Enforcement

Implementation Outline for the Construction of a Rule of Law Society (2020-2025) [Excerpts]

Posted on Updated on

A rule of law society is the foundation for building a rule of law country, building a rule of law society is an important component part of realizing the modernization of the national governance system and governance capacity. Building a Socialist rule of law society with faith in the rule of law, fairness and justice, where rights are protected, which is law abiding and sincere, full of vitality, harmonious and orderly is an important step in strengthening the popular masses’ sense of gain, sense of happiness and sense of security. The 19th Party Congress has determined completing a social basis for the rule of law as one important objective in the basic realization of Socialist modernization by 2035, its importance is great, its influence is profound, tasks will be arduous. In order to accelerate the progress of constructing a rule of law society, this Outline is formulated.

I, General requirements

(1) Guiding ideology. Hold high the magnificent banner of Socialism with Chinese characteristics take Marxism-Leninism, Mao Zedong Thought, Deng Xiaoping Theory, the important “Three Represents” thought, the Scientific Development Concept, and Xi Jinping Thought on Socialism with Chinese characteristics in a new era as guidance, comprehensively implement the spirit of the 19th Party Congress and the 2nd, 3rd, 4th and 5th Plenums of the 19thParty Congress, comprehensively implement Xi Jinping Thought on the rule of law, strengthen the “Four Consciousnesses”, uphold the “Four Self-Confidences”, ensure the “Two Safeguards”, unwaveringly march the path of Socialism with Chinese characteristics, persist in the integrated construction of a rule of law country, a rule of law government and a rule of law society, foster and practice the Socialist core value view, carry forward the Socialist rule of law spirit, build a Socialist rule of law culture, strengthen the vigour and initiative in all of society to strictly practice the rule of law, push all of society to respect the law, study the law, abide by the law and use the law, complete social fairness and justice rule of law protection structures, guarantee the people’s rights, raise society’s rule of law levels, and lay down a firm rule of law basis for the comprehensive construction of a Socialist rule of law country and realizing the Chinese Dream of the great rejuvenation of the Chinese nation.

(2) Main principles. Uphold the concentrated and uniform leadership of the Party; uphold the guiding position of the theory of Socialist rule of law with Chinese characteristics; uphold the centrality of the people; uphold respect for and the maintenance of the authority of the Constitution and the laws; uphold the quality of everyone in the face of the law; uphold the unity of rights and duties; uphold the integration of the rule of law, the rule of virtue and self-governance; and uphold the joint construction, joint governance and joint sharing of social governance.

(3) Overall objectives. By the end of 2025, the implementation of the “Eight Five” law popularization plan to be completed; rule of law concepts to have deeply penetrated people’s hearts, structures and standards in the social area to be more completed, clear achievements in the merger of requirements of the Socialist core value view with rule of law construction and social governance, the lawful rights and interests of citizens, legal persons and other organizations to be effectively protection, rule of law levels of social governance to increase clearly, creating a vivid picture of constructing a rule of law society that conforms to national circumstances, reflects the characteristics of the times, and satisfies the popular masses, and laying a firm basis for the basic completion of a rule of law society by 2013.

[…]

III, Completing structures and standards in the social area

[…]

(11) Advancing the construction of social sincerity. Accelerate the construction of the social credit system, and raise all of society’s sincerity awareness and credit levels. Complete corporate social responsibility laws and systems, strengthen corporate social responsibility awareness, stimulate enterprises to do operate in a sincere, trustworthy and lawful manner. Complete law compliance credit records of citizens and organizations, establish a uniform social credit coding system based on citizens’ identity document numbers and organizational codes. Perfect long-term mechanisms for sincerity construction, complete credit assessment systems covering all of society, establish and perfect punishment mechanisms for untrustworthiness. Establish credit recovery mechanisms and appeals structures in integration with reality. Strengthen sincerity construction in sectoral associations and chambers of commerce, perfect sincerity management and self-discipline mechanisms. Perfect the Nationwide Credit Information Sharing Platform and the National Enterprises Credit Publication System, further strengthen and standardize credit information collection and sharing. Strengthen propaganda and education on sincerity awareness, organize sincerity-themed practice activities, create a benign environment for the construction of the social credit system. Advance the publication of laws in the area of credit.

[…]

VI, Governing cyberspace according to the law

Cyberspace isn’t a land outside the law, promoting social governance to expand from actual society into cyberspace, establish and create comprehensive online governance systems, strengthen network management according to the law, network operations according to the law, and network use according to the law, comprehensively advance rule of law building in cyberspace, and create a clear and crisp cyberspace.

(22) Perfecting legal structures for the network. Promote the expansion of exising laws and regulations to cyberspace through a combination of legislation, reform, abolition and interpretation. Perfect laws and regulations in the area of online information services, revise the Internet information service management rules, research and formulate management rules for the credit information of gravely untrustworthy subjects in the Internet information services area, formulate and perfect standards and management rules for online streaming, self-media, Q&As in knowledge communities and other such new media business models as well as algorithmic recommendations, deep fakes and other such new technology applications. Perfect supplementary regulations and standard systems for the cybersecurity law, establish and complete cybersecurity management structures for critical information infrastructure security protection, data security management and cybersecurity review, etc., and expand guidance on standards for the research, development and application of big data, cloud computing, artificial intelligence and other such new technologies. Research and formulate the personal information protection law. Complete laws and regulations for intellectual property rights protection of innovative achievements in Internet technology, commercial models, big data, etc. Revise the law on the prevention of crime by minors, formulate regulations for the online protection of minors. Perfect cross-border e-commerce structures, standardize cross-border e-commerce operators’ activities. Vigorously participate in international norms and standard setting for the digital economy, e-commerce, information technology, cybersecurity and other such areas.

(23) Foster a benign online rule of law awareness. Uphold the integration of governing the network according to the law and enhancing the network through virtue, carry forward the main melody of the times and positive social energy. Strengthen and innovate Internet content construction, realize projects on the Socialist core value view, new media broadcasts on Chinese culture, etc. Enhance online media literacy, advance “blacklist” systems and punitive mechanisms against gravely untrustworthy conduct in the online information service area, and advance the institutionalization of line sincerity. Firmly attack the spread of rumours, obscenity, violence, superstition, heresy and other such harmful information in cyberspace according to the law, establish and complete an integrated system to receive and process reports about online violations of law and harmful information. Strengthen education on online literacy and online rule of law for the whole society, formulate guidelines for online literacy education. Strengthen cybersecurity education for youth, guide the youth to go online rationally. Deeply implement the China Good Netizen Project and the Network Public Interest Project, guide netizens in going online in a civilized manner, express themselves rationally, and create an online environment with a crisp atmosphere.

