Management Rules for the Security Protection of Internationally Connected Computer Information Networks

Posted on Updated on

(Approved by the State Council on 11 December 1997, promulgated as Ministry of Public Security Decree No. 33 on 16 December 1997, and revised on 8 January 2011 on the basis of the “State Council Decision concerning Abolishing and revising Several Administrative Laws and Regulations”.
Chapter I: General Provisions
Article 1: In order to strengthen the protection of the security of computer information network international interconnection, safeguard public order and social stability, according to the provisions of the “Computer Information System Security Protection Regulations of the People’s Republic of China”, the “Provisional Computer Information Network Management Rules of the People’s Republic of China” and other laws and regulations, these Rules are formulated.
Article 2: These Rules apply to the management of computer information network international interconnection security protection within the borders of the People’s Republic of China
Article 3: The Ministry of Public Security computer management and supervision organs is responsible for management work over computer information network information interconnection security protection. Public security organs’ computer management and supervision organs shall protect the public security of computer information network international interconnections, and safeguard the lawful rights and interests of work units and individuals engaging in international interconnection business, and the public interest.
Article 4: No work unit or individual may use international interconnection to harm national security or divulge State secrets, may not violate the national, social or collective interest or the lawful rights and interests of citizens, and may not engage in unlawful or criminal activities.
Article 5: No work unit or individual may utilize international interconnections to produce, reproduce, consult or disseminate the following information:
(1) inciting resistance, destroying the implementation of the Constitution, laws and administrative regulations;
(2) inciting subversion of State power, toppling the Socialist system;
(3) inciting separatism or destroying national unity;
(4) inciting ethnic hatred, ethnic discrimination or destroying ethnic unity;
(5) concocting or distorting facts, disseminating rumours, disordering social order;
(6) propagating feudal superstition, obscenity, sex, gambling, violence, murder, horror or inciting crime;
(7) brazenly humiliating other persons or concocting facts to slander other persons;
(8) harming the prestige of State organs
(9) other matters violating the Constitution, laws and administrative regulations.
Article 6: No work unit or individual may engage in the following activities endangering computer information network security:
(1) without permission, accessing computer information networks or using computer information network resources;
(2) without permission, conducting deletion, revision or adding to computer information network functions;
(3) without permission, conducting deletion, revision or adding to data stored in, processed or disseminated by computer information networks and application procedures;
(4) wilfully producing or disseminating computer viruses and other destructive processes;
(5) other matters endangering computer information network security.
Article 7: Users’ freedom to communicate and communication secrecy is protected by law. No work unit or individual may violate legal provisions or use international interconnections to violate users’ freedom to communicate and communication secrecy.
Chapter II: The responsibility to protect security
Article 8: Work units and individuals engaging in international interconnection work shall accept security supervision, inspection and guidance from public security organs, truthfully provide information, materials and data documents related to security protection to public security organs, assist with public security organs to investigate and prosecute unlawful and criminal activities of computer information networks through international interconnections.
Article 9: Controlling departments or controlling work units of international entry and exit port channel provision work units, connection work units shall be responsible for security protection management work of international entry and exit port channel and their subordinate interconnection networks according to laws and relevant State regulations.
Article 10: Interconnection work units, access work units and legal persons using computer information network international interconnections and other organizations shall implement the following security protection duties:
(1) being responsible for security protection management work of their networks, establishing and competing security protection management systems;
(2) implementing technological security protection measures, guaranteeing the operational security and information security of their networks;
(3) being responsible for security education and training of their network users;
(4) conducting registration of work units an individual entrusting information dissemination, and conducting examination of the content of the provided information according to Article 5 of these Rules
(5) establishing computer information network electronic announcement system user registration and information management systems;
(6) where discovering one of the circumstances listed in Article 4, Article 5, Article 6 and Article 7 of these Rules, they shall preserve the original relevant records, and report it to the local public security organs within 24 hours;
(7) According to relevant State regulations, deleting addresses and directories containing content as per Article 5 of these Rules or closing servers.
Article 11: Users, when accessing work units to conduct net access formalities, shall fill out a user filing form. The filing form is produced under the supervision of the Ministry of Public Security.
