Computer Information System Security Protection Regulations of the People’s Republic of China

Posted on Updated on

18 February 1994

(People’s Republic of State Council Decree No. 147)

Chapter I: General Provisions

Article 1: In order to protect computer information system security, stimulate the application and development of computers, guarantee the smooth implementation of Socialist modernization, these Regulations are formulated.

Article 2: Computer information system as named in these Regulations, refers to human-machine systems constituted by computers and their corresponding and complementary equipment and facilities (including networks), that collect, process, store, disseminate, retrieve and process information in other manners according to certain application objectives and rules.

Article 3: Computer information system security protection shall guarantee the security of the computers and their corresponding and complementary equipment and facilities (including networks), operating environment security, guarantee information security, guarantee the regular effect of computer functions, in order to safeguard the secure operation of computer information systems.

Article 4: Computer information system security protection work focus points are safeguarding computer information system security in State affairs, economic construction, national defence construction, frontier science and technology and other important spheres.

Article 5: These Regulations apply to computer information system security protection within the borders of the People’s Republic of China. Rules for security protection of microcomputers not linked to a network are formulated separately.

Article 6: The Ministry of Pubic Security is in charge of nationwide computer information system security protection work. The Ministry of National Security, the State Secrets Bureau and other relevant State Council departments perform work related to computer information system security protection within the scope of responsibility determined by the State Council

Article 7: No organization or individual may utilize computer information systems to engage in acts harming the national interest, the collective interest and citizens’ lawful rights and interests, or may endanger the security of computer information systems.

Chapter II: Security protection systems

Article 8: Computer information system construction and application shall obey laws, administrative regulations and other relevant State rules.

Article 9: A security hierarchy is implemented for computer information system protection. Security level division standards and concrete security level protection rules are formulated by the Ministry of Public Security together with relevant departments.

Article 10: Computer rooms shall conform to national standards and relevant national regulations. When engaging in construction work close to computer rooms, the security of computer information systems may not be endangered.

Article 11: When implementing computer information systems’ international networking, the work unit using computer information systems reports to the provincial-level or higher People’s Government public security organ for filing.

Article 12: Those transporting, carrying or mailing computer information media into or out of the borders, shall make a truthful declaration to Customs.

Article 13: Work units using computer information systems shall establish complete security management systems, and be responsible for their work units’ computer information system security protection work.

Article 14: Concerning cases occurring in computer information systems, the relevant using work unit shall within 24 hours report to the local county-level or higher People’s Government public security organ.

Article 15: Prevention and research work concerning computer viruses and other harmful data endangering social and public security, will be managed specially by the Ministry of Public Security

Article 16: The State implements a permit system over specialized computer information system security product sales. Concrete rules will be formulated by the Ministry of Public Security together with relevant departments

Chapter III: Security supervision

Article 17: Public security organs implement the following supervision duties over computer information system security protection work:

(1) supervising, inspecting and guiding computer information system security protection work;

(2) investigating and prosecuting unlawful and criminal acts endangering computer information system security;

(3) implementing other supervision duties of computer information system security protection work.

Article 18: When public security organs discover hidden dangers influencing computer information system security, they shall timely notify the using work unit to adopt security protection measures.

Article 19: Under emergency circumstances, the Ministry of Public Security may publish special orders involving specific matters involving computer information system.

Chapter IV: Legal responsibility

Article 20: Those violating the provisions of these Regulations, with one of the following acts, will be punished with a warning or cessation of machines for rectification by the Ministry of Public Security;

(1) violating computer information system security level protection systems, endangering computer information system security;

(2) violating international computer information system network filing systems;

(3) not reporting incidents occurring in computer information systems within the provided time;

(4) after receiving a notification in which the public security organ requires improvement of the security situation, refusing to improve this within the time limit;

(5) other acts endangering computer information system security.

Article 21: Where computer rooms do not conform to State standards and other State regulations, of construction work in the vicinity of computer rooms endangers computer information system security, the public security organ handles this together with the relevant work unit.

Article 22: Those transporting, carrying or mailing computer information media into or out of the borders, and do not declare this truthfully to Customs, will be subject to Customs handling this according to the provisions of the “Customs Law of the People’s Republic of China”, these Regulations as well as other relevant laws and regulations.

Article 23: Those wilfully importing computer viruses as well as other data endangering computer information system security, or those selling special computer information system security product without permits, will be warned by the public security organs, or individuals are fined 5000 Yuan or less and work units are fined 15000 Yuan or less; where there is unlawful income, apart from this being confiscated, a fine of one to three times the unlawful income may be imposed.

Article 24: Those violating the provisions of these Regulations, constituting an act violating public order management, will be punished by the relevant provisions of the “Public Order Management Rules of the People’s Republic of China”; where it constitutes a crime, criminal responsibility will be investigated according to the law.

Article 25: Any work unit or individual violating the provisions of these Regulations, where it causes damage to State, collective or individual property, shall bear civil responsibility according to the law.

Article 26: Where parties disagree with the concrete administrative act made by the public security organ according to these Regulations, they may apply for administrative redress or raise an administrative lawsuit according to the law.

Article 27: Where State personnel implementing these Regulations utilize their official powers to demand or receive bribes or other acts of law-breaking or dereliction of duty, and it constitutes a crime, criminal responsibility will be investigated according to the law; where it does not yet constitute a crime, administrative punishment is imposed.

Chapter V: Supplementary provisions

Article 28: The meaning of the following words in these Regulations:

Computer virus, refers to a group of computer commands or programme codes edited or inserted into computer programmes, that destroy computer functions or damage data, influence computer use, and can duplicate themselves.

Special computer information system security products, refers to special hardware and software products protecting computer information system security.