(24) Ensuring citizens use the web safely and according to the law. Firmly establish correct cybersecurity views, prevent cybersecurity risks according to the law. Implement cybersecurity responsibility systems, clarify the cybersecurity responsibilities of management departments and cybersecurity and informatization enterprises. Establish and perfect unified high-efficiency cybersecurity risk reporting mechanisms, research, judgment and handling mechanisms, and complete cybersecurity investigation structures. Strengthen the protection of lawful rights and interests in cyberspace concerning telecommunications secrecy, commercial secrets, personal privacy as well as reputation rights, property rights, etc. Strictly standardize the collection and use of user identities, telecommunications content and other such personal information activities, strengthen punishment of unlawful and illegal acts concerning the illegal acquisition, leaking, selling or provision of citizens’ personal information. Supervise cybersecurity and informatization enterprises in implementing their dominant responsibility, and implement security management responsibilities provided in laws. Complete emergency response mechanisms for sudden network and information incidents, and perfect cybersecurity and informatization joint law enforcement. Strengthen the construction of capabilities to control and punish online unlawful and criminal activities, investigate and prosecute unlawful and criminal activities such as criminal online finance, online slander, online fraud, online sex, attacks, intrusions, etc. Establish and complete information sharing mechanisms, vigorously participate in international attacks against unlawful and criminal activities online.

法治社会建设实施纲要(2020-2025年)》全文如下。

法治社会是构筑法治国家的基础,法治社会建设是实现国家治理体系和治理能力现代化的重要组成部分。建设信仰法治、公平正义、保障权利、守法诚信、充满活力、和谐有序的社会主义法治社会,是增强人民群众获得感、幸福感、安全感的重要举措。党的十九大把法治社会基本建成确立为到2035年基本实现社会主义现代化的重要目标之一,意义重大,影响深远,任务艰巨。为加快推进法治社会建设,制定本纲要。

一、总体要求

(一)指导思想。高举中国特色社会主义伟大旗帜,坚持以马克思列宁主义、毛泽东思想、邓小平理论、“三个代表”重要思想、科学发展观、习近平新时代中国特色社会主义思想为指导,全面贯彻党的十九大和十九届二中、三中、四中、五中全会精神,全面贯彻习近平法治思想,增强“四个意识”、坚定“四个自信”、做到“两个维护”,坚定不移走中国特色社会主义法治道路,坚持法治国家、法治政府、法治社会一体建设,培育和践行社会主义核心价值观,弘扬社会主义法治精神,建设社会主义法治文化,增强全社会厉行法治的积极性和主动性,推动全社会尊法学法守法用法,健全社会公平正义法治保障制度,保障人民权利,提高社会治理法治化水平,为全面建设社会主义现代化国家、实现中华民族伟大复兴的中国梦筑牢坚实法治基础。

(二)主要原则。坚持党的集中统一领导;坚持以中国特色社会主义法治理论为指导;坚持以人民为中心;坚持尊重和维护宪法法律权威;坚持法律面前人人平等;坚持权利与义务相统一;坚持法治、德治、自治相结合;坚持社会治理共建共治共享。

(三)总体目标。到2025年,“八五”普法规划实施完成,法治观念深入人心,社会领域制度规范更加健全,社会主义核心价值观要求融入法治建设和社会治理成效显著,公民、法人和其他组织合法权益得到切实保障,社会治理法治化水平显著提高,形成符合国情、体现时代特征、人民群众满意的法治社会建设生动局面,为2035年基本建成法治社会奠定坚实基础。

三、健全社会领域制度规范

(十一)推进社会诚信建设。加快推进社会信用体系建设,提高全社会诚信意识和信用水平。完善企业社会责任法律制度,增强企业社会责任意识,促进企业诚实守信、合法经营。健全公民和组织守法信用记录,建立以公民身份证号码和组织机构代码为基础的统一社会信用代码制度。完善诚信建设长效机制,健全覆盖全社会的征信体系,建立完善失信惩戒制度。结合实际建立信用修复机制和异议制度,鼓励和引导失信主体主动纠正违法失信行为。加强行业协会商会诚信建设,完善诚信管理和诚信自律机制。完善全国信用信息共享平台和国家企业信用信息公示系统,进一步强化和规范信用信息归集共享。加强诚信理念宣传教育,组织诚信主题实践活动,为社会信用体系建设创造良好环境。推动出台信用方面的法律。

六、依法治理网络空间

网络空间不是法外之地。推动社会治理从现实社会向网络空间覆盖,建立健全网络综合治理体系,加强依法管网、依法办网、依法上网,全面推进网络空间法治化,营造清朗的网络空间。

(二十二)完善网络法律制度。通过立改废释并举等方式,推动现有法律法规延伸适用到网络空间。完善网络信息服务方面的法律法规,修订互联网信息服务管理办法,研究制定互联网信息服务严重失信主体信用信息管理办法,制定完善对网络直播、自媒体、知识社区问答等新媒体业态和算法推荐、深度伪造等新技术应用的规范管理办法。完善网络安全法配套规定和标准体系,建立健全关键信息基础设施安全保护、数据安全管理和网络安全审查等网络安全管理制度,加强对大数据、云计算和人工智能等新技术研发应用的规范引导。研究制定个人信息保护法。健全互联网技术、商业模式、大数据等创新成果的知识产权保护方面的法律法规。修订预防未成年人犯罪法,制定未成年人网络保护条例。完善跨境电商制度,规范跨境电子商务经营者行为。积极参与数字经济、电子商务、信息技术、网络安全等领域国际规则和标准制定。

(二十三)培育良好的网络法治意识。坚持依法治网和以德润网相结合,弘扬时代主旋律和社会正能量。加强和创新互联网内容建设,实施社会主义核心价值观、中华文化新媒体传播等工程。提升网络媒介素养,推动互联网信息服务领域严重失信“黑名单”制度和惩戒机制,推动网络诚信制度化建设。坚决依法打击谣言、淫秽、暴力、迷信、邪教等有害信息在网络空间传播蔓延,建立健全互联网违法和不良信息举报一体化受理处置体系。加强全社会网络法治和网络素养教育,制定网络素养教育指南。加强青少年网络安全教育,引导青少年理性上网。深入实施中国好网民工程和网络公益工程,引导网民文明上网、理性表达,营造风清气正的网络环境。

(二十四)保障公民依法安全用网。牢固树立正确的网络安全观,依法防范网络安全风险。落实网络安全责任制,明确管理部门和网信企业的网络安全责任。建立完善统一高效的网络安全风险报告机制、研判处置机制,健全网络安全检查制度。加强对网络空间通信秘密、商业秘密、个人隐私以及名誉权、财产权等合法权益的保护。严格规范收集使用用户身份、通信内容等个人信息行为,加大对非法获取、泄露、出售、提供公民个人信息的违法犯罪行为的惩处力度。督促网信企业落实主体责任,履行法律规定的安全管理责任。健全网络与信息突发安全事件应急机制,完善网络安全和信息化执法联动机制。加强网络违法犯罪监控和查处能力建设,依法查处网络金融犯罪、网络诽谤、网络诈骗、网络色情、攻击窃密等违法犯罪行为。建立健全信息共享机制,积极参与国际打击互联网违法犯罪活动。

Internet Public User Account Information Service Management Regulations (Revision Draft – Opinion-seeking Version)

Posted on Updated on

Chapter I: General provisions

Article 1: These Regulations are formulated in order to standardize Internet public account information services, safeguard national security and the public interest, and protect the lawful interests of citizens, legal persons and other organizations, on the basis of the “Cybersecurity Law of the People’s Republic of China”, the “Internet Information Service Management Rules”, the “Online Information Content Ecology Governance Regulations” and other such laws, regulations and relevant State provisions.

Article 2: These Regulations apply to the provision and conduct of Internet public account information services within the territory of the People’s Republic of China.