Article 12: Interconnection work units, access work units, legal persons and other organizations (including cross-provincial, autonomous region and municipal interconnection network work units and their subordinate branch organs) using computer information network international interconnections, shall within 30 days of official connection to the network, go to a hearing organ appointed by the provincial, autonomous region or municipal People’s Government public security organ of their locality to carry out filing formalities.
Work units listed in the previous Item shall be responsible for reporting the situation of access work units and users accessing their networks to the public security organs for filing, and timely report changes in the situation of work units and users accessing their network.
Article 13: Those using public or communal access registration shall strengthen management of communal accounts, and establish account use registration systems. User accounts may not be lent or transferred.
Article 14: Work units involved in State affairs, economic construction, national defence construction, scientific and technological frontiers and other important areas, when carrying out filing formalities, shall provide examination and approval certification of their administrative supervision department. The international interconnection of the networks of work units listed in the previous Item, shall adopt corresponding protection measures.
Chapter III: Security supervision
Article 15: Principal, autonomous region and municipal public security offices (bureaus), district (city) and county (city) public opinion bureaus shall have corresponding organs to be responsible for international interconnection security protection management work.
Article 16: Public security organs’ computer management and supervision organs shall grasp the filing situation of interconnection work units, access work units and users, establish filing dossiers, conduct filing statistics, and progressively report this upwards according to relevant State regulations.
Article 17: Public security organs’ computer management and supervision organs shall supervise interconnection work units, access work units and relevant users to establish and complete security protection management systems; supervising and inspecting the network security protection management as well as technology measure implementation situation.
When public security organs’ computer management and supervision organs, when organizing security inspections, related work units shall send people to participate. Public security organ computer management and supervision organs shall put forward opinions for improvement, make detailed records and file them for further reference concerning problems discovered in security inspection.
Article 18: Public security organ computer management and supervision organ discovering addresses, directories or servers containing content listed in Article 5 of these Rules, shall notify the relevant work unit to shut it down or delete it.
Article 19: Public security organ computer supervision and management organs shall be responsible for following, investigating and prosecuting unlawful acts committed through computer information networks and criminal cases related to computer information networks, unlawful and criminal activities violating the provisions of Article 4 and Article 7 of these Rules, shall be transferred to the relevant departments or judicial organs to deal with them according to relevant State regulations.
Chapter IV: Legal responsibility
Article 20: Those violating laws and administrative regulations, with one of the acts listed in Article 5 or Article 6 of these Rules, will be warned by the public security organs, where there is unlawful income, the unlawful income is confiscated, a fine of 5.000 Yuan or less may also be imposed on individuals, and a fine of 50.000 Yuan or less may also be imposed on work units; where circumstances are grave, the punishments of ceasing interconnection for six months or less and shutdown may be imposed, when necessary, it may also be advise that the original permit-issuing or approving organ cancels business permits or cancels interconnection qualification; where it constitutes an act violating public order, it will be punished according to public order management punishment law; where it constitutes a crime, criminal responsibility will be investigated according to the law.
Article 21: Where one of the following acts is present, the public security organ orders rectification within a limited time and issues a warning, where there is unlawful income, the unlawful income is confiscated; where there is no rectification within the provided time limit, the main responsible person and other directly responsible personnel of the work unit may be subject to a fine of 5.000 Yuan or less, and the work unit may be subject to a fine of 50.000 Yuan or less, where circumstances are grave, the punishments of ceasing interconnection for six months or less and shutdown may be imposed, when necessary, it may also be advise that the original permit-issuing or approving organ cancels business permits or cancels interconnection qualification.
(1) not having established security protection management systems;
(2) not having adopted security technology protection measures;
(3) not providing security education and training to network users;
(4) not providing information, materials and data documents needed for security protection measures, or providing untrue content;
(5) not having examined the content of information entrusted for publication or registered the entrusting work unit and individual;
(6) not having established electronic announcement system user registration and information management systems;
(7) not deleting network addresses or directories or shutting down servicers according to relevant State regulations;
(8) not establishing public account use registration systems
(9) Lending or transferring user accounts.
Article 22: Those violating the provisions of Article 4 and Article 7 of these Rules, are punished according to relevant laws and regulations.