Article 29: Army computer information system security protection work is implemented according to the relevant laws and regulations of the Army.

Article 30: The Ministry of Public Security may formulate implementation rules on the basis of these Regulations.

Article 31: These Regulations take effect on the date of promulgation.

中华人民共和国计算机信息系统安全保护条例

(1994.2.18中华人民共和国国务院令第147号)

第一章 总则

第一条 为了保护计算机信息系统的安全,促进计算机的应用和发展,保障社会主义现代化建设的顺利进行,制定本条例。

第二条 本条例所称的计算机信息系统,是指由计算机及其相关的和配套的设备、设施(含网络)构成的,按照一定的应用目标和规则对信息进行采集、加工、存储、传输、检索等处理的人机系统。

第三条 计算机信息系统的安全保护,应当保障计算机及其相关的和配套的设备、设施(含网络)的安全,运行环境的安全,保障信息的安全,保障计算机功能的正常发挥,以维护计算机信息系统的安全运行。

第四条 计算机信息系统的安全保护工作,重点维护国家事务、经济建设、国防建设、尖端科学技术等重要领域的计算机信息系统的安全。

第五条 中华人民共和国境内的计算机信息系统的安全保护,适用本条例。未联网的微型计算机的安全保护办法,另行制定。

第六条 公安部主管全国计算机信息系统安全保护工作。国家安全部、国家保密局和国务院其他有关部门,在国务院规定的职责范围内做好计算机信息系统安全保护的有关工作。

第七条 任何组织或者个人,不得利用计算机信息系统从事危害国家利益、集体利益和公民合法利益的活动,不得危害计算机信息系统的安全。

第二章 安全保护制度

第八条 计算机信息系统的建设和应用,应当遵守法律、行政法规和国家其他有关规定。

第九条 计算机信息系统实行安全等级保护。安全等级的划分标准和安全等级保护的具体办法,由公安部会同有关部门制定。

第十条 计算机机房应当符合国家标准和国家有关规定。在计算机机房附近施工,不得危害计算机信息系统的安全。

第十一条 进行国际联网的计算机信息系统,由计算机信息系统的使用单位报省级以上人民政府公安机关备案。

第十二条 运输、携带、邮寄计算机信息媒体进出境的,应当如实向海关申报。

第十三条 计算机信息系统的使用单位应当建立健全安全管理制度,负责本单位计算机信息系统的安全保护工作。

第十四条 对计算机信息系统中发生的案件,有关使用单位应当在24小时内向当地县级以上人民政府公安机关报告。

第十五条 对计算机病毒和危害社会公共安全的其他有害数据的防治研究工作,由公安部归口管理。

第十六条 国家对计算机信息系统安全专用产品的销售实行许可证制度。具体办法由公安部会同有关部门制定。

第三章 安全监督

第十七条 公安机关对计算机信息系统安全保护工作行使下列监督职权:

(一)监督、检查、指导计算机信息系统安全保护工作;

(二)查处危害计算机信息系统安全的违法犯罪案件;

(三)履行计算机信息系统安全保护工作的其他监督职责。

第十八条 公安机关发现影响计算机信息系统安全的隐患时,应当及时通知使用单位采取安全保护措施。

第十九条 公安部在紧急情况下,可以就涉及计算机信息系统安全的特定事项发布专项通令。

第四章 法律责任

第二十条 违反本条例的规定,有下列行为之一的,由公安机关处以警告或者停机整顿:

(一)违反计算机信息系统安全等级保护制度,危害计算机信息系统安全的;

(二)违反计算机信息系统国际联网备案制度的;

(三)不按照规定时间报告计算机信息系统中发生的案件的;

(四)接到公安机关要求改进安全状况的通知后,在限期内拒不改进的;

(五)有危害计算机信息系统安全的其他行为的。

第二十一条 计算机机房不符合国家标准和国家其他有关规定的,或者在计算机机房附近施工危害计算机信息系统安全的,由公安机关会同有关单位进行处理。

第二十二条 运输、携带、邮寄计算机信息媒体进出境,不如实向海关申报的,由海关依照《中华人民共和国海关法》和本条例以及其他有关法律、法规的规定处理。

第二十三条 故意输入计算机病毒以及其他有害数据危害计算机信息系统安全的,或者未经许可出售计算机信息系统安全专用产品的,由公安机关处以警告或者对个人处以5000元以下的罚款、对单位处以15000元以下的罚款;有违法所得的,除予以没收外,可以处以违法所得1至3倍的罚款。

第二十四条 违反本条例的规定,构成违反治安管理行为的,依照《中华人民共和国治安管理处罚条例》的有关规定处罚;构成犯罪的,依法追究刑事责任。

第二十五条 任何组织或者个人违反本条例的规定,给国家、集体或者他人财产造成损失的,应当依法承担民事责任。

第二十六条 当事人对公安机关依照本条例所作出的具体行政行为不服的,可以依法申请行政复议或者提起行政诉讼。

第二十七条 执行本条例的国家公务员利用职权,索取、收受贿赂或者有其他违法、失职行为,构成犯罪的,依法追究刑事责任;尚不构成犯罪的,给予行政处分。

第五章 附则

第二十八条 本条例下列用语的含义:

计算机病毒,是指编制或者在计算机程序中插入的破坏计算机功能或者毁坏数据,影响计算机使用,并能自我复制的一组计算机指令或者程序代码。

计算机信息系统安全专用产品,是指用于保护计算机信息系统安全的专用硬件和软件产品。

第二十九条 军队的计算机信息系统安全保护工作,按照军队的有关法规执行。

第三十条 公安部可以根据本条例制定实施办法。

第三十一条 本条例自发布之日起施行。

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s