsibility of the Central Committee General Office
Article 35: These Regulations take effect on the date of promulgation.
Guiding Opinions on Implementing the Cybersecurity Multi-Level Protection System and Critical Information Infrastructure Security Protection System
Gong Wang An No. (2020)1960
All Centre and State bodies’ ministries and commissions, all bodies, office bodies and undertaking work units directly subordinate to the State Council, all Centre enterprises:
In order to implement the spirit of relevant Party Centre documents and the “Cybersecurity Law”, guide focus sectors and departments in comprehensively implementing the cybersecurity multi-level protection system and critical information infrastructure security protection system, complete and perfect the national comprehensive cybersecurity defence system, effectively prevent cybersecurity threats, forcefully deal with major cybersecurity incidents, coordinate public security bodies’ strengthening of cybersecurity supervision and management, strictly attack unlawful and criminal activities harming cybersecurity, realistically ensure the security of critical information infrastructure, important networks and data, the Ministry of Public Security has researched and formulated the “Guiding Opinions on Implementing the Cybersecurity Multi-Level Protection System and Critical Information Infrastructure Security Protection System”. These are hereby issued to you, please earnestly consult and implement them in combination with the work reality in your sectors and your departments.
Ministry of Public Security
22 July 2020
Guiding Opinions on Implementing the Cybersecurity Multi-Level Protection System and Critical Information Infrastructure Security Protection System
The cybersecurity multi-level protection system and critical information infrastructure security protection system are basic systems laid down in relevant Party Centre documents and the “Cybersecurity Law”. In recent years, all work units and all departments have comprehensively strengthened cybersecurity work according to the requirements of Central cybersecurity policies and the provisions of the “Cybersecurity Law” and other such laws and regulations, powerfully ensuring the security of national critical information infrastructure, important networks and data. Even though information technology develops at flying speed, cybersecurity work still faces several new situations, new tasks and new challenges. In order to implement the cybersecurity multi-level protection system and critical information infrastructure security protection system, complete and perfect the national cybersecurity defence system, effectively prevent cybersecurity threats, forcefully deal with cybersecurity incidents, strictly attack unlawful and criminal activities harming cybersecurity, realistically safeguard national cybersecurity, the following Guiding Opinions are hereby formulated.
I, Guiding ideology, basic principles and work objectives.
(1) Guiding ideology
With Xi Jinping Thought on Socialism with Chinese Characteristics in a New Era as guidance, according to the policy arrangements of the Party Centre and the State Council, with the overall national security view as the lead, earnestly implement the cyber power strategy, comprehensively strengthen overall cybersecurity work planning, with implementing the cybersecurity multi-level protection system and critical information infrastructure security protection system as basis, with protecting the security of critical information infrastructure, important networks and data as focus points, comprehensively strengthen work in areas such as cybersecurity prevention and management, monitoring and early warning, emergency response, investigation and attack, intelligence and information, etc., timely monitor and deal with cybersecurity risks, threats and sudden cybersecurity incidents, protect critical information infrastructure, important networks and data from attacks, intrusions, interference and destruction, punish online unlawful and criminal activities according to the law, substantially raise cybersecurity protection capabilities, vigorously build a comprehensive cybersecurity defence system, substantially safeguard national cyberspace sovereignty, national security and the social and public interest, protect the lawful rights and interests of the popular masses, ensure and stimulate the healthy development of economic and social informatization.
(2) Basic principles
– Persist in tiered protection, focus on prominent issues. On the basis of the degree of importance of networks (including network infrastructure, information systems, data resources, etc.) for national security, economic construction and social life, as well as factors such as the degree of harm after they should be destroyed, scientifically determine the security protection tier of networks, implement tiered protection and tiered supervision and management, focus on ensuring the security of critical information infrastructure and third-tier (including third-tier, hereafter similar) and higher networks.
-Persisting in active defence and comprehensive protection. According to laws, regulations and relevant State standards and norms, fully use artificial intelligence, big data analysis and other such technologies to vigorously implement cybersecurity management and technical protection measures, strengthen cybersecurity mentoring, state sensing, reporting and early warning, emergency response and other such major work matters, comprehensively adopt cybersecurity protection, defence and safeguard measures, prevent and curb the occurrence of major cybersecurity risks and incidents, protect the security of new technology applications and new business models such as cloud computing , the Internet of Things, the New Internet, big data, smart manufacturing, etc.
-Persisting in protection according to the law and creating joint forces. On the basis of the provisions of the “Cybersecurity Law” and other such laws and regulations, public security bodies fulfil cybersecurity protection, supervision and management duties and responsibilities according to the law, sectoral competent departments for cybersecurity (including supervision and management departments, hereafter similar) fulfil cybersecurity supervision and management responsibilities within their sectors according to the law, strengthen and implement the dominant protection responsibility of network operators, give full rein and muster forces from all parts of society, coordinate and cooperate, decide and work as team, and create cybersecurity protection work joint forces.
(3) Work objectives
– Deeply implementing the cybersecurity multi-level protection system. Cybersecurity multi-level protection tier determination and filing, tier monitoring and assessment, security construction, inspections and other such basic work matters are to be profoundly advanced. The “three izations and six defences” measures of “actualization, systematization and regularization” of cybersecurity protection and “dynamic defence, active defence, defence in depth, accurate protection, overall protection, joint defence and joint control” to be effectively implemented, a beneficial ecology for cybersecurity protection to be basically established, critical information infrastructure security protection capabilities to clearly strengthen.
– The critical information infrastructure security protection system to be established and implemented. Critical information infrastructure base numbers to be made clear, security protection bodies to be completed, responsibilities to be clarified, protection to be powerful. On the basis of implementing the cybersecurity multi-level protection system, critical information infrastructure-related critical position personnel management, supply chain security, data security, emergency response and other such focus protection measures to be effectively implemented, clearly strengthening critical information infrastructure security protection capabilities.
– Cybersecurity monitoring, early warning and emergency response capabilities to clearly increase. A cross-sector, cross-departmental and cross-regional three-dimensional cybersecurity monitoring system and cybersecurity protection platform to be basically completed, clearly raising cybersecurity state sensing, reporting, early warning and incident discovery and handling capabilities. Cybersecurity advance plans to be scientifically readied, emergency response and handling mechanisms to be perfected, emergency drills to be conducted in a regularized manner, major cybersecurity incidents to be effectively prevented, restrained and dealt with.
– A comprehensive cybersecurity prevention system to be basically created. Cybersecurity protection work mechanisms to be completed and perfected, a cybersecurity work structure with Party Committees in overall leadership, all departments taking responsibility according to the division of work, and social forces from many sides participating to be further perfected. The cybersecurity responsibility system to be effectively implemented, cybersecurity management, prevention, supervision, guidance, investigation and attack capabilities to clearly rise, and a comprehensive cybersecurity protection system integrating “attack, defence, management and control” to be basically created.
II, Deeply implementing the national cybersecurity multi-level protection system
According to the requirements oof the national cybersecurity multi-level protection system, all work units and all departments will, under the guidance and supervision of public security bodies, earnestly organize and deeply launch cybersecurity multi-level protection work, establish a beneficial cybersecurity protection ecology, substantially implement their dominant responsibilities, and completely enhance cybersecurity protection capabilities.
(1) Deepening network tier determination and filing work. Network operators shall comprehensively comb through all kinds of networks in their work unit, and especially the basic situation of cloud computing, Internet of Things, the New Internet, big data, smart manufacturing and other such new technological applications, and on the basis of the function of the network, its service scope, service counterparts, the data it handles and other such matters, scientifically determine the security protection tier of networks, second-level and higher networks will be filed according to the law with public security bodies, and filed with the sectoral competent department. Newly built networks shall be assigned a security protection tier in the planning and design phase. Public security bodies conduct examination and verification of the filing materials and network security protection tier submitted by network operators, where the tier determination result is reasonable and filing materials comply with requirements, they will timely issue cybersecurity multi-level protection filing certification. Sectoral competent departments may, on the basis of the national standard “Cybersecurity Multi-Level Protection Tier Determination Guidelines”, formulate guiding opinions for cybersecurity multi-level protection tier determination in integration with the characteristics of their sector.
(2) Regularly conducting cybersecurity tier assessments. Network operators shall, on the basis of relevant standards and norms, conduct monitoring and assessment of the security of networks with determined and filed tiers, and search for possibly existing cybersecurity problems and vulnerabilities. Third-tier and higher network operators shall entrust tier assessment bodies compliant with relevant State regulations to annually conduct a cybersecurity tier assessment, and timely submit the tier assessment report to the public security body and administrative competent department who received the filing. Newly-built third-tier and higher networks shall be put into operation after undergoing tier assessment. Network operators must, in the process of conducting assessment services, conclude a security and secrecy protection agreement with the assessment body, and conduct supervision and management of the assessment process. Public security bodies must strengthen supervision and management over tier assessment bodies in their localities, establish structures for the background inspection of assessment personnel and the examination and verification of personnel, and ensure that the tier assessment process is objective, fair and secure.