Article 23: Those violating the provisions of Article 21 and Article 23 of these Rules, and not implementing filing duties, are punished by the public security organs with a warning or shutting down for rectification for a period not exceeding six months.
Chapter V: Supplementary provisions
Article 24: Security protection management of computer information networks interconnecting with the Hong Kong Special Administrative Region and the Taiwan and Macau regions, are implemented with reference to these Rules.
Article 25: These Rules take effect from the date of promulgation.

计算机信息网络国际联网安全保护管理办法
  (1997年12月11日国务院批准 1997年12月16日公安部令第33号发布 根据2011年1月8日《国务院关于废止和修改部分行政法规的决定》修订)
第一章 总  则
  第一条 为了加强对计算机信息网络国际联网的安全保护,维护公共秩序和社会稳定,根据《中华人民共和国计算机信息系统安全保护条例》、《中华人民共和国计算机信息网络国际联网管理暂行规定》和其他法律、行政法规的规定,制定本办法。
  第二条 中华人民共和国境内的计算机信息网络国际联网安全保护管理,适用本办法。
  第三条 公安部计算机管理监察机构负责计算机信息网络国际联网的安全保护管理工作。
  公安机关计算机管理监察机构应当保护计算机信息网络国际联网的公共安全,维护从事国际联网业务的单位和个人的合法权益和公众利益。
  第四条 任何单位和个人不得利用国际联网危害国家安全、泄露国家秘密,不得侵犯国家的、社会的、集体的利益和公民的合法权益,不得从事违法犯罪活动。
  第五条 任何单位和个人不得利用国际联网制作、复制、查阅和传播下列信息:
  (一)煽动抗拒、破坏宪法和法律、行政法规实施的;
  (二)煽动颠覆国家政权,推翻社会主义制度的;
  (三)煽动分裂国家、破坏国家统一的;
  (四)煽动民族仇恨、民族歧视,破坏民族团结的;
  (五)捏造或者歪曲事实,散布谣言,扰乱社会秩序的;
  (六)宣扬封建迷信、淫秽、色情、赌博、暴力、凶杀、恐怖,教唆犯罪的;
  (七)公然侮辱他人或者捏造事实诽谤他人的;
  (八)损害国家机关信誉的;
  (九)其他违反宪法和法律、行政法规的。
  第六条 任何单位和个人不得从事下列危害计算机信息网络安全的活动:
  (一)未经允许,进入计算机信息网络或者使用计算机信息网络资源的;
  (二)未经允许,对计算机信息网络功能进行删除、修改或者增加的;
  (三)未经允许,对计算机信息网络中存储、处理或者传输的数据和应用程序进行删除、修改或者增加的;
  (四)故意制作、传播计算机病毒等破坏性程序的;
  (五)其他危害计算机信息网络安全的。
  第七条 用户的通信自由和通信秘密受法律保护。任何单位和个人不得违反法律规定,利用国际联网侵犯用户的通信自由和通信秘密。
第二章 安全保护责任
  第八条 从事国际联网业务的单位和个人应当接受公安机关的安全监督、检查和指导,如实向公安机关提供有关安全保护的信息、资料及数据文件,协助公安机关查处通过国际联网的计算机信息网络的违法犯罪行为。
  第九条 国际出入口信道提供单位、互联单位的主管部门或者主管单位,应当依照法律和国家有关规定负责国际出入口信道、所属互联网络的安全保护管理工作。
  第十条 互联单位、接入单位及使用计算机信息网络国际联网的法人和其他组织应当履行下列安全保护职责:
  (一)负责本网络的安全保护管理工作,建立健全安全保护管理制度;
  (二)落实安全保护技术措施,保障本网络的运行安全和信息安全;
  (三)负责对本网络用户的安全教育和培训;