Internet public accounts as mentioned in these Regulations, refers to online accounts of Internet users registered and operated on Internet sites, application software and other such online platforms, to produce and disseminate written, pictorial, audiovisual and other such information content to the social public.

public account platform as mentioned in these Regulations, refers to online information service providers providing public account registration and operation, information content dissemination and technical protection services to Internet users.

Public account producers and operators as mentioned in these Regulations, refers to natural persons, legal persons and non-legal person organizations registering and operating public accounts and engaging in content dissemination. 

Article 3: The national cybersecurity and informatization department is responsible for Internet public account information service supervision, management and law enforcement work nationwide. Local cybersecurity and informatization departments are, according to their duties and responsibilities, responsible for Internet public account information service supervision, management and law enforcement work within their administrative areas.

Article 4: Public service information service platforms and public account producers and operators shall abide by laws and regulations, fulfil social responsibilities and moral responsibilities, uphold the correct public opinion orientation and value orientation, carry forward the Socialist core value view, produce and disseminate healthy and upward, true and objective excellent information content, create a crisp and bright cyberspace, and stimulate progress of society and civilization. 

All levels’ Party and government bodies, enterprise and undertaking work units, and people’s organizations are encouraged to register and operate public accounts, produce and disseminate high-quality government affairs information or public service information, satisfying public information demand, and promoting economic and social development.

Public service information service platforms are encouraged to vigorously enhance government affairs information publication, public service and social government levels for Party and government bodies, enterprise and undertaking work units, and people’s organizations, provide full and necessary technical support and security protection.

Article 5: Public account information service platforms providing Internet public account information services, shall obtain corresponding qualifications as provided in national laws and regulations.

Public service information service platforms and public account producers and operators shall obtain an Internet news information service licence to provide Internet news information services to the social public.

Chapter II: Public service information service platforms

Article 6: Public service information service platforms shall bear dominant responsibility for information content and public account management, allocate management personnel and technical capabilities suited to the business scale, appoint persons to position responsible for content security, establish, complete and strictly implement management structures for account registration, content examination and verification, information inspection, ecological governance, emergency response, cybersecurity, data security, personal information protection, copyright protection, credit evaluation, etc., and uphold the security of the platform’s information content and public accounts, and the security of data and personal information. 

Public service information service platforms shall, on the basis of relevant laws and regulations and relevant State provisions, formulate and publish management norms and platform conventions for information content production, public account operations, etc., and conclude service agreements with public account producers and operators, clarifying both sides’ content dissemination limitations, account management responsibilities and other such rights and obligations. 

Article 7: Public service information service platforms shall, according to relevant national standards and norms, establish categorized public account registration and categorized production structures, implement categorized management, and file the matter with the provincial, autonomous region or municipal cybersecurity and informatization department of the locality of the public account.

Public service information service platforms shall, on the basis of indicators and dimensions such as an account’s information content quality, the credit evaluation of the account’s subject, etc., establish tiered management structures, and implement tiered account management. 

Public service information service platforms formulating content production and account operations management norms, platform conventions and other such important structures and measures shall file them with the local provincial, autonomous region or municipal cybersecurity and informatization department; when bringing related new technologies, new applications or new functions online, they shall conduct a security assessment according to relevant regulations. 

Article 8: Public service information service platforms shall adopt measures such as composite verification, etc., to conduct real identity information authentication  of Internet users applying to register for a public account, based on mobile telephone number, resident identity card number or unified social credit code and other such methods, and raise the accuracy of authentication. Where users do not provide real identity information, or improperly use real identity information of organizations, bodies or other persons to conduct a false registration, no related service may be provided to them.

Public service information service platforms shall conduct inspection of the legal and regulatory compliance of public account names, portraits, bios, etc. of public accounts registered by Internet users, where they discover an account name, portrait or bio does not conform to the subject’s real identity information, and especially where they use or link to Party or government bodies, enterprise and undertaking work units and other such organizations and bodies or well-known social personalities without authorization, as well as where the corresponding registration information contains unlawful or harmful information, they shall suspend the provision of services and notify the user to correct matters within a limited time, where these refuse to correct the matter, the provision of services shall be terminated.

Public service information service platforms shall prohibit public accounts closed according to the law or to the convention to re-register under a similar name; where an account name with a high degree of connectedness to them is registered, the real identity information, service qualifications, etc. of the account subject shall also be subject to necessary checks.

Article 9: Public service information service platforms shall require public accounts applying to register and engage in the production of information content in areas such as economics, education, health, judicial affairs, etc., require users to provide their specialized background at the time of registration, as well as corresponding materials to prove professional qualifications or service qualifications they have acquired according to laws and administrative regulations, and conduct the necessary checks.

Public service information service platforms shall add a special symbol to public accounts after they are checked and passed, and according to the different subject nature of the user, externally announce content production categories, the name of operating subjects, the registered business address, uniform social credit code, contact method and other such registration information, to facilitate social supervision and inspection. 

Public service information service platforms shall establish dynamic checking and inspection structures, and at suitable times check the veracity and validity of registration information of producers and operators. 

Article 10: Public service information service platforms shall set reasonable upper limits to the number of registered public accounts of the same subject on their platform.  Where users apply to register for multiple public accounts, their subject nature, service qualifications, business scope, credit evaluation etc. shall also be checked.

Public service information service platforms may, on the basis of the service agreement suspend or terminate provision of services to public accounts who have not logged on or have been used for over six months after the Internet user registered.

Public service information service platforms shall complete technical measures to prevent and deal with unlawful registration acts by Internet users such as registration in excess of quota, malicious registration, false registration, etc.

Article 11: Public service information service platforms shall, according to the law and the convention, prohibit public account producers and operators to transfer, lend or illegally trade, sell or buy public accounts in violation of regulations. 

Where public account producers and operators transfer or donate public account use rights to other users, they shall put forward an application with the platform. The platform shall, on the basis of the provisions in the previous Paragraph, authenticate and check the user on the receiving side, and publish the subject change information. Where the platform discovers a producer or operator has transferred a public account without inspection or authorization, it shall timely suspend or terminate the provision of services.

Public account producers and operators voluntarily terminating account operations may apply with the platform for suspension or termination of use. The platform shall suspend or terminate the provision of services according to the service agreement. 

Article 12: Public service information service platforms shall establish public account supervision and assessment mechanisms, and prevent acts of falsification of account subscriptions, user following numbers, content click rates, repost or comment quantities and other such data.

Public service information service platforms shall standardize public account recommendation, subscription and following mechanisms, and complete technological measures to timely discover and deal with unusual changing circumstances in account subscription and following numbers. Without the knowledge and agreement of the Internet user, subscription and following of other users’ public accounts may not be forced.

Article 13: Public service information service platforms shall establish tiered credit management systems, and provide corresponding services on the basis of credit tiers.

Public service information service platforms shall establish and complete mechanisms to warn for, discover, trace, refute, delete and in other ways deal with online rumours and other such false information, and reduce the credit tier or blacklist public account producers and operators who produced and disseminated rumours and other such false information. 

Article 14: Public service information service platforms shall, when conducting content supply and account recommendation cooperation with producers and users, standardize commercial activities such as management of advertising and operations, knowledge payment, e-commerce sales, user gratuities, etc., they may not disseminate false advertising, conduct exaggerated propaganda, commit commercial fraud, etc., preventing operations violating laws and regulations. 