(3) Scientifically conducting security construction and improvements. Network operators shall, in the process of network construction and operation, simultaneously plan, simultaneously build and simultaneously use relevant cybersecurity protection measures. They shall, on the basis of the “Cybersecurity Multi-Level Protection Basic Requirements”, the “Cybersecurity Multi-Level Protection Security Design Technology Requirements” and other such national standards, and on the basis of existing security protection measures, completely comb through and analyse security protection requirements, and in integration with the problems and vulnerabilities discovered during the process of tier assessment, according to the requirements of “once centre” (security management centre), “three protects” (secure telecommunications networks, secure regional boundaries, secure computing environments”, earnestly conduct network security construction, improvement and consolidation, and comprehensively implement security protection technology measures. Network operators may move networks into the cloud, or outsource security services, fully using the capabilities and levels of cloud service companies and cybersecurity service companies to enhance cybersecurity protection. They shall comprehensively strengthen cybersecurity management, establish and perfect personnel management, education and training, system security construction and operational maintenance and other such management structures, strengthen management of computer rooms, facilities and medium security, strengthen the protection of important data and personal information, formulate operational norms and workflows, strengthen daily supervision and verification, and ensure the effective implementation of all management measures.
(4) Strengthening the implementation of security responsibility. Sectoral competent departments and network operators shall, on the basis of the requirements of the “Cybersecurity Law” and other such laws and regulations as well as relevant policies, and according to the principle of “who manages is responsible, who operates is responsible”, draw clear cybersecurity protection borders, clarify security protection work responsibilities, establish cybersecurity multi-level protection work responsibility systems, implement responsibility investigation structures, and ensure that “everyone has the responsibility to protect their land, and everyone does their utmost to protect their land”. Network operators must regularly organize dedicates forces to conduct cybersecurity inspections monitoring and assessment, sectoral competent departments must organize risk assessments, timely discover cybersecurity vulnerabilities and weak segments, and correct them, and incessantly raise cybersecurity protection capabilities and levels.
(5) Strengthening supply chain security management. Network operators shall strengthen the security management of critical network personnel, third-tier and higher network operators shall strengthen management over the bodies and personnel providing them with design, construction, operational maintenance and technical services, assess security risks that may exist in the process of services, and adopt corresponding management and control measures. Network operators shall strengthen network operations and maintenance management, where it is truly necessary to conduct Internet remote operational maintenance because of business needs, they shall provide an explanation of their assessment, and adopt corresponding management and control measures. Network operators shall purchase and use network products and services compliant with the requirements of State laws and regulations as well as relevant standards and norms, third-tier and higher network operators shall vigorously use secure and trustworthy network products and services.
(6) Implementing encryption security protection requirements. Network operators shall implement the provisions of the “Encryption Law” and other such laws and regulations as well as encryption us-related standards and norms. Third-tier and higher networks shall correctly and effectively adopt encryption technology for protection, and use encryption products and services compliant with related requirements. Third-tier and higher network operators shall, in the network planning, construction and operations stages, simultaneously conduct encryption use security assessment wat the same time as conducting cybersecurity tier assessment according to encryption use security assessment management rules and related standards.
III, Building and implementing the critical information infrastructure security protection system
Public security bodies guide and supervise critical information infrastructure security protection work. All work units and all departments shall strengthen the construction of legal systems, policy systems standards systems, protection systems, defence systems and safeguard systems for critical information infrastructure security, establish and implement critical information infrastructure security protection systems, and on the basis of implementing the cybersecurity multi-level protection system, give prominence to its protection focus, strengthen protection measures, and realistically ensure the security of critical information infrastructure.
(1) Organising the identification of critical information infrastructure. On the basis of relevant provisions of the Party Centre and the Ministry of Public Security, the competent and supervision and management departments (hereafter jointly named protection work departments) of important sectors and domains such as public telecommunications and information services, energy, transportation, waterworks, finance, public services, e-government, national defence science and technology and industry, etc., shall formulate critical information infrastructure identification norms for their sectors or domains and report them to the Ministry of Public Security for filing. Protection work departments are, on the basis of the identification norms, responsible for organizing the identification of critical information infrastructure in their sectors and domains, and to timely report the identification results to the related critical information infrastructure operators and to the Ministry of Public Security. They shall include focus protection counterparts such as basic networks meeting determination conditions, large-scale special networks, core business systems, cloud platforms, big data platforms, the Internet of Things, industrial control systems, smart manufacturing systems, the New Internet, novel telecommunications, etc., in critical information infrastructure. Critical information infrastructure lists will be subject to dynamic adjustment mechanisms, where relatively major changes occur in relevant network infrastructures and information systems, operators shall timely report the relevant circumstances to the protection work department, the protection work department shall organize re-identification, notify the operator about the identification result, and report the matter to the Ministry of Public Security.
(2) Clarifying the division of labour in critical information infrastructure security protection work functions. The Ministry of Public Security is responsible for the top-level design, planning and arrangement of critical information infrastructure security protection work, and completes and perfects the critical information infrastructure security protection structures and systems together with relevant departments. Protection work departments are responsible for organizational leadership over critical information infrastructure security protection work in their sectors and their areas, as well as formulating and implementing general plans and security protection tactics for critical information infrastructure security in their sectors and their areas, and implementing critical information infrastructure security guidance and supervision responsibilities within their own sectors and areas. Critical information infrastructure operators are responsible for the establishment of a specialized security management body, organizing and conducting critical information infrastructure security and protection work, whose main responsible person bears overall responsibility for the work unit’s critical information infrastructure security protection.
(3) Implementing focus protection measures for critical information infrastructure. Critical information infrastructure operators shall, on the basis of the cybersecurity multi-level protection standards, conduct security construction and conduct tiered monitoring, and must timely correct problems, risks and vulnerabilities they find; on the basis of critical information infrastructure security protection standards, strengthen security protection measures and conduct security monitoring and assessment. We must comb through network assets, establish asset files, strengthen the management of personnel in core positions, integrate protection with monitoring and early warning, emergency response and handling, data protection and other such focus protection measures, reasonably differentiate fields and areas, reduce the Internet’s disclosure surface, strengthen cyberattack threat control, strengthen defence-in-depth, vigorously use technologies to conduct cybersecurity protection, build a cybersecurity protection system with encryption technology, trusted computing, artificial intelligence, big data analysis etc. at the core, incessantly enhance the inherent security of critical information infrastructure, and capabilities for active immunity and active defence. Operators meeting conditions shall establish their own security services body, undertaking critical information infrastructure security protection tasks, they may also raise cybersecurity specialized and intensified protection capabilities through migrating to the cloud or purchasing security services and other such measures.
(4) Strengthening the protection of important data and personal information. Operators shall establish and implement a protection structure for important data and personal information security, conduct disaster-proof backups of important networks and important databases in critical information infrastructure, adopt critical technological measures such as identity differentiation, access control, encrypted protection, security audits, security isolation, trusted verification, etc. to substantially protect the security of important data in its entire lifecycle. Operators shall store personal information and important data collected and produced during their domestic operations inside the territory, where they need to provide it abroad because of business requirements, they shall abide by relevant regulations and conduct a security assessment.
(5) Strengthening the security management of personnel in core positions as well as products and services. We must conduct a background security inspection of responsible persons in specialized security management bodies and personnel in critical positions, and strengthen management. We must implement security management over critical information infrastructure design, construction, operations, maintenance and other such services, purchase secure and trustworthy network products and services, and ensure supply chain security. Where the purchase of products and services may influence national security, a security review shall be undergone according to relevant state regulations. Public security bodies strengthen security management over critical information infrastructure security service bodies, and provide support for operators conducting security protection work.
IV, Strengthening cooperation and coordination in cybersecurity protection work
Sectoral competent departments and network operators must closely cooperate with public security bodies, forcefully conduct security monitoring, reporting, early warning, emergency response, threat intelligence and other such work, implement regularized measures, enhance their capabilities to respond to and deal with sudden cybersecurity incidents and major risk prevention and control.
(1) Strengthening the construction of a three-dimensional cybersecurity monitoring system. All work units and all departments must comprehensively strengthen cybersecurity monitoring, conduct real-time monitoring of critical information infrastructure, important networks, etc., and when they discover cyberattacks and security threats, immediately report them to public security bodies and relevant departments, and adopt effective measures to deal with them. They must strengthen the research and applications of new network technologies, research and draw up cyberspace topography information maps (network maps), and ensure map-based battle. Sectoral competent departments and network operators must construct cybersecurity protection operations platforms for their sector and their work unit, build smart platform brains, , and rely on the platform and big data to conduct real-time monitoring, reporting, early warning, emergency response, security protection, command and control and other such work, and link up with public security bodies’ relevant security protection platform, creating a comprehensive defence and control structure integrating hierarchical and local links, connecting vertical and horizontal links, in a coordinated and jointly acting manner. Focus sectors, network operators and public security bodies must establish cybersecurity supervision and control command centres, implement a 24-7 duty staffing system, and create regularized and actualized cybersecurity work mechanisms.
