Today, it was reported that China’s draft cybersecurity law has been presented to the National People’s Congress for a third reading. It is widely expected that this reading will accept the law, which will thus be promulgated soon. The following is a translation of a Xinhua report, which outlines the changes that have been made.
The third deliberation draft of the Cybersecurity Law was submitted to the NPC Standing Committee for deliberation on the 31st. The NPC Legal Committee indicated in its report concerning the draft’s deliberation results, that the third draft made a partial revision on the basis of the second draft, including a further planned definition of the scope of crucial information infrastructure; it also provides corresponding punishment measures against foreign organizations and individuals attacking or destroying our country’s crucial information infrastructure.
Planned further definition of the scope of critical information infrastructure.
At the time of the second draft, a number of Standing Committee members suggested clarification of the main sectors and areas involving critical information infrastructure, and to further define the scope of critical information infrastructure.
In this regard, the third draft provides that the State implements focused protection for critical information infrastructure in important sectors and areas such as public telecommunications and information services, energy, transportation, irrigation, finance, public services, e-government, etc., as well as other critical information infrastructure that, whenever it is destroyed, loses its ability to function or encounters data leaks, may gravely harm national security, the national economy, the people’s livelihood and the public infrastructure. The concrete scope and security protection measures for critical information infrastructure are to be formulated by the State Council.
Planned additions of provisions to punish foreign organizations and individuals attacking or destroying our country’s critical information infrastructure
During the process of opinion solicitation after deliberation of the second draft, a number of Standing Committee members, members of the social public and experts pointed out corresponding punitive measures should be provided against foreign organizations and individuals attacking or destroying our country’s critical information infrastructure
In this regard, the third draft provides that foreign individuals or organizations engaging in activities attacking, intruding into, interfering with, destroying or in any other way harming the critical information infrastructure of the People’s Republic of China, resulting in grave consequences, will be subject to lawful prosecution; the State Council public security department and relevant departments may also decide to freeze the assets of, or take other necessary punitive measures against these individuals or organizations.
Planned additions of provisions to punish online fraud and other such novel forms of online illegal and criminal activities
At the time of the second draft, a number of Standing Committee members put forward that, at present, online fraud in particular is an often occurring form of novel online illegal and criminal conduct, the broad popular masses urgently hope that punishment is strengthened, and suggested to provide focused provisions.
In this regard, the third draft adds provisions: no individual or organization may establish websites or news groups used to engage in fraud, pass on criminal methods, produce or sell contraband goods or controlled goods, and other such unlawful and criminal activities, they may not use websites to disseminate information concerning engagement of fraud, production or sale of contraband products or managed products, or concerning other unlawful and criminal acts; provisions are also added to provide for corresponding legal liability.
Planned strengthening of cybersecurity talent training and protection of the surfing security of minors
At the time of the second draft, a number of Standing Committee members suggested to further substantiate content on moving online interaction and connectivity forward, and fostering cybersecurity talents, and stimulate the standardization of cybersecurity.
In this regard, the third draft adds provisions concerning moving forward with the interaction and connectivity of network infrastructure, and support for the fostering of cybersecurity talents; it also adds provisions concerning supporting research bodies and higher education institutes to participate in the formulation of cybersecurity standards. At the same time, on the basis of a number of suggestions and opinions of some Standing Committee members, the third draft adds provisions concerning principles for the protection of the surfing security of minors, providing a basis for the formulation of complementary laws and regulations, and creating an online environment beneficial to the healthy growing up of minors; on the basis of the opinion of some Internet enterprises, the provisions concerning “storing online logs no less than six months” in the second draft, is revised as “corresponding online daily records are to be preserved for no less than six months according to regulations.”