Public service information service platforms shall strengthen copyright protection of originally produced information content, preventing acts of piracy and infringement. Platforms may not abuse their advantaged position to interfere in the lawful and compliant operations of producers and operators, or infringe users’ lawful rights and interests.

Chapter III: Public account information producers and operators.

Article 15: Public account information producers and operators shall, on the basis of categorized platform management norms, at the time of registering the public account, accurately fill out user’s subject nature, registered location, business location, content production category, contact method and other such basic information, enterprises, organizations, bodies and other such Internet users shall also indicate their main activity or business scope.

Public account producers shall aide by platform management norms, platform conventions and service agreements, and engage in information content production and dissemination in the relevant sectoral area on the basis of the registered content production category indicated at the time of public account registration.

Article 16: Public account producers and operators shall bear dominant responsibility for information content production and public account operations and management, and engage in information content production and account operations and activities according to laws and regulations. 

Public account producers and operators shall establish and complete  information content security examination and verification mechanism for the entire process of topic planning, editing and production, dissemination and popularization, interactive comments, etc., strengthen gatekeeping over information content’s orientation, veracity and legality, and maintain a benign order in online communication. 

Public account information producers and operators shall establish and complete security management mechanisms for the entire process of public account registration and use, operations and popularization, etc., manage and operate the account in a civilized, rational and standardized manner, attract the public’s attention, subscription, interaction and sharing with high-quality information content, and maintain a benign social image of the account.

Article 17: Public account producers and operators shall, when reposting information content originally created by other persons, abide by copyright protection-related laws and regulations, indicate the original creator and a traceable information source, and respect and protect the lawful rights and interests of copyright holders. 

Public account producers and operators shall manage messages, posts, comments and other such interactive segments on their account. Platforms may, on the basis of the subject nature and credit tier of the public account, rationally set up management limits, and provide corresponding technological support. 

Where public account producers and operators conduct account operations, content provision and other such cooperation with third-party bodies , both sides shall conduct checks and gatekeeping of the account’s operations and activities, supplied information content, etc.

Article 18: Public account producers and operators may not commit the following acts in violation of laws and regulations:

(1) Not registering with real identity information, or registering with a public account name, portrait, bio, etc. that is not conform with one’s own real identity information;

(2) Maliciously posing as, imitating or misappropriating the public account of an organization, body or other person to produce and disseminate information content;

(3) Providing Internet news information gathering, dissemination and other such services without a licence or in excess of a licence’s scope;

(4) Manipulatively using accounts on multiple platforms, to publish batches of homogenous information content, generating false flow data, and creating false public opinion hot spots;

(5) Using sudden public incidents to incite extreme emotions and acts, or commit online violence harming the reputation of other persons and organizations, influencing social harmony and stability;

(6) Fabricating false information, counterfeiting originally-created content, quoting or concocting untrue information sources, distorting facts and truths, misleading the social public;

(7) Using paid dissemination and deletion of information and other such methods to commit illegal online surveillance, marketing frauds, extortion and blackmail, in pursuit of improper gain;

(8) Registering in batches, hoarding or illegally trading, buying and selling public accounts;

(9) Producing, reproducing or disseminating unlawful information, or not adopting measures to prevent and resist the production, reproduction or dissemination of harmful information;

(10) Other acts prohibited in laws and administrative regulations. 

Chapter IV: Supervision and management

Article 19: Public service information service platforms shall strengthen supervision and management of public service information service activities, and timely discover and deal with information or activities violating laws and regulations. 

Public service information service platforms shall, on the basis of service agreements and platform conventions, adopt measures to deal with public accounts violating these regulations and relegated laws and regulations including warnings and alerts, limiting account functions, suspending content renewal, ceasing advertising dissemination, closing or cancelling accounts, blacklisting, termination of re-registration, etc., preserve relevant records, and timely report the matter to cybersecurity and informatization and other such relevant competent department. 

Article 20: Public service information service platforms and producers and operators shall consciously accept social supervision.

Public service information service platforms shall set up eye-catching and convenient reporting interfaces, publish appeals, complaints and reporting methods and other such information, complete reporting information acceptance, screening, handling and feed-back mechanisms, clarify handling workflows and feed-back time limits, and timely and effectively deal with complaints by producers and operators, and complaints and reports from the public.

Internet sectoral organizations are encouraged to conduct public appraisal, promote strict self-discipline of public service information service platforms and producers and operators, establish authoritative mediation mechanisms with participation from multiple sides, fairly and relationally resolve sectoral disputes, and safeguard users’ lawful rights and interests according to the law.

Article 21: All levels’ cybersecurity and informatization departments will establish and complete coordinated supervision and management work mechanisms together with relevant competent departments, to supervise and guide public service information service platforms and producers and operators to conduct related information service activities according to laws and regulations.

Public service information service platforms and producers and operators shall cooperate with relevant competent departments’ lawful conduct of supervision and inspection, and provide the necessary technical support and assistance. 

Where public service information service platforms and producers and operators violate these Regulations, cybersecurity and informatization departments and relevant competent departments will impose punishment according to relevant laws and regulations within their scope of duties and responsibilities.

Article 22: These Regulations take effect on (day, month) 2020.

互联网用户公众账号信息服务管理规定(修订草案征求意见稿)

第一章 总则
第一条 为规范互联网用户公众账号信息服务,维护国家安全和公共利益,保护公民、法人和其他组织的合法权益,根据《中华人民共和国网络安全法》《互联网信息服务管理办法》《网络信息内容生态治理规定》等法律法规和国家有关规定,制定本规定。

第二条 在中华人民共和国境内提供、从事互联网用户公众账号信息服务,应当遵守本规定。

本规定所称互联网用户公众账号,是指互联网用户在互联网站、应用程序等网络平台注册运营,面向社会公众生产发布文字、图片、音视频等信息内容的网络账号。

本规定所称公众账号信息服务平台,是指为互联网用户提供公众账号注册运营、信息内容发布与技术保障服务的网络信息服务提供者。

本规定所称公众账号生产运营者,是指注册运营公众账号从事内容生产发布的自然人、法人或非法人组织。

第三条 国家网信部门负责全国互联网用户公众账号信息服务的监督管理执法工作。地方网信部门依据职责负责本行政区域内互联网用户公众账号信息服务的监督管理执法工作。

第四条 公众账号信息服务平台和公众账号生产运营者应当遵守法律法规,履行社会责任、道德责任,坚持正确舆论导向、价值取向,弘扬社会主义核心价值观,生产发布健康向上、真实客观的优质信息内容,营造清朗网络空间,促进社会文明进步。

鼓励各级党政机关、企事业单位和人民团体注册运营公众账号,生产发布高质量政务信息或公共服务信息,满足公众信息需求,推动经济社会发展。

鼓励公众账号信息服务平台积极为党政机关、企事业单位和人民团体提升政务信息发布、公共服务和社会治理水平,提供充分必要的技术支持和安全保障。

第五条 公众账号信息服务平台提供互联网用户公众账号信息服务,应当取得国家法律法规规定的相关资质。

公众账号信息服务平台和公众账号生产运营者向社会公众提供互联网新闻信息服务,应当取得互联网新闻信息服务许可。

第二章 公众账号信息服务平台

第六条 公众账号信息服务平台应当履行信息内容和公众账号管理主体责任,配备与业务规模相适应的管理人员和技术能力,设置内容安全负责人岗位,建立健全并严格落实账号注册、内容审核、信息巡查、生态治理、应急处置、网络安全、数据安全、个人信息保护、著作权保护、信用评价等管理制度,维护平台信息内容与公众账号安全、数据和个人信息安全。