(2) Strengthening cybersecurity information sharing reporting and early warning. Sectoral competent departments and network operators must, with the support of the national cyber and information security information notification mechanism, strengthen the construction of cyber and information security notification and early warning capabilities, timely collect, pool and analyse all sides’ cybersecurity information, strengthen threat intelligence work, organize the conduct of cybersecurity threat analysis and state research and argumentation, and timely notify early warnings and responses. Third-level and higher network operators and critical information infrastructure operators must conduct cybersecurity monitoring, early warning and information notification work, timely receive and deal with cybersecurity early warning notifications and information coming from the national level, sectoral level and local level, and notify cybersecurity monitoring and early warning information as well as cybersecurity incidents to sectoral competent departments, filing public security bodies. Public security bodies must strengthen the construction of cyber and information security information circulation and early warning mechanisms and forces, and incessantly raise cybersecurity notification and early warning capabilities.
(3) Strengthen the construction of cybersecurity emergency response mechanisms. Sectoral competent departments and network operators must, according to relevant State requirements, formulate cybersecurity emergency response plans, strengthen cybersecurity emergency response force construction and emergency response resource stockage, closely cooperate with public security bodies to establish a cybersecurity incident reporting structure and emergency response mechanisms. Critical information infrastructure operators and third-tier and higher network operators shall regularly conduct emergency response drills, effectively respond to cybersecurity incidents, and timely correct and consolidate prominent problems, leaks and vulnerabilities discovered during emergency response drills, and perfect protection measures. Sectoral competent departments and network operators shall coordinate with public security bodies’ annual organization and conduct of cybersecurity supervision and inspections, tournaments, exercises and other such work, and incessantly enhance security protection capabilities and resistance capabilities.
(4) Strengthening cybersecurity incident handling and case investigation When major cybersecurity threats and incidents occur in critical information infrastructure or third-tier and higher networks, sectoral competent departments, network operators and public security bodies shall jointly launch a response. Telecommunications operators and network service providers shall provide technical support and assistance. Network operators shall cooperate with public security bodies in attacking unlawful and criminal online activities; when indications of unlawful or criminal acts, major cybersecurity threats and incidents are discovered, they shall timely report the matter to public security bodies and relevant departments, and provide the necessary assistance.
(5) Strengthening cybersecurity problem and threat correction supervision and management. Public security bodies establish and appoint a supervision and management structure, to be appointed to supervise and manage, or schedule talks with relevant responsible persons where network operators persistently procrastinate and do not correct weak cybersecurity work or major security problems and vulnerabilities, or where relatively large cybersecurity risks exist, major cybersecurity incidents, occur, etc., according to regulatory powers and procedures, together with sectoral competent departments, and to strengthen supervision, inspection and administrative law enforcement, as well as conduct administrative punishment according to laws and regulations. Network operators shall, according to relevant requirements, adopt measures to timely conduct corrections, and eliminate major risks and vulnerabilities. Where major cybersecurity incidents occur, sectoral competent departments shall organize the entire sector to conduct correction and reorganization.
V, Strengthening all guarantees in cybersecurity work
(1) Strengthening organizational leadership. All work units and all departments must give high regard to multi-level cybersecurity protection and critical information infrastructure security protection work, enter it onto the important matters agenda, strengthen comprehensive leadership, planning and design, earnestly research and resolve major problems such as the establishment of cybersecurity bodies, personnel allocation, financial input, security protection measure construction, etc. Sectoral competent departments and network operators must clarify that the main responsible persons in those work units are the first responsible persons for cybersecurity, and determine a leading cadre management to be separately responsible for cybersecurity work, establish dedicated cybersecurity bodies, clarify tasks and divisions of labour, grasping matters level by level, and implementing matters level by level.
(2) Strengthening financial policy guarantees. All work units and all departments must, through existing funding channels, ensure funding input for critical information infrastructure, third-tier and higher networks, etc., to conduct tiered monitoring, risk assessment, encryption use security monitoring, drills and competitions, security construction and reorganization, security protection platform construction, encryption protection system construction, operational maintenance, supervision and inspection, education and training, etc. Critical information infrastructure operators shall ensure sufficient amounts of cybersecurity input, and when making cybersecurity and informatization-related policy decisions, shall have members from the cybersecurity management body participate. Relevant departments must support focus cybersecurity technology industries and projects, support cybersecurity technology research, development, innovation and application, and promote the healthy development of the cybersecurity industry. Public security bodies must, together with relevant departments, organize and implement “Belt-Road” cybersecurity strategies, and support cybersecurity enterprises “marching out”, and share China’s cybersecurity protection experience with relevant countries.
(3) Strengthening testing and evaluation All work units and all departments must further complete and perfect cybersecurity testing and evaluation structures, clarify testing standards, and organize the conduct of testing. Public security bodies will enter cybersecurity work into the comprehensive social management and governance testing and evaluation system, annually organize testing and evaluation to be conducted for all localities’ cybersecurity work, annually chose advance work unit in cybersecurity multi-level protection and critical information infrastructure security protection work, and report the results to Party Committees and governments, and notify cybersecurity and informatization departments.
(4) Strengthening technical breakthroughs. All work units and all departments must fully muster social forces from cybersecurity enterprises, scientific research bodies, experts, etc., to vigorously participate in making core breakthroughs in cybersecurity technology, strengthen cybersecurity coordination and cooperation, interaction and mutual support, joint governance and sharing, and collective defence and collective governance. Public security bodies must, together with relevant departments, strengthen cybersecurity multi-level protection and critical information infrastructure security protection standards formulation work, publish standards and application guidelines, strengthen the dissemination, application and implementation of standards build pilot demonstration bases, and enhance the healthy development of our country’s cybersecurity industries and enterprises.
(5) Strengthening talent training. All work units and all departments must strengthen cybersecurity multi-level protection and critical information infrastructure security protection professional exchanges, and discover and select high-grade, precise and advanced talents through organizing and conducting tournaments, competitions and other such forms, build talent databases, establish and complete talent discovery training, selection and use mechanisms, and provide talent guarantees to do cybersecurity work well.
Following the connection and convergence of information technology and human production and lives, global data have gained the characteristics of explosive growth and massive collection, the big data industry is in a period of brisk development, technological progress and application innovation have accelerated their advance in lockstep, data resources have become national fundamental strategic resources and innovation factors for social production. At present, our country’s telecommunications and Internet sectors are developing rapidly, collecting large amounts of online data, and at the same time as liberating the development potential of the data economy and stimulating the accelerated growth of the data economy, we face severe security risks. This requires that we deeply understand the importance and urgency of online data security, persist in equally stressing security and development, vigorously responding to complex and severe security risks and challenges, and accelerate the construction of a security protection system for online data.
“In safe development, standards go first”, standardization work is an important basis in guaranteeing online data security. In order to implement the requirements of laws and regulations such as the “Cybersecurity Law of the People’s Republic of China”, the “National People’s Congress Standing Committee Decision concerning Strengthening Online Information Protection”, the “Telecommunications and Internet User Personal Information Protection Regulations”, etc., guide online data security standardization work in the telecommunications and Internet sectors, the Ministry of Industry and Information Technology has organized the drafting of the “Guidelines for the Construction of the Online Data Security Standards System” (hereafter simply named “Construction Guidelines”. The “Construction Guidelines” give full rein to the top-level design and fundamental guidance roles of standards, and provides a powerful support for guaranteeing online data security in the telecommunications and Internet sectors, stimulating the rational and orderly flow of online data, and assist the high-quality development of the digital economy. Read the rest of this entry »
MIIT Communications No. (2020)49
All provincial, autonomous regions, municipal, plan-listed city and Xinjiang Production-Construction Corps controlling departments for industry and information technology, and wireless communications management bodies, all provincial, autonomous region and municipal telecommunications management bureaus, China Telecom Group Co. Ltd., China Mobile Telecommunications Group Co. Ltd., China Unicom Telecommunications Group Co. Ltd., China Tower Co. Ltd., China Broadcast Network Co. Ltd.:
In order to deeply implement the spirit of General Secretary Xi Jinping’s important speech concerning promoting the accelerated development of 5G networks, forcefully advance 5G network construction, usage, popularization, technology development and security protection, give full rein to the effects of scale and driving role of new 5G infrastructure, and support high-quality economic development, hereby, related matters are notified as follows:
Determination Rules on Acts of Collecting and Using Personal Information in Violation of Rules and Regulations in Apps
Notice concerning Issuance of the “Determination Rules on Acts of Collecting and Using Personal Information in Violation of Rules and Regulations in Apps”
All provincial, autonomous region, municipal and the Xinjiang Production-Construction Corps cybersecurity and informatization offices, telecommunications management bureaus, public security offices (bureaus), market supervision and management bureaus (offices, committees):
On the basis of the “Announcement concerning a Special Campaign on Collection and Use of Personal Information in Violation of Rules and Regulations in Apps”, in order to provide reference for the determination of acts of collecting and using personal information in violations of rules and regulations in apps, implement laws and regulations such as the “Cybersecurity Law”, etc., the Cyberspace Administration of China, Ministry of Industry and Information Technology, Ministry of Public Security, and State Administration of Market Regulation have jointly formulated the “Determination Rules on Acts of Collecting and Using Personal Information in Violation of Rules and Regulations in Apps”. These are hereby issued to you, please refer to and implement them in integration with supervision, management and law enforcement work realities.