  (四)对委托发布信息的单位和个人进行登记,并对所提供的信息内容按照本办法第五条进行审核;
  (五)建立计算机信息网络电子公告系统的用户登记和信息管理制度;
  (六)发现有本办法第四条、第五条、第六条、第七条所列情形之一的,应当保留有关原始记录,并在24小时内向当地公安机关报告;
  (七)按照国家有关规定,删除本网络中含有本办法第五条内容的地址、目录或者关闭服务器。
  第十一条 用户在接入单位办理入网手续时,应当填写用户备案表。备案表由公安部监制。
  第十二条 互联单位、接入单位、使用计算机信息网络国际联网的法人和其他组织(包括跨省、自治区、直辖市联网的单位和所属的分支机构),应当自网络正式联通之日起30日内,到所在地的省、自治区、直辖市人民政府公安机关指定的受理机关办理备案手续。
  前款所列单位应当负责将接入本网络的接入单位和用户情况报当地公安机关备案,并及时报告本网络中接入单位和用户的变更情况。
  第十三条 使用公用账号的注册者应当加强对公用账号的管理,建立账号使用登记制度。用户账号不得转借、转让。
  第十四条 涉及国家事务、经济建设、国防建设、尖端科学技术等重要领域的单位办理备案手续时,应当出具其行政主管部门的审批证明。
  前款所列单位的计算机信息网络与国际联网,应当采取相应的安全保护措施。
第三章 安 全 监 督
  第十五条 省、自治区、直辖市公安厅(局),地(市)、县(市)公安局,应当有相应机构负责国际联网的安全保护管理工作。
  第十六条 公安机关计算机管理监察机构应当掌握互联单位、接入单位和用户的备案情况,建立备案档案,进行备案统计,并按照国家有关规定逐级上报。
  第十七条 公安机关计算机管理监察机构应当督促互联单位、接入单位及有关用户建立健全安全保护管理制度。监督、检查网络安全保护管理以及技术措施的落实情况。
  公安机关计算机管理监察机构在组织安全检查时,有关单位应当派人参加。公安机关计算机管理监察机构对安全检查发现的问题,应当提出改进意见,作出详细记录,存档备查。
  第十八条 公安机关计算机管理监察机构发现含有本办法第五条所列内容的地址、目录或者服务器时,应当通知有关单位关闭或者删除。
  第十九条 公安机关计算机管理监察机构应当负责追踪和查处通过计算机信息网络的违法行为和针对计算机信息网络的犯罪案件,对违反本办法第四条、第七条规定的违法犯罪行为,应当按照国家有关规定移送有关部门或者司法机关处理。
第四章 法 律 责 任
  第二十条 违反法律、行政法规,有本办法第五条、第六条所列行为之一的,由公安机关给予警告,有违法所得的,没收违法所得,对个人可以并处5000元以下的罚款,对单位可以并处1.5万元以下的罚款;情节严重的,并可以给予6个月以内停止联网、停机整顿的处罚,必要时可以建议原发证、审批机构吊销经营许可证或者取消联网资格;构成违反治安管理行为的,依照治安管理处罚法的规定处罚;构成犯罪的,依法追究刑事责任。
  第二十一条 有下列行为之一的,由公安机关责令限期改正,给予警告,有违法所得的,没收违法所得;在规定的限期内未改正的,对单位的主管负责人员和其他直接责任人员可以并处5000元以下的罚款,对单位可以并处1.5万元以下的罚款;情节严重的,并可以给予6个月以内的停止联网、停机整顿的处罚,必要时可以建议原发证、审批机构吊销经营许可证或者取消联网资格。
  (一)未建立安全保护管理制度的;
  (二)未采取安全技术保护措施的;
  (三)未对网络用户进行安全教育和培训的;
  (四)未提供安全保护管理所需信息、资料及数据文件,或者所提供内容不真实的;
  (五)对委托其发布的信息内容未进行审核或者对委托单位和个人未进行登记的;
  (六)未建立电子公告系统的用户登记和信息管理制度的;
  (七)未按照国家有关规定,删除网络地址、目录或者关闭服务器的;
  (八)未建立公用账号使用登记制度的;
  (九)转借、转让用户账号的。
  第二十二条 违反本办法第四条、第七条规定的,依照有关法律、法规予以处罚。
  第二十三条 违反本办法第十一条、第十二条规定,不履行备案职责的,由公安机关给予警告或者停机整顿不超过6个月的处罚。
第五章 附  则
  第二十四条 与香港特别行政区和台湾、澳门地区联网的计算机信息网络的安全保护管理,参照本办法执行。
  第二十五条 本办法自1997年12月30日起施行。

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s