公众账号信息服务平台应当依据相关法律法规和国家有关规定,制定并公开信息内容生产、公众账号运营等管理规则、平台公约,与公众账号生产运营者签订服务协议,明确双方内容发布权限、账号管理责任等权利义务。

第七条 公众账号信息服务平台应当按照国家有关标准和规范,建立公众账号分类注册和分类生产制度,实施分类管理,并将公众账号向所在地省、自治区、直辖市网信部门备案。

公众账号信息服务平台应当依据账号信息内容质量、账号主体信用评价等指标维度,建立分级管理制度,实施账号分级管理。

公众账号信息服务平台制定内容生产与账号运营管理规则、平台公约等重要制度措施,应当向所在地省、自治区、直辖市网信部门备案;上线相关新技术新应用新功能,应当按照有关规定进行安全评估。

第八条 公众账号信息服务平台应当采取复合验证等措施,对申请注册公众账号的互联网用户进行基于移动电话号码、居民身份证号码或统一社会信用代码等方式的真实身份信息认证,提高认证准确率。用户不提供真实身份信息的,或冒用组织机构、他人真实身份信息进行虚假注册的,不得为其提供相关服务。

公众账号信息服务平台应当对互联网用户注册的公众账号名称、头像和简介等进行合法合规性核验,发现账号名称、头像和简介与注册主体真实身份信息不相符的,特别是擅自使用或关联党政机关、企事业单位等组织机构或社会知名人士名义的,以及相关注册信息含有违法和不良信息的,应当暂停提供服务并通知用户限期改正,拒不改正的,应当终止提供服务。

公众账号信息服务平台应当禁止被依法依约关闭的公众账号以相同账号名称重新注册;对注册与其关联度高的账号名称,还应当对账号主体真实身份信息、服务资质等进行必要核验。

第九条 公众账号信息服务平台对申请注册从事经济、教育、卫生、司法等领域信息内容生产的公众账号,应当要求用户在注册时提供其专业背景,以及依照法律、行政法规获得的职业资格或服务资质等相关证明材料,并进行必要核验。

公众账号信息服务平台应当对核验通过后的公众账号加注专门标识,并根据用户的不同主体性质,对外公示内容生产类别、运营主体名称、注册运营地址、统一社会信用代码、联系方式等注册信息,方便社会监督查询。

公众账号信息服务平台应当建立动态核验巡查制度,适时核验生产运营者注册信息的真实性、有效性。

第十条 公众账号信息服务平台应当对同一主体在本平台注册公众账号的数量合理设定上限。对申请注册多个公众账号的用户,还应当对其主体性质、服务资质、业务范围、信用评价等进行核验。

公众账号信息服务平台对互联网用户注册后超过六个月不登录、不使用的公众账号,可以根据服务协议采取暂停或终止提供服务。

公众账号信息服务平台应当健全技术手段,防范和处置互联网用户超限量注册、恶意注册、虚假注册等违规注册行为。

第十一条 公众账号信息服务平台应当依法依约禁止公众账号生产运营者违规转让借用或者非法交易买卖公众账号。

公众账号生产运营者向其他用户转让或赠与公众账号使用权的,应当向平台提出申请。平台应当依据前款规定对受让方用户进行认证核验,并公示主体变更信息。平台发现生产运营者未经审核擅自转让公众账号的,应当及时暂停或终止提供服务。

公众账号生产运营者自行停止账号运营,可以向平台申请暂停或终止使用。平台应当按照服务协议暂停或终止提供服务。

第十二条 公众账号信息服务平台应当建立公众账号监测评估机制,防范账号订阅数、用户关注度、内容点击率、转发评论量等数据造假行为。

公众账号信息服务平台应当规范公众账号推荐订阅关注机制,健全技术手段,及时发现、处置账号订阅关注数量的异常变动情况。未经互联网用户知情同意,不得强制订阅关注其他用户公众账号。

第十三条 公众账号信息服务平台应当建立信用等级管理体系,根据信用等级提供相应服务。

公众账号信息服务平台应当建立健全网络谣言等虚假信息预警、发现、溯源、甄别、辟谣、消除等处置机制,对制作发布谣言等虚假信息的公众账号生产运营者降低信用等级或列入黑名单。

第十四条 公众账号信息服务平台与生产运营者开展内容供给与账号推广合作,应当规范管理广告经营、知识付费、电商销售、用户打赏等经营行为,不得发布虚假广告、进行夸大宣传、实施商业欺诈等,防止违法违规运营。

公众账号信息服务平台应当加强对原创信息内容的著作权保护,防范盗版侵权行为。平台不得滥用优势地位干扰生产运营者合法合规运营、侵犯用户合法权益。

第三章 公众账号生产运营者

第十五条 公众账号生产运营者应当根据平台分类管理规则,在注册公众账号时如实填写用户主体性质、注册地、运营地、内容生产类别、联系方式等基本信息,企业、组织机构等互联网用户还应当注明主要经营或业务范围。

公众账号生产运营者应当遵守平台管理规则、平台公约和服务协议,根据公众账号注册时登记的内容生产类别,从事相关行业领域的信息内容生产发布。

第十六条 公众账号生产运营者应当履行信息内容生产与公众账号运营管理主体责任,依法依规从事信息内容生产和账号运营活动。

公众账号生产运营者应当建立健全选题策划、编辑制作、发布推广、互动评论等全过程信息内容安全审核机制,加强信息内容导向性、真实性、合法性把关,维护网络传播良好秩序。

公众账号生产运营者应当建立健全公众账号注册使用、运营推广等全过程安全管理机制,文明理性、规范管理运营账号,以优质信息内容吸引公众关注订阅和互动分享,维护账号良好社会形象。

第十七条 公众账号生产运营者转载他人原创信息内容,应当遵守著作权保护相关法律法规,标注原创作者和可追溯信息来源,尊重和保护著作权人的合法权益。

公众账号生产运营者应当对账号留言、跟帖、评论等互动环节进行管理。平台可以根据公众账号的主体性质、信用等级,合理设置管理权限,提供相关技术支持。

公众账号生产运营者与第三方机构开展账号运营、内容供给等合作,双方均应当对账号运营行为、供给的信息内容等进行审核把关。

第十八条 公众账号生产运营者不得有下列违法违规行为:

(一)不以真实身份信息注册,或注册与自身真实身份信息不相符的公众账号名称、头像、简介等;

(二)恶意假冒、仿冒或盗用组织机构及他人公众账号生产发布信息内容;

(三)未经许可或超越许可范围提供互联网新闻信息采编发布等服务;

(四)操纵利用多个平台账号,批量发布同质信息内容,生成虚假流量数据,制造虚假舆论热点;

(五)借突发公共事件煽动极端情绪行为,或实施网络暴力损害他人和组织名誉,影响社会和谐稳定;

(六)编造虚假信息,伪造原创内容,引用或捏造不实信息来源,歪曲事实真相,误导社会公众;