Cyberspace Administration of China Secretariat
Ministry of Industry and Information Technology General Office
Ministry of Public Security General Office
State Administration for Market Regulation General Office
28 November 2019
Determination Rules on Acts of Collecting and Using Personal Information in Violation of Rules and Regulations in Apps
On the basis of the “Announcement concerning a Special Campaign on Collection and Use of Personal Information in Violation of Rules and Regulations in Apps”, in order to provide reference for the determination of acts of collecting and using personal information in violations of rules and regulations in apps, provide guidance for app operators’ self-inspection and self-rectification as well as netizens’ social supervision, and implement laws and regulations such as the “Cybersecurity Law”, these Rules are formulated.
I, The following acts may be determined as “not publishing collection and use norms”
2. When using the app for the first time, users are not prompted to read privacy policies and other such norms on collection and use through a pop-up window and other such clear methods
II, The following acts may be determined as “not indicating the objective, method and scope of collecting and using personal information”
1. Not listing the objective, method and scope of personal information collection and use in the app (including entrusted third parties or embedded third-party code and plug-ins) one by one;
3. When requesting to activate authorization of collectable personal information, or requesting to collect users’ identity card number, bank account number, geographical tracking and other such sensitive personal information, not simultaneously notifying the user about its objective, or having an unclear or difficult to understand objective.
4. Content related to collection and use norms is obscure and difficult to understand, verbose and overly detailed, which is difficult for users to understand, for instance using large amounts of specialist jargon, etc.
III, The following acts may be determined as “collecting and using personal information without users’ consent”
1. Beginning to collect personal information or activating authorizations for collectable information before obtaining users’ consent;
2. After users clearly indicate they do not consent, still collecting personal information or activating up collectable personal information authorizations, or frequently obtaining users’ consent, interfering with users’ regular use;
3. Actually collecting personal information or activating collectable personal information authorizations in excess of the scope of user authorization;
4. Obtaining users’ consent by way of implicit agreement to privacy policies and other non-explicit methods;
5. Altering the status of collectable personal information authorizations they have set up without users’ consent, for instance automatically restoring user-set up authorization to implicit approval status when updating an app;
6. Using users’ personal information and algorithms to direct push delivery information, without providing an option for non-targeted push delivery information;
7. Misleading users through fraudulent, swindling and other such improper methods into consenting to personal information collection or the activation of collectable personal information authorizations, for instance wilfully hoodwinking or covering up the true objective for the collection of users’ personal information;
8. Not providing users with a way and method to revoke consent for personal information collection;
9. Collecting users’ personal information in violation of the announced collection and use norms.
IV, The following acts may be determined as “collecting personal information in violation of the principle of necessity, that is not related to the provided service”
1. Collected categories of personal information or activated collectable personal information authorizations are not related to the existing business functions;
2. Refusing to provide business functions because users do not consent to the collection of unnecessary personal information or the activation of unnecessary authorizations;
3. Requesting the collection of personal information in excess of the scope the user originally consented to when adding new business functions to the app, refusing to provide the original business functions if the user does not agree, except where the newly added business function supersedes the original business function;
4. The frequency of personal information collection exceeds the actual needs of business functions;
5. Obliging he user to consent to personal information collection for only the purpose of improving of service quality, enhancing user experience, targeting push delivery information, researching and developing new products, etc.,
6. Requiring users to consent once to activating multiple collectable personal information authorizations, where use is impossible if users do not consent.
V, The following acts may be determined as “providing personal information to others without consent”
1. Providing personal information directly from the app customer end to third parties both without user content, and without anonymized processing, including providing personal information to third parties through methods such as embedding third-party code or plug-in components at the customer end, etc.;
2. Providing collected personal information to third parties after data is transmitted to the app’s back-end servers both without user content, and without anonymized processing;
3. Even if functions are provided to correct and delete personal information and cancel user accounts, not timely responding to user’s corresponding operations, requiring manual processing, not completing examination and processing within the committed time limits (the committed time limit may not exceed 15 working days, where there is not committed time limit, 15 working days are taken as limit);
4. Where the executing of correction or deletion of personal information, the cancellation of user accounts and other such user operations has been completed, but it is not completed at the app back-end;
5. Not establishing and publishing personal information security complaints and reporting channels, or not accepting and processing matters within the committed time limits (the committed time limit may not exceed 15 working days, where there is not committed time limit, 15 working days are taken as limit).
This suggestion draft is one of the outcomes of the National Social Science Fund Major Project “Important Legislative Questions for Internet Security” (14ZDC021) at Renmin University of China Law School, of which Professor Zhang Xinbao is lead expert, its objective is to provide reference for legislation, its authors are Zhang Xinbao and Ge Xin. On deficiencies in the suggestion draft, the submission of valuable opinions and suggestions is welcomed, to be sent to email@example.com. After further revision and perfection, the suggestion draft and statement of grounds for legislation will be published in the near future by Renmin University of China Press, further attention is respectfully invited. Read the rest of this entry »
Management Rules for Credit Information of Gravely Untrustworthy Subjects in Internet Information Services (Opinion-seeking Draft)
Article 1: In order to stimulate the construction of credit in the Internet information services area, ensure the lawful rights and interests of citizens, legal persons and other organizations, on the basis of the “Cybersecurity Law of the People’s Republic of China”, the “Planning Outline for the Construction of a Social Credit System”, the “State Council Guiding Opinions concerning Establishment and Perfection of Joint Incentive Structures for the Trustworthy and Joint Punishment Structures for the Untrustworthy, and Accelerating the Advance of Social Credit Construction”, the “State Council General Office Guiding Opinions concerning Accelerating the Advance of Social Credit System Construction and Building Novel Management Mechanisms Based on Credit” and the “State Council Notice concerning Authorizing the Cyberspace Administration of China to Take Responsibility for Internet Information Content Management Work”, these Rules are formulated. Read the rest of this entry »
State Council General Office Guiding Opinions concerning Accelerating the Advance of Social Credit System Construction and Building Credit-Based Novel Supervision and Management Mechanisms
GBF No. (2019)35
All provincial, autonomous region and municipal People’s Governments, all State Council Ministries and Commissions, all directly subordinate bodies:
In order to strengthen the construction of the social credit system, deeply advance the “release, management and service” reform, further give rein to the fundamental role of credit in innovating supervision and management mechanisms, raising supervision and management capacities and levels, even better incite the vigour of market subjects, and promote high-quality development, with the agreement of the State Council, the following Opinions are hereby put forward.
I, General requirements.
With Xi Jinping Thought on Socialism with Chinese characteristics for a new era as guidance, deeply implement the spirit of the 19th Party Committee and its 2nd and 3rd Plenums, according to the basic principles of acting according to laws and regulations, reform and innovation, coordinated and joint governance, with strengthening credit supervision and management as rallying points, innovate supervision and management concepts, supervision and management structures, and supervision and management methods, establish and complete novel supervision and management methods running throughout the whole lifecycle of market subjects, connecting supervision and management links ex ante, ad interim and ex post, incessantly enhance supervision and management capabilities and levels, further standardize market order, optimize the commercial environment, and promote high-quality development.
II, Innovating credit supervision and management in the ex-ante link
(1) Establishing and completing credit commitment structures. When handling administrative licencing affairs using credit commitment structures, where applicants’ commitments conform to approval conditions and they have submitted the relevant materials, this shall be handled immediately. Where applicants’ credit situation is relatively good, and a part of the application materials is incomplete but they commit in writing to provide this within the provided time period, they shall be accepted with priority, and the handling process is to be accelerated. The circumstances of honouring written commitments will be entered into credit records, to act as an important basis for ad interim and ex post supervision and management, applicants not honouring them will be subject to punishment in view of the circumstances. We must accelerate combing through administrative licensing items amenable to the introduction of credit commitments, formulate credit commitment letters with standardized templates, and rely on all levels’ credit portal websites to publish them. Market subjects are encouraged to actively issue credit commitments to society. Sectoral associations and chambers of commerce are supported in the establishment and completion of intra-sector credit commitment structures, strengthening sectoral self-discipline. (All localities and all departments are respectively responsible according to their duties)
(2) Exploring the introduction of business people’s pre-access sincerity education. Fully utilized all levels’ and all categories’ government service windows, to broadly launch education on legal compliance and sincerity among market subjects. When handling work related to registration, examination and approval, filing, etc. for market subjects, timely introduce standardized, regularized and convenient legal knowledge and credit knowledge education, raising business people’s consciousness on doing business according to the law and sincerely. The launch of credit education must not be fee-paying, and must also not be a necessary condition for market access. (All localities and all departments are respectively responsible according to their duties)
(3) Vigorously expand credit reporting applications. All kinds of market subjects are encouraged to more broadly and actively use credit reports in their production and commercial activities. In processes such as government procurement, tendering and bidding, administrative examination and approval, market access, credential verification, etc., fully give rein to the role of credit reports issues by public credit service bodies and third-party credit service bodies. Explore the establishment of nationwide uniform credit report standards, promote cross-regional mutual recognition of credit report results. (NDRC, PBoC take the lead, all localities and all departments are respectively responsible according to their duties)
III, Strengthening credit supervision and management in the ad interim segment
(4) Comprehensively establish market subject credit records. Establish credit information collection catalogues on the basis of lists of powers and responsibilities, timely, accurately and comprehensively record market subjects’ credit activities in the process of handing registration, qualification verification, daily supervision and management, public service, etc., especially file and record untrustworthiness records, ensure that these can be consulted, verified and traced. ((All localities and all departments are respectively responsible according to their duties). Perfect uniform social credit code structures for legal persons and non-legal person organizations, use the uniform social credit code as a marker to integrate and shape integrated market subject credit records, and publish these according to laws and regulations through channels such as the “Credit China” website, he national enterprise credit information publication system or the China governmental web, as well as other related portal websites. Complete the 12315 market supervision and management complaint reporting hotline and informatized platform integration work, forcefully launch consumer complaints publication, stimulate businesspeople to implement their leading responsibility for consumer rights defence. (NDRC takes the lead, all departments are respectively responsible according to their duties).