(七)以有偿发布、删除信息等手段,实施非法网络监督、营销诈骗、敲诈勒索,牟取不当利益;

(八)批量注册、囤积或非法交易买卖公众账号;

(九)制作、复制、发布违法信息,或未采取措施防范和抵制制作、复制、发布不良信息;

(十)法律、行政法规禁止的其他行为。

第四章 监督管理

第十九条 公众账号信息服务平台应当加强对本平台公众账号信息服务活动的监督管理,及时发现和处置违法违规信息或行为。

公众账号信息服务平台应当依据服务协议和平台公约,对违反本规定及相关法律法规的公众账号采取警示提醒、限制账号功能、暂停内容更新、停止广告发布、关闭注销账号、列入黑名单、禁止重新注册等处置措施,保存有关记录,并及时向网信等有关主管部门报告。

第二十条 公众账号信息服务平台和生产运营者应当自觉接受社会监督。

公众账号信息服务平台应当设置醒目、便捷举报入口,公布申诉、投诉、举报方式等信息,健全举报信息受理、甄别、处置、反馈等机制,明确处理流程和反馈时限,及时有效处理生产运营者申诉和公众投诉举报。

鼓励互联网行业组织开展公众评议,推动公众账号信息服务平台和生产运营者严格自律,建立多方参与的权威调解机制,公平合理解决行业纠纷,依法维护用户合法权益。

第二十一条 各级网信部门会同有关主管部门建立健全协作监管等工作机制,监督指导公众账号信息服务平台和生产运营者依法依规从事相关信息服务活动。

公众账号信息服务平台和生产运营者对有关主管部门依法实施的监督检查,应当予以配合,并提供必要的技术支持与协助。

公众账号信息服务平台和生产运营者违反本规定的,由网信部门和有关主管部门在职责范围内依照相关法律法规处理。

第二十二条 本规定自2020年 月 日起施行。

Determination Rules on Acts of Collecting and Using Personal Information in Violation of Rules and Regulations in Apps

Posted on Updated on

Notice concerning Issuance of the “Determination Rules on Acts of Collecting and Using Personal Information in Violation of Rules and Regulations in Apps”

All provincial, autonomous region, municipal and the Xinjiang Production-Construction Corps cybersecurity and informatization offices, telecommunications management bureaus, public security offices (bureaus), market supervision and management bureaus (offices, committees):

On the basis of the “Announcement concerning a Special Campaign on Collection and Use of Personal Information in Violation of Rules and Regulations in Apps”, in order to provide reference for the determination of acts of collecting and using personal information in violations of rules and regulations in apps, implement laws and regulations such as the “Cybersecurity Law”, etc., the Cyberspace Administration of China, Ministry of Industry and Information Technology, Ministry of Public Security, and State Administration of Market Regulation have jointly formulated the “Determination Rules on Acts of Collecting and Using Personal Information in Violation of Rules and Regulations in Apps”. These are hereby issued to you, please refer to and implement them in integration with supervision, management and law enforcement work realities.

Cyberspace Administration of China Secretariat

Ministry of Industry and Information Technology General Office

Ministry of Public Security General Office

State Administration for Market Regulation General Office

28 November 2019

Determination Rules on Acts of Collecting and Using Personal Information in Violation of Rules and Regulations in Apps

On the basis of the “Announcement concerning a Special Campaign on Collection and Use of Personal Information in Violation of Rules and Regulations in Apps”, in order to provide reference for the determination of acts of collecting and using personal information in violations of rules and regulations in apps, provide guidance for app operators’ self-inspection and self-rectification as well as netizens’ social supervision, and implement laws and regulations such as the “Cybersecurity Law”, these Rules are formulated.

I, The following acts may be determined as “not publishing collection and use norms”

1. There is no privacy policy in the app, or the privacy policy does not contain norms on the collection and use of personal information;

2. When using the app for the first time, users are not prompted to read privacy policies and other such norms on collection and use through a pop-up window and other such clear methods

3. The privacy policy and other such collection and use norms are difficult to access, for instance when after entering the app’s main interface, 4 clicks or other such manipulations are required before it can be accessed;

4. The privacy policy and other such collection and use norms are difficult to read, for instance because characters are too small and closely spaced, colours are too light, they are blurred and unclear, or no simplified Mandarin version is provided.

II, The following acts may be determined as “not indicating the objective, method and scope of collecting and using personal information”

1. Not listing the objective, method and scope of personal information collection and use in the app (including entrusted third parties or embedded third-party code and plug-ins) one by one;

2. When a change occurs in the objective, method and scope of personal information collection and use, not notifying the user in an appropriate manner, appropriate manners include revising the privacy policy and other such collection and use norms and alerting the user to read it;

3. When requesting to activate authorization of collectable personal information, or requesting to collect users’ identity card number, bank account number, geographical tracking and other such sensitive personal information, not simultaneously notifying the user about its objective, or having an unclear or difficult to understand objective.

4. Content related to collection and use norms is obscure and difficult to understand, verbose and overly detailed, which is difficult for users to understand, for instance using large amounts of specialist jargon, etc.

III, The following acts may be determined as “collecting and using personal information without users’ consent”

1. Beginning to collect personal information or activating authorizations for collectable information before obtaining users’ consent;

2. After users clearly indicate they do not consent, still collecting personal information or activating up collectable personal information authorizations, or frequently obtaining users’ consent, interfering with users’ regular use;

3. Actually collecting personal information or activating collectable personal information authorizations in excess of the scope of user authorization;

4. Obtaining users’ consent by way of implicit agreement to privacy policies and other non-explicit methods;

5. Altering the status of collectable personal information authorizations they have set up without users’ consent, for instance automatically restoring user-set up authorization to implicit approval status when updating an app;

6. Using users’ personal information and algorithms to direct push delivery information, without providing an option for non-targeted push delivery information;

7. Misleading users through fraudulent, swindling and other such improper methods into consenting to personal information collection or the activation of collectable personal information authorizations, for instance wilfully hoodwinking or covering up the true objective for the collection of users’ personal information;

8. Not providing users with a way and method to revoke consent for personal information collection;

9. Collecting users’ personal information in violation of the announced collection and use norms. 

IV, The following acts may be determined as “collecting personal information in violation of the principle of necessity, that is not related to the provided service”

1.  Collected categories of personal information or activated collectable personal information authorizations are not related to the existing business functions;

2. Refusing to provide business functions because users do not consent to the collection of unnecessary personal information or the activation of unnecessary authorizations;

3.  Requesting the collection of personal information in excess of the scope the user originally consented to when adding new business functions to the app, refusing to provide the original business functions if the user does not agree, except where the newly added business function supersedes the original business function;

4. The frequency of personal information collection exceeds the actual needs of business functions;

5. Obliging he user to consent to personal information collection for only the purpose of improving of service quality, enhancing user experience, targeting push delivery information, researching and developing new products, etc., 

6. Requiring users to consent once to activating multiple collectable personal information authorizations, where use is impossible if users do not consent.

V, The following acts may be determined as “providing personal information to others without consent”

1. Providing personal information directly from the app customer end to third parties both without user content, and without anonymized processing, including providing personal information to third parties through methods such as embedding third-party code or plug-in components at the customer end, etc.;

2. Providing collected personal information to third parties after data is transmitted to the app’s back-end servers both without user content, and without anonymized processing;

3. Even if functions are provided to correct and delete personal information and cancel user accounts, not timely responding to user’s corresponding operations, requiring manual processing, not completing examination and processing within the committed time limits (the committed time limit may not exceed 15 working days, where there is not committed time limit, 15 working days are taken as limit);

4. Where the executing of correction or deletion of personal information, the cancellation of user accounts and other such user operations has been completed, but it is not completed at the app back-end;

5. Not establishing and publishing personal information security complaints and reporting channels, or not accepting and processing matters within the committed time limits (the committed time limit may not exceed 15 working days, where there is not committed time limit, 15 working days are taken as limit).

关于印发《App违法违规收集使用个人信息行为认定方法》的通知
各省、自治区、直辖市及新疆生产建设兵团网信办、通信管理局、公安厅(局)、市场监管局(厅、委):
  根据《关于开展App违法违规收集使用个人信息专项治理的公告》,为认定App违法违规收集使用个人信息行为提供参考,落实《网络安全法》等法律法规,国家互联网信息办公室、工业和信息化部、公安部、市场监管总局联合制定了《App违法违规收集使用个人信息行为认定方法》。现印发你们,请结合监管和执法工作实际参考执行。
国家互联网信息办公室秘书局
工业和信息化部办公厅
公安部办公厅
市场监管总局办公厅
  2019年11月28日
App违法违规收集使用个人信息行为认定方法
  根据《关于开展App违法违规收集使用个人信息专项治理的公告》,为监督管理部门认定App违法违规收集使用个人信息行为提供参考,为App运营者自查自纠和网民社会监督提供指引,落实《网络安全法》等法律法规,制定本方法。
  一、以下行为可被认定为“未公开收集使用规则”
  1.在App中没有隐私政策,或者隐私政策中没有收集使用个人信息规则;
  2.在App首次运行时未通过弹窗等明显方式提示用户阅读隐私政策等收集使用规则;
  3.隐私政策等收集使用规则难以访问,如进入App主界面后,需多于4次点击等操作才能访问到;
  4.隐私政策等收集使用规则难以阅读,如文字过小过密、颜色过淡、模糊不清,或未提供简体中文版等。
  二、以下行为可被认定为“未明示收集使用个人信息的目的、方式和范围”
  1.未逐一列出App(包括委托的第三方或嵌入的第三方代码、插件)收集使用个人信息的目的、方式、范围等;
  2.收集使用个人信息的目的、方式、范围发生变化时,未以适当方式通知用户,适当方式包括更新隐私政策等收集使用规则并提醒用户阅读等;
  3.在申请打开可收集个人信息的权限,或申请收集用户身份证号、银行账号、行踪轨迹等个人敏感信息时,未同步告知用户其目的,或者目的不明确、难以理解;
  4.有关收集使用规则的内容晦涩难懂、冗长繁琐,用户难以理解,如使用大量专业术语等。
  三、以下行为可被认定为“未经用户同意收集使用个人信息”
  1.征得用户同意前就开始收集个人信息或打开可收集个人信息的权限;
  2.用户明确表示不同意后,仍收集个人信息或打开可收集个人信息的权限,或频繁征求用户同意、干扰用户正常使用;
  3.实际收集的个人信息或打开的可收集个人信息权限超出用户授权范围;
  4.以默认选择同意隐私政策等非明示方式征求用户同意;
  5.未经用户同意更改其设置的可收集个人信息权限状态,如App更新时自动将用户设置的权限恢复到默认状态;
  6.利用用户个人信息和算法定向推送信息,未提供非定向推送信息的选项;
  7.以欺诈、诱骗等不正当方式误导用户同意收集个人信息或打开可收集个人信息的权限,如故意欺瞒、掩饰收集使用个人信息的真实目的;
  8.未向用户提供撤回同意收集个人信息的途径、方式;
  9.违反其所声明的收集使用规则,收集使用个人信息。
  四、以下行为可被认定为“违反必要原则,收集与其提供的服务无关的个人信息”
  1.收集的个人信息类型或打开的可收集个人信息权限与现有业务功能无关;
  2.因用户不同意收集非必要个人信息或打开非必要权限,拒绝提供业务功能;
  3.App新增业务功能申请收集的个人信息超出用户原有同意范围,若用户不同意,则拒绝提供原有业务功能,新增业务功能取代原有业务功能的除外;
  4.收集个人信息的频度等超出业务功能实际需要;
  5.仅以改善服务质量、提升用户体验、定向推送信息、研发新产品等为由,强制要求用户同意收集个人信息;
  6.要求用户一次性同意打开多个可收集个人信息的权限,用户不同意则无法使用。
  五、以下行为可被认定为“未经同意向他人提供个人信息”
  1.既未经用户同意,也未做匿名化处理,App客户端直接向第三方提供个人信息,包括通过客户端嵌入的第三方代码、插件等方式向第三方提供个人信息;
  2.既未经用户同意,也未做匿名化处理,数据传输至App后台服务器后,向第三方提供其收集的个人信息;
  3.App接入第三方应用,未经用户同意,向第三方应用提供个人信息。
  六、以下行为可被认定为“未按法律规定提供删除或更正个人信息功能”或“未公布投诉、举报方式等信息”
  1.未提供有效的更正、删除个人信息及注销用户账号功能;
  2.为更正、删除个人信息或注销用户账号设置不必要或不合理条件;
  3.虽提供了更正、删除个人信息及注销用户账号功能,但未及时响应用户相应操作,需人工处理的,未在承诺时限内(承诺时限不得超过15个工作日,无承诺时限的,以15个工作日为限)完成核查和处理;
  4.更正、删除个人信息或注销用户账号等用户操作已执行完毕,但App后台并未完成的;
  5.未建立并公布个人信息安全投诉、举报渠道,或未在承诺时限内(承诺时限不得超过15个工作日,无承诺时限的,以15个工作日为限)受理并处理的。

Personal Information Protection Law (Expert Suggestion Draft)

Posted on Updated on

Editorial note:

This suggestion draft is one of the outcomes of the National Social Science Fund Major Project “Important Legislative Questions for Internet Security” (14ZDC021) at Renmin University of China Law School, of which Professor Zhang Xinbao is lead expert, its objective is to provide reference for legislation, its authors are Zhang Xinbao and Ge Xin. On deficiencies in the suggestion draft, the submission of valuable opinions and suggestions is welcomed, to be sent to gexinde@126.com. After further revision and perfection, the suggestion draft and statement of grounds for legislation will be published in the near future by Renmin University of China Press, further attention is respectfully invited. Read the rest of this entry »

Management Rules for Credit Information of Gravely Untrustworthy Subjects in Internet Information Services (Opinion-seeking Draft)

Posted on Updated on

Article 1: In order to stimulate the construction of credit in the Internet information services area, ensure the lawful rights and interests of citizens, legal persons and other organizations, on the basis of the “Cybersecurity Law of the People’s Republic of China”, the “Planning Outline for the Construction of a Social Credit System”, the “State Council Guiding Opinions concerning Establishment and Perfection of Joint Incentive Structures for the Trustworthy and Joint Punishment Structures for the Untrustworthy, and Accelerating the Advance of Social Credit Construction”, the “State Council General Office Guiding Opinions concerning Accelerating the Advance of Social Credit System Construction and Building Novel Management Mechanisms Based on Credit” and the “State Council Notice  concerning Authorizing the Cyberspace Administration of China to Take Responsibility for Internet Information Content Management Work”, these Rules are formulated. Read the rest of this entry »

State Council General Office Guiding Opinions concerning Accelerating the Advance of Social Credit System Construction and Building Credit-Based Novel Supervision and Management Mechanisms

Posted on Updated on

GBF No. (2019)35

All provincial, autonomous region and municipal People’s Governments, all State Council Ministries and Commissions, all directly subordinate bodies:

In order to strengthen the construction of the social credit system, deeply advance the “release, management and service” reform, further give rein to the fundamental role of credit in innovating supervision and management mechanisms, raising supervision and management capacities and levels, even better incite the vigour of market subjects, and promote high-quality development, with the agreement of the State Council, the following Opinions are hereby put forward.