(5) Establishing and completing voluntary credit information registration mechanisms. Encourage market subjects to voluntarily register credit information on qualifications and licences, market operations, contract fulfilment, social welfare, etc. on the “Credit China” website or other channels, to make public credit commitments concerning the veracity of the information, authorize the website to integrate, share and apply corresponding information. Verified voluntarily registered information may be an important basis to conduct credit evaluation and generate credit reports. (NDRC takes the lead, all departments are respectively responsible according to their duties.
(6) Deeply conducting comprehensive credit evaluation. The nationwide credit information sharing platforms must strengthen coordination and cooperation with relevant departments, integrate all kinds of credit information according to laws and regulations, conduct full-coverage, standardized, and public interest-type comprehensive public credit evaluation of market subjects, regularly report evaluation results to corresponding government department, financial bodies, sectoral associations and chambers of commerce for reference and use, and publish them to society according to relevant regulations. Promote relevant departments’ use of comprehensive public credit evaluation results, integrate departmental and sectoral management data, establish sectoral credit evaluation models, and provide ever more accurate bases for credit supervision and management. (NDRC takes the lead, all departments are respectively responsible according to their duties)
(7) Forcefully advancing tiered and categorized credit supervision and management. Divide supervision and management across tiers and categories on the basis of fully grasping credit information, and comprehensively deliberating the situation of credit, and on the basis of comprehensive public credit evaluation results and sectoral credit evaluation results, etc., and adopt differentiated supervision and management measures based on the height of the credit tier. “Double random and one public” supervision and management must be integrated with credit tiers, the proportion and frequency of spot checks may be reasonably lowered for market subjects with relatively good credit and relatively low risk, reducing influence to their regular production and operations; for market subjects with ordinary credit risks, spot checks are conducted with conventional proportions and frequencies; for law-breaking, untrustworthy, and relatively high-risk market subjects the proportion and frequency of spot checks will be appropriately increased, implementing strict management and punishment according to laws and regulations. (All localities and all departments are respectively responsible according to their duties)
IV, Perfecting credit supervision and management in the ex-post segment
(8) Completing determination mechanisms for the counterparts for joint punishment for trust-breaking. Relevant departments will establish and complete name list systems for the counterparts of joint punishment for trustworthiness according to laws and regulations, on the basis of untrustworthiness records obtained and determined during the ex ante and interim supervision and management segments. Market subjects with unlawful and untrustworthy acts of a malicious nature, with grave circumstances and relatively large social harm will be listed on the name list for joint punishment counterparts for untrustworthy acts according to procedure and on the basis of corresponding judicial verdicts, administrative punishments, administrative coercive measures, etc. Accelerate the perfection of relevant management rules, clarify determination bases, standards, procedures, dissent appeals and withdrawal mechanisms. For the formulation of management rules, the opinions from the social public must be fully solicited, and published standards and their concrete determination procedures will be made published to society in an appropriate manner. Relevant departments will be supported to establish name list systems for focus attention targets on the basis of requirement, for market subjects where untrustworthy acts exist but the degree of gravity has not reached the determination standard for joint punishment of untrustworthiness, it is permitted to implement strict supervision measures corresponding to the degree of their untrustworthiness. (All departments are respectively responsible according to their duties)
(9) Supervising rectification of untrustworthy market subjects within a limited time. Untrustworthy market subjects shall earnestly rectify matters within the provided time limits; where the rectification is insufficient, the determining department will initiate procedures for prompting talks or warning talks according to laws and regulations, according to the principle of “who determines, has the talk”, and supervise untrustworthy market subjects’ fulfilment of related duties and deletion of the harmful influence. Talk records are included into the credit record of the untrustworthy market subject, and are entered into the national credit information sharing platform after uniform collection. Forcefully advance special campaigns on untrustworthiness issues in focus areas, and adopt powerful and effective measures to accelerate the progress of rectification. (All departments are respectively responsible according to their duties)
(10) Deeply conducting joint punishment for untrustworthiness. Accelerate the construction of cross-regional, cross-sectoral, and cross-area joint punishment mechanisms for untrustworthiness, and resolve the problem that untrustworthy acts emerge repeatedly, or emerge in other areas at the roots. Establish joint punishment measure lists according to laws and regulations, dynamically renew them and publish them to society, and create a large structure for joint punishment for untrustworthiness with multi-barrelled roles for administrative, market and sectoral punishment measures, and broad participation from social forces. Focus on implementing punishment measures for untrustworthiness with great punitive strength and good supervision and management effects, including constraining targets of joint punishment for untrustworthiness according to laws and regulations from issuing shares, tendering and bidding, applying for funding projects from the finance administration, enjoying fiscal preferences and other such administrative punishment measures, restrict them from obtaining credit lines, traveling on aircraft, traveling on high-grade trains and seats and other such market punishment measures, as well as reporting for criticism, public denunciation and other such administrative punishment measures. (NDRC takes the lead, all localities and all departments are respectively responsible according to their responsibilities)
(11) Determinedly implementing market and sector ban mechanisms according to laws and regulations. Implement strict supervision and management, and strengthen punishment with the focus on food and drug products, ecology and the environment, engineering quality, safe production, care for the elderly and children, urban operational security and other such areas directly connected with the security of the popular masses’ lives and assets. Firmly implement market and sectoral ban measures within a certain time period according to laws and regulations, even up to permanent expulsion from markets, against market subjects and their relevant responsible persons who refuse to implement a judicial verdict or an administrative punishment decision, do not improve after repeated violations, resulting in major losses. (NDRC takes the lead, all localities and all departments are respectively responsible according to their duties)
(12) Lawfully investigate liability for law-breaking and untrustworthiness. Establish and complete liability investigation mechanisms, impose untrustworthiness punishment against the legal representative or main responsible persons and actual controlling persons of market subjects listed on the joint punishment target list for untrustworthiness according to laws and regulations, and enter corresponding untrustworthy act on their personal credit record. Where unlawful or untrustworthy conduct occurs in organize undertaking work units or State-owned enterprises, it must be reported to the higher-level competent work unit and auditing department; where unlawful or trust-breaking conduct occurs among work personnel, they must be reported to their work unit and the related discipline inspection, supervision, organization and personnel departments. (All localities and all departments are respectively responsible according to their duties)
(13) Exploring the establishment of credit recovery mechanisms. Where untrustworthy market subjects correct the untrustworthy act and eliminate harmful influence within the provided time limit, they may conduct credit recovery through methods such as issuing credit commitments, completing credit rectification, passing credit inspections, accepting specialized training, submitting credit reports, participating in public interest and charity activities, etc. After recovery is completed, all localities and all departments must timely cease the publication of their untrustworthiness reports according to procedure, and terminate the implementation of joint punishment measures. Accelerate the establishment and perfection of mechanisms for coordination and joint action, handling all affairs through one network, and provide high-efficiency and convenient credit recovery services to untrustworthy market subjects. Third-party credit service bodies meeting conditions are encouraged to provide credit reports, credit management consulting and other such services. (NDRC takes the lead, all localities and all departments are respectively responsible according to their duties)
V, Strengthening support and safeguards for credit supervision and management
(14) Striving to enhance credit supervision and management informatization construction levels. Give full rein to the information collection and sharing role of the nationwide credit information sharing platform and the national “Internet Plus Supervision and Management” system, ensure that government departments’ credit information “is fully collected where it shall be collected”, enhance the interconnection and interaction of local credit information platforms and sectoral credit information systems, create smooth government and enterprise data circulation mechanisms, create “one network” completely covering credit information of all localities, all departments and all kinds of market subjects. Rely on the national credit information sharing platform and the national “Internet Plus Supervision and Management” system to share basic market subject information, law enforcement supervision, management and punishment information, untrustworthiness joint punishment information etc. with related departmental operations systems according to requirement, add applications in the process of credit supervision and management and other such processes, support the creation of a credit supervision and management coordination mechanism with synchronized data, uniform measures and consistent standards. (NDRC and State Council General Office take the lead, all localities and all departments are respectively responsible according to their duties)
(15) Forcefully advancing credit supervision and management information openness and publication. On the basis of integrated publication of administrative licensing and administrative punishment information, entrust the “Credit China” website, the Chinese government network and other channels with further researching and promoting the open uploading of information on administrative obligations, administrative affirmations, administrative collection, administrative fees, administrative rulings, administrative compensation, administrative rewards, administrative supervision and inspection, and other such administrative acts within seven working days, promote the publication of information in judicial verdicts and law enforcement activities related to untrustworthy persons subject to enforcement and untrustworthy persons making false complaints of whom the information should be published, ensuring that “what shall be published, is fully published”. (All localities and all departments are respectively responsible according to their duties)
(16) Fully giving rein to the supporting role of “Internet Plus” and big data in credit supervision and management. Rely on the national “Internet Plus Supervision and Management” system and other such systems to effectively integrate public credit information, market credit information, complaints reporting information and related Internet and third-party information, fully use big data, artificial and other such new-generation information technologies to realize that credit supervision and management data can be compared, processes can be traced, and issues can be monitored. All localities and all departments are encouraged to, in integration with reality, cooperate with big data bodies according to laws and regulations to exploit credit information, grasp market subjects’ business situations and the characteristics of their laws in a timely and dynamic manner. Fully use the national “Internet Plus Supervision and Management” system and other such systems to establish early risk assessment and early warning mechanisms, to discover and prevent symptomatic, cross-sectoral and cross-regional risks early. Use big data to actively discover and distinguish clues for violations of laws and regulations, effectively prevent acts violating laws and regulations harming the public interests and the security of the masses’ lives and assets. It is encouraged to enhance law enforcement supervision and management efficiency through the Internet of Things, the Internet of Vision and other such non-contact supervision and management measures to enhance the efficiency of law enforcement, supervision and management, realize the standardization, accuratization and smartification of supervision and management, reduce human factors, realize fair supervision and management, stop problems such as wilful inspections, multi-headed supervision and inspection, etc., realize “entering the door once, inspecting multiple matters”, and reduce disturbance to supervision and management targets. (State Council General Office, NDRC, State Administration of Market Regulation take the lead, all departments are respectively responsible according to their duties.
(17) Realistically strengthening the protection of credit information security and market subjects’ rights and interests. Strictly investigate and prosecute acts where credit information is leaked or distorted in violation of regulations, or credit information is used in pursuit of private gain, etc. Strengthen the construction of basic credit information security infrastructure and security protection capabilities. Establish and complete credit information objection and complaint structures, information providing and collecting work units must as quickly as possible examine and verify information to which market subjects have raised an objection and feed back the results, information verified as containing errors must be timely corrected or deleted. Where market subjects’ lawful rights and interests were harmed after they were erroneously assigned to the untrustworthiness joint punishment target list, or untrustworthiness joint measures were erroneously adopted, relevant departments and work units must vigorously adopt measures to eliminate the harmful influence. (All localities and al departments are responsible on the basis of their duties)
(18) Vigorously guiding sectoral organizations and credit service bodies to coordinate supervision and management. Relevant department-authorized sectoral associations and chambers of commerce are supported to assist in the conduct of sectoral credit construction and credit supervision and management, sectoral associations and chambers of commerce are encouraged to establish member credit records, conduct credit commitments, credit training, sincerity propaganda, sincerity advocacy etc., make sincerity into an important component for sectoral rules and sectoral conventions, and guide their sectors in strengthening awareness about doing business lawfully and sincerely. Promote the development of information services for credit inquiry, credit grading, credit insurance, credit guarantees, contract fulfilment guarantees, credit management consulting and training, etc., and realistically let third-party credit service bodies play a specialized role in aspects such as credit information collection, processing, use, etc. Relevant departments are encouraged to launch cooperation’s with third-party credit service bodies in areas such as credit record integration, credit information sharing, credit big data analysis, credit risk early warning, examination and verification of cases of untrustworthiness, tracing and monitoring of untrustworthy activities, etc. (NDRC, Ministry of Civil Affairs, People’s Bank of China are respectively responsible according to their duties)
VI, Strengthening organization and implementation of credit supervision and management
(19) Strengthening organizational leadership. All localities and all departments must make building credit-based novel supervision and management mechanisms into an important measure in deeply advancing the “release, manage, serve” reform, put it in an ever more prominent position, strengthen organizational leadership, detail divisions of work and responsibilities, and promote implementation in a forceful, orderly and effective manner. Perfect supplementary structures to credit supervision and management, and strengthen links with other elements of “release, manage, serve” reform. Departments responsible for market supervision and management and sectoral supervision and management must realistically bear their dominant responsibility in sectoral credit construction and credit supervision and management, fully give rein to the roles of sectoral organizations and third-party credit service bodies, create beneficial conditions for public supervision, integrate and create joint forces for credit supervision and management with joint participation from all of society. (NDRCD takes the lead, all departments and all localities are respectively responsible according to their duties)
(20) Launching trials and demonstrations. Organize and launch credit construction and credit supervision and management trials and demonstrations revolving around credit commitments, credit recovery, untrustworthiness joint punishment, credit big data exploitation and use and other such focus work. On the basis of exploration and innovation in all localities and all departments, timely summarize, abstract and exchange good methods and good experiences in launching credit construction and credit supervision and management, and reproduce and broaden them on an ever greater scale (NDRC takes the lead, all localities and all departments are respectively responsible according to their duties)
(21) Accelerating the establishment of rules and structures. Promote the formulation of social credit system construction-related laws, accelerate the research and promulgation of public credit information management regulations, unified social credit code management rules and other such regulations. Establish and complete nationwide uniform credit supervision and management norms and standards, timely publish related local regulations, government rules and normative documents, and upgrade methods effective in credit supervision and management practice into structures and norms. Grasp the formulation of national standards urgently needed in credit supervision and management. (NDRC, Ministry of Justice take the lead, all localities and all departments are respectively responsible according to their duties)
(22) Conducting propaganda and explanation. All localities and all departments must, through all kinds of channels and methods, conduct policy propaganda and explanation work in a thorough and detailed manner for market subjects, to let businesspeople fully understand and vigorously cooperate with credit-based novel supervision and management measures. Strengthen guidance and training for grass-roots and first-line supervision and management personnel. Organize news media to report broadly, vigorously propagate credit supervision and management measures and their results, and create a benign social atmosphere. (NDRC takes the lead, all localities and all departments are respectively responsible according to their duties)
State Council General Office
9 July 2019
Ministry of Public Security of the People’s Republic of China Decree
The “Regulations on Internet Security Supervision and Inspection by Public Security Bodies” were passed at the Minister’s business meeting of the Ministry of Public Security on 5 September 2018, are hereby promulgated, and take effect on 1 November 2018.
Minister: Zhao Kezhi
15 September 2018
Regulations on Internet Security Supervision and Inspection by Public Security Bodies
Chapter I: General provisions
Article 1: These Regulations are formulated in order to standardize public security bodies’ Internet security supervision and inspection work, prevent online law-breaking and crime, safeguard cybersecurity, protect the lawful rights and interests of citizens, legal persons and other organizations, on the basis of the “People’s Police Law of the People’s Republic of China”, the “Cybersecurity Law of the People’s Republic of China” and other such laws and administrative regulations.
Article 2: These Regulations apply to public security bodies conducting security supervision and inspection of Internet service providers’ and network-using work units’ fulfilment of cybersecurity duties provided in laws and administrative regulations.
Article 3: Internet security supervision and inspection work is conducted by county-level or higher local People’s Government public security body cybersecurity protection departments.
Higher-level public security bodies shall implement guidance and supervision of lower levels’ public security bodies’ conduct of Internet security supervision and inspection work.
Article 4: Public security bodies conducting Internet security supervision and inspection shall abide by the policies of scientific management, ensuring and stimulating development, strictly abide by statutory powers and procedures, incessantly improve law enforcement methods, and comprehensively implement law enforcement responsibilities.
Article 5: Public security bodies and their work personnel shall strictly preserve the secrecy of personal information and privacy, commercial secrets and State secrets they learn in the process of fulfilling Internet security supervision and inspection duties and responsibilities, they may not leak this, sell it or illegally provide it to others.
Public security bodies and their work personnel can only use information they learn in the process of fulfilling Internet security supervision and inspection duties as required for maintaining cybersecurity, and may not use it for other purposes.
Article 6: Public security bodies shall timely notify relevant controlling departments and work units about cybersecurity risks they discover in the process of Internet security supervision and inspection work, which may harm national security, public security or social order.
Article 7: Public security bodies shall establish and implement rules for Internet security supervision and inspection work, and consciously accept supervision by inspection counterparts and the popular masses.
Chapter II: Supervision and inspection counterparts and content.
Article 8: Internet security supervision and inspection will be conducted by public security bodies of the locality of Internet service providers’ network service operations bodies and network using work units’ network management bodies. Where an Internet service provider is an individual, it may be implemented by the public security body of their regular place of residence.
Article 9: Public security bodies shall, on the basis of cybersecurity protection requirements and the concrete circumstances of cybersecurity risks and vulnerabilities, conduct supervision and inspection of the following Internet service providers and network-using work units.
(1) Those providing Internet access, Internet data centre, content distribution and domain name services;
(2) Those providing Internet information services;
(3) Those providing public network access services;
(4) Those providing other Internet services.
Focus supervision and inspection shall be conducted of those who have not conducted the services provided in the previous Paragraph for a full year, those where a cybersecurity incident, breach of law or crime occurred within two years, or those who have been subject to administrative punishment by a public security body for not fulfilling statutory cybersecurity duties.
Article 10: Public security bodies shall, on the basis of the actual circumstances of Internet service providers’ and network-using work units fulfilling their statutory cybersecurity duties, and according to relevant State regulations and standards, conduct supervision and inspection of the following content:
(1) Whether or not they have conducted network work unit filing formalities, and have reported the access work unit, basic user information and changes therein;
(2) Whether or not they have formulated and implemented cybersecurity management rules and operating rules, and appointed a person responsible for cybersecurity;
(3) Whether or not they have adopted technical measures to record and preserve user registration information and network use record information according to the law;
(4) Whether or not they have adopted technical measures to defend against computer viruses, cyberattacks, cyber intrusions, etc.;
(5) Whether or not they have adopted corresponding prevention measures against the publication or transmission of information prohibited in laws and administrative regulations according to the law in public information services;
(6) Whether or not they have provided technical support and assistance to public security bodies lawfully maintaining cybersecurity, preventing and investigating terror activities, or investigating crimes according to statutory provisions;
(7) Whether or not they have fulfilled cybersecurity multi-level protection duties as provided in laws and administrative regulations.
Article 11: Apart from the content listed in Article 10 of these Regulations, public security bodies shall also conduct supervision and inspection of the following content, on the basis of the category of provided Internet services:
(1) Where Internet access services are provided, supervising and inspecting whether they have recorded and preserved network address, allocation and use details;
(2) Where Internet data centre services are provided, supervising and inspecting whether they have recorded user information of the host entrustment, host rental and virtual space rental they provide;
(3) Where Internet domain name services are provided, supervising and inspecting whether they have recorded network domain name application and modification information, and whether or not they have adopted measures to deal with unlawful domain names according to the law.
(4) Where Internet information services are provided, supervising and inspecting whether they have adopted user-disseminated information management measures according to the law, whether or not they have adopted measures to deal with already published or transmitted information of which the dissemination or transmission is prohibited by laws and administrative regulations, and maintained related records;
(5) Where Internet content distribution services are provided, supervising and inspecting whether or not they have recorded circumstances concerning content distribution network and content source network links;
(6) Where Internet public access services are provided, supervising and inspecting whether or not they have adopted technical network and information security protection measures conform to national standards.
Article 12: During periods of national major cybersecurity defence tasks, public security bodies may conduct targeted security supervision and inspection of the following content of Internet service providers and network-using work units related to national major cybersecurity defence tasks:
(1) Whether or not they have formulated work plans required for major national cybersecurity defence tasks, clarified cybersecurity duties and work divisions, and appointed a management person for cybersecurity;
(2) Whether or not they have organized and conducted cybersecurity risk assessments, and adopted corresponding risk control measures to remedy cybersecurity leaks and vulnerabilities;
(3) Whether or not they have formulated cybersecurity emergency response plans, organized and conducted emergency response exercises, and whether or not emergency response-related equipment is complete and effective.
(4) Whether or not they have adopted other cybersecurity protection tasks required for major cybersecurity protection tasks according to the law;
(5) Whether or not they have reported cybersecurity protection measures and implementation circumstances to public security bodies according to requirement.
Internet security supervision and inspection with preventing terror attacks as its major objective will be implemented according to the content provided in the previous Paragraph.
Chapter III: Supervision and inspection procedures
Article 13: Public security bureaus conducting Internet security supervision and inspection may adopt on-site supervision and inspection or remote monitoring methods to do so.
Article 14: When public security bodies conduct on-site Internet security supervision and inspection, the number of People’s Police may not be less than 2, and they shall produce their People’s Police card and county-level or higher local People’s Government public security body-issued supervision and inspection notification letter.
Article 15: Public security bodies conducting on-site Internet security supervision and inspection may adopt the following measures on the basis of requirement:
(1) Entering business premises, computer rooms, work premises;
(2) Requiring the supervision and inspection counterpart’s responsible person or cybersecurity management personnel to explain supervision and inspection matters;
(3) Consulting and reproducing information related to Internet security supervision and inspection;
(4) Checking the operational state of technical network and information security protection measures.
Article 16: Public security bodies may conduct remote monitoring on whether or not cybersecurity leaks exist with Internet service providers and network-using work units.
Public security bodies conducting remote monitoring shall notify the supervision and inspection counterpart in advance about the inspection time, inspection cope and other such matters, or publish the related inspection matters, they may not interfere with or destroy the regular operations of the supervision and inspection counterpart’s networks.
Article 17: Public security bodies conducting on-site supervision and inspection or remote monitoring may entrust cybersecurity service bodies having corresponding technical capabilities with providing technical support.
Cybersecurity service bodies and their work personnel shall strictly preserve the secrecy of personal information and privacy, commercial secrets and State secrets they learn in the process of fulfilling Internet security supervision and inspection duties and responsibilities, they may not leak this, sell it or illegally provide it to others.
Public security bodies shall strictly supervise cybersecurity service bodies’ implementation of cybersecurity management and secrecy protection responsibilities.
Article 18: Public security bodies conducting on-site supervision and inspection shall draft supervision and inspection records, and have them signed by the People’s Police conducting supervision and inspection and the responsible person or cybersecurity management personnel from the supervision and inspection counterpart. Where the responsible person or cybersecurity management personnel from the supervision and inspection counterpart object to the supervision and inspection record, they shall be allowed to explain the matter; where they refuse to sign, People’s Police shall indicate this on the supervision and inspection record.
Public security bodies conducting remote monitoring shall draft supervision and inspection records, and have the supervision and inspection record signed by two or more People’s Police conducting the supervision and inspection.
Where cybersecurity service bodies are entrusted with providing technical support, the technical support personnel shall sign the supervision and inspection record together.
Article 19: Public security bodies discovering that cybersecurity risks or vulnerabilities exist in Internet service providers and network-using work unit in the process of Internet security supervision and inspection, shall urge and guide them to adopt measures to eliminate the risks or vulnerabilities, and indicate this in the supervision and inspection records; where they discover unlawful acts, but circumstances are light or no results have been created, they shall order them to correct the matter within a limited time.
Where the supervision and inspection counterpart believes they have completed correction before the end of the time limit, they may submit a re-inspection application in writing to the public security body.
Public security bodies shall, within three working days after the time limit ends or after receiving an earlier re-inspection application from the supervision and inspection counterpart, conduct a re-inspection of the corrected situation, and feed back the re-inspection results within three working days after the re-inspection concludes.
Article 12: All kinds of material collected in the process of inspection, or all kinds of produced documents and other materials, shall be stored in files according to regulations.
Chapter IV: Legal liability
Article 21: Where public security bodies discover Internet service providers or network-using work units committed the following unlawful acts in the process of Internet security supervision and inspection, they shall impose administrative punishment according to the law:
(1) Those not formulating or implementing cybersecurity management rules and operating rules, or not appointing a responsible person for cybersecurity, will be punished according to Article 59 Paragraph I of the “Cybersecurity Law of the People’s Republic of China”;
(2) Those not adopting technical measures to defend against computer viruses, cyberattacks, cyber intrusions and other such acts harming cybersecurity, will be punished according to the provisions of Article 59 Paragraph I of the “Cybersecurity Law of the People’s Republic of China”;
(3) Those not adopting measures to record and preserve user registration information and web access daily record information, will be punished according to the provisions of Article 59 Paragraph I of the “Cybersecurity Law of the People’s Republic of China”;
(4) Those not requiring users to provide real identity information according to requirements in the process of providing Internet information dissemination, instant communication and other such services, or who provide related services to users not providing real identity information, will be punished according to the provisions of Article 61 of the “Cybersecurity Law of the People’s Republic of China”;
(5) Those who do not adopt measures to cease transmission and delete information of which the dissemination and transmission is prohibited by laws and administrative regulations according to the law or according to public security bodies’ requirements, and preserve relevant records, will be punished according to the provisions of Article 68 or Article 69 Paragraph I of the “Cybersecurity Law of the People’s Republic of China”;
(6) Those refusing to provide technical support and assistance to public security bodies maintaining cybersecurity and investigating criminal activities according to the law, will be punished according to the provisions of Article 69 Paragraph III of the “Cybersecurity Law of the People’s Republic of China”.
Where the acts in the preceding items 4 to 6 violate the “Anti-Terrorism Law of the People’s Republic of China”, they will be punished according to the provisions of Article 84 or Article 86 Paragraph I of the “Anti-Terrorism Law of the People’s Republic of China”.
Article 22: Where public security bodies, in the process of Internet security supervision and inspection, discover Internet service providers and network-using work units steal or obtain personal information in an illegal manner, illegally sell or illegally provide it to others, but it does not constitute a crime, they will be punished according to the provisions of Article 64 Paragraph II of the “Cybersecurity Law of the People’s Republic of China”.
Article 23: Where public security bodies, in the process of Internet security supervision and inspection, discover Internet service providers and network-using work units have installed malicious programmes in the Internet services they provide, they will be punished according to the provisions of Article 60 Paragraph I of the “Cybersecurity Law of the People’s Republic of China”.
Article 24: Where Internet service providers and network-using work units refuse or impede public security bodies’ conduct of Internet security supervision and inspection, they will be punished according to the provisions of Article 69 Paragraph II of the “Cybersecurity Law of the People’s Republic of China”; where they refuse to cooperate with anti-terrorism work, they will be punished according to the provisions of Article 91 or Article 92 of the “Anti-Terrorism Law of the People’s Republic of China.
Article 25: Where cybersecurity service bodies and their work personnel entrusted with providing technical support engage in illegal intrusion into the supervision and inspection counterpart’s networks, interfere with the regular functioning of the supervision and inspection counterpart’s networks, or steal online data and other such activities harming cybersecurity, they will be punished according to the provisions of Article 63 of the “Cybersecurity Law of the People’s Republic of China”; where they steal personal information they have obtained in the process of their work or obtain it in an illegal manner, illegally sell or illegally provide it to others, they will be punished according to the provisions of Article 64 Paragraph II of the “Cybersecurity Law of the People’s Republic of China”, where it constitutes a crime, criminal liability will be prosecuted according to the law.
Where bodies and their work personnel as provided in the previous Paragraph infringe the commercial secrets of the supervision and inspection counterpart, constituting a crime, criminal liability will be prosecuted according to the law.
Article 26: Where public security bodies and their work personnel, in the process of Internet security supervision and inspection work, are derelict in their duties, abuse their powers, or engage in favouritism, the directly responsible person in charge and other directly responsible personnel will be punished according to the law; where it constitutes a crime, criminal liability will be prosecuted according to the law.
Article 27: Where Internet service providers and network-using work units violate these Regulations, constituting a violation of public security management, they will be subject to public order management punishment; where it constitutes a crime, criminal liability will be prosecuted according to the law.
Chapter V: Supplementary provisions
Article 28: Supervision and inspection of commercial Internet access service venues will be implementing according to the relevant provisions of the “Commercial Internet Access Service Venue Management Regulations”.
Article 29: These Regulations take effect on 1 November 2018.
Following the rapid development of the mobile Internet and big data, the scale and impact of the disclosure of personal information of our country’s netizens has become ever larger, gravely infringing netizens’ rights and interests, harming the public interest, and attracting a high degree of attention from competent government departments as well as the broad attention of all walks of society. In order to protect netizens’ personal information security, safeguard the rights and interests of netizens, guide Internet enterprises to collect, store and use personal information in a standardized manner, stimulate the implementation of related laws and regulations, promote the healthy and sustainable development of the Internet sector, the Internet Society of China proposes the following Proposal to the nationwide Internet circles:
I, Strictly abide by all laws and regulations formulated by national and sectoral competent departments, as well as the sectoral self-discipline conventions issued by the Internet Society of China, and cooperate with relevant government departments’ lawful actions to attack the online disclosure of personal information.
II, Strengthen sectoral self-discipline, shoulder corporate social responsibility, strengthen examination, verification and management of interactive platforms such as websites, forums, microblogs, instant messaging, e-commerce, etc., timely discover and clean up online disclosure of personal information, do not provide communication channels for information disclosure, and protect netizens’ lawful rights and interests.
III, Complete supervision and reporting mechanisms, vigorously respond to netizens’ complaints in the area of personal information protection, timely feed back handling outcomes to netizens, earnestly correct problems reflected by the public, increase online service quality, and create an online environment of security and sincerity.
IV, Strengthen professional training for employees, raise employees’ understanding of personal information protection, require employees to earnestly implement legal responsibilities, abide by legal provisions, and implement the requirements concerning personal information protection in laws and regulations.
V, Strengthen cybersecurity protection capabilities, and prevent that databases and user information is stolen. If cybersecurity incidents such as disclosure of user information are discovered, timely report them to public security bodies and relevant government departments, adopt effective measures to plug cybersecurity vulnerabilities, and protect data and information security.
VI, Strengthen propaganda, raise netizens’ capability to identify and judge phishing, fraud and other such online violations and harmful information, strengthen netizens’ understanding and usage levels of online smart terminals, strengthen personal information protection awareness, and prevent personal information disclosure.
Internet Society of China
14 September 2018.
Appendix: small measures to prevent personal information disclosure
1, Do not register at websites with unclear sources, cautiously use mobile phone number registration.
2, Do not scan QR codes from an unclear origin, do not install software from an unclear origin.
3, Information on replaced electronic products must be deleted thoroughly, to prevent law-breakers from recovering data.
4, Processing paper forms with personal information requires caution, and privacy information must be erased.
5, Avoid disclosing excessive personal information on social software, to prevent its use by lawbreakers.
6, Cautiously use free WiFi in public venues, to prevent disclosure of user names and passwords.
7, Do not click on links in text messages and mails, in order to avoid “phishing”.
8, The same account name and password group must not be used on different pieces of software, in order to avoid the creation of grave harm.
As you may have noticed, the direction of my research has shifted over the past few years, as I gradually moved away from issues pertaining to intellectual property, media and ideology towards digital technology and cybersecurity. Consequently, I feel that the moniker of “Copyright and Media” no longer adequately covers the substance of what I do. Moreover, I am in the fortunate position of having become part of a small group of energetic scholars and analysts interested in similar topics. The work that we are able to do together far outstrips what I can accomplish by myself in both quality and quantity. For these reasons, I have decided to suspend further updates to this website.
With the support of New America and the Leiden Asia Centre, the tech-related parts of this database will, over the coming months, be migrated to an all-new database as part of the DigiChina project. This database will have a number of additional features, including annotations to translations, a lexicon explaining particular terms and slogans, linkages between documents and an institutional overview of China’s tech governance architecture. This will make the database a much more powerful tool for China watchers.
It has been a pleasure to see this website become a well-used source both in academia and journalism: it has been cited by nearly 500 papers and numerous press articles. For this reason, and because a significant part of the database will not migrate to DigiChina, this website will be kept online and available. The China Media twitter account will be renamed to reflect my current research interests. I wish to thank you for the support that I have received from many of you over the years.
In the wake of the recent upgrade of the Central Leading Group for Cybersecurity and Informatization to a fully-fledged Commission, a national Work Conference on Cybersecurity and Informatization work took place in Beijing on 20 and 21 April. Xi Jinping gave a speech outlining adjusted priorities after the 19th Party Congress. The full text of the speech has not (yet) been made public. This is a translation of the official Xinhua report. Analysis will be published on the DigiChina platform.
Xi Jinping Stresses at the Cybersecurity and Informatization Work Conference to Keenly Grasp the Historical Opportunity in Informatization Development, and Move Forward the Construction of a Cyber Power through Indigenous Innovation
Li Keqiang Chairs, Li Zhanshu, Wang Yang, Wang Huning, Zhao Leji and Han Zheng Attend
Xinhua, 21 April, Beijing (Journalists Zhang Xiaosong, Zhu Jichai). The National Cybersecurity and Informatization Work Conference was convened on the 20th and 21st in Beijing. CCP Central Committee General Secretary, State President, Chair of the Central Military Commission and Chair of the Central Commission for Cybersecurity and Informatization Xi Jinping attended the Conference and gave an important speech. He stressed that informatization has brought extremely rare opportunities to the Chinese nation. We must acutely grasp the historical opportunity of informatization development, strengthen online positive propaganda, safeguard cybersecurity, promote breakthroughs in core technologies in the informatization area, give rein to the guiding role of informatization in economic development, strengthen civil-military convergence in the cybersecurity and informatization area, actively participate in international cyberspace governance processes, move forward the construction of a cyber power through indigenous innovation, and make new contributions to determine victory in comprehensively constructing a moderately prosperous society, seize new grand victories for Socialism with Chinese Characteristics in a new era, and realize the Chinese Dream of the Great Rejuvenation of the Chinese Nation. Read the rest of this entry »
Chapter I: General Principles
Article 1: In order to strengthen and standardize Internet security supervision and inspection work by public security bodies, prevent online law-breaking and crime, safeguard cybersecurity, protect the lawful rights and interests of citizens, legal persons and other organizations, on the basis of the “People’s Police Law of the People’s Republic of China”, the “Cybersecurity Law of the People’s Republic of China” and other such relevant laws and administrative regulations, these Regulations are formulated. Read the rest of this entry »
Opinions concerning Appropriately Limiting Specific Gravely Untrustworthy Persons from Traveling on Civil Aircraft for a Certain Period, and Promoting the Construction of the Social Credit System
All provincial, autonomous region, municipal and the Xinjiang Production-Construction Corps social credit system construction leading work units, spiritual civilization offices, higher people’s courts, finance offices (bureaus), human resources and social security offices (bureaus), the State Administration of Taxation, local taxation bureaus, all delegated agencies of the China Securities Regulatory Commission, all local civil aviation management bureaus, all transportation (general) airline companies, airport companies, the China Civil Aviation Information Group, airport public security bureaus: Read the rest of this entry »