I, General requirements.

With Xi Jinping Thought on Socialism with Chinese characteristics for a new era as guidance, deeply implement the spirit of the 19th Party Committee and its 2nd and 3rd Plenums, according to the basic principles of acting according to laws and regulations, reform and innovation, coordinated and joint governance, with strengthening credit supervision and management as rallying points, innovate supervision and management concepts, supervision and management structures, and supervision and management methods, establish and complete novel supervision and management methods running throughout the whole lifecycle of market subjects, connecting supervision and management links ex ante, ad interim and ex post, incessantly enhance supervision and management capabilities and levels, further standardize market order, optimize the commercial environment, and promote high-quality development.

II, Innovating credit supervision and management in the ex-ante link

(1) Establishing and completing credit commitment structures. When handling administrative licencing affairs using credit commitment structures, where applicants’ commitments conform to approval conditions and they have submitted the relevant materials, this shall be handled immediately. Where applicants’ credit situation is relatively good, and a part of the application materials is incomplete but they commit in writing to provide this within the provided time period, they shall be accepted with priority, and the handling process is to be accelerated. The circumstances of honouring written commitments will be entered into credit records, to act as an important basis for ad interim and ex post supervision and management, applicants not honouring them will be subject to punishment in view of the circumstances. We must accelerate combing through administrative licensing items amenable to the introduction of credit commitments, formulate credit commitment letters with standardized templates, and rely on all levels’ credit portal websites to publish them. Market subjects are encouraged to actively issue credit commitments to society. Sectoral associations and chambers of commerce are supported in the establishment and completion of intra-sector credit commitment structures, strengthening sectoral self-discipline. (All localities and all departments are respectively responsible according to their duties)

(2) Exploring the introduction of business people’s pre-access sincerity education. Fully utilized all levels’ and all categories’ government service windows, to broadly launch education on legal compliance and sincerity among market subjects. When handling work related to registration, examination and approval, filing, etc. for market subjects, timely introduce standardized, regularized and convenient legal knowledge and credit knowledge education, raising business people’s consciousness on doing business according to the law and sincerely. The launch of credit education must not be fee-paying, and must also not be a necessary condition for market access. (All localities and all departments are respectively responsible according to their duties)

(3) Vigorously expand credit reporting applications. All kinds of market subjects are encouraged to more broadly and actively use credit reports in their production and commercial activities. In processes such as government procurement, tendering and bidding, administrative examination and approval, market access, credential verification, etc., fully give rein to the role of credit reports issues by public credit service bodies and third-party credit service bodies. Explore the establishment of nationwide uniform credit report standards, promote cross-regional mutual recognition of credit report results. (NDRC, PBoC take the lead, all localities and all departments are respectively responsible according to their duties)

III, Strengthening credit supervision and management in the ad interim segment

(4) Comprehensively establish market subject credit records. Establish credit information collection catalogues on the basis of lists of powers and responsibilities, timely, accurately and comprehensively record market subjects’ credit activities in the process of handing registration, qualification verification, daily supervision and management,  public service, etc., especially file and record untrustworthiness records, ensure that these can be consulted, verified and traced. ((All localities and all departments are respectively responsible according to their duties). Perfect uniform social credit code structures for legal persons and non-legal person organizations, use the uniform social credit code as a marker to integrate and shape integrated market subject credit records, and publish these according to laws and regulations through channels such as the “Credit China” website, he national enterprise credit information publication system or the China governmental web, as well as other related portal websites. Complete the 12315 market supervision and management complaint reporting hotline and informatized platform integration work, forcefully launch consumer complaints publication, stimulate businesspeople to implement their leading responsibility for consumer rights defence. (NDRC takes the lead, all departments are respectively responsible according to their duties).

(5) Establishing and completing voluntary credit information registration mechanisms. Encourage market subjects to voluntarily register credit information on qualifications and licences, market operations, contract fulfilment, social welfare, etc. on the “Credit China” website or other channels, to make public credit commitments concerning the veracity of the information, authorize the website to integrate, share and apply corresponding information.  Verified voluntarily registered information may be an important basis to conduct credit evaluation and generate credit reports. (NDRC takes the lead, all departments are respectively responsible according to their duties.

(6)  Deeply conducting comprehensive credit evaluation. The nationwide credit information sharing platforms must strengthen coordination and cooperation with relevant departments, integrate all kinds of credit information according to laws and regulations, conduct full-coverage, standardized, and public interest-type comprehensive public credit evaluation of market subjects, regularly report evaluation results to corresponding government department, financial bodies, sectoral associations and chambers of commerce for reference and use, and publish them to society according to relevant regulations. Promote relevant departments’ use of comprehensive public credit evaluation results, integrate departmental and sectoral management data, establish sectoral credit evaluation models, and provide ever more accurate bases for credit supervision and management. (NDRC takes the lead, all departments are respectively responsible according to their duties)

(7) Forcefully advancing tiered and categorized credit supervision and management. Divide supervision and management across tiers and categories on the basis of fully grasping credit information, and comprehensively deliberating the situation of credit, and on the basis of comprehensive public credit evaluation results and sectoral credit evaluation results, etc., and adopt differentiated supervision and management measures based on the height of the credit tier. “Double random and one public” supervision and management must be integrated with credit tiers, the proportion and frequency of spot checks may be reasonably lowered for market subjects with relatively good credit and relatively low risk, reducing influence to their regular production and operations; for market subjects with ordinary credit risks, spot checks are conducted with conventional proportions and frequencies; for law-breaking, untrustworthy, and relatively high-risk market subjects the proportion and frequency of spot checks will be appropriately increased, implementing strict management and punishment according to laws and regulations. (All localities and all departments are respectively responsible according to their duties)

IV, Perfecting credit supervision and management in the ex-post segment

(8) Completing determination mechanisms for the counterparts for joint punishment for trust-breaking. Relevant departments will establish and complete name list systems for the counterparts of joint punishment for trustworthiness according to laws and regulations, on the basis of untrustworthiness records obtained and determined during the ex ante and interim supervision and management segments. Market subjects with unlawful and untrustworthy acts of a malicious nature, with grave circumstances and relatively large social harm will be listed on the name list for joint punishment counterparts for untrustworthy acts according to procedure and on the basis of corresponding judicial verdicts, administrative punishments, administrative coercive measures, etc. Accelerate the perfection of relevant management rules, clarify determination bases, standards, procedures, dissent appeals and withdrawal mechanisms. For the formulation of management rules, the opinions from the social public must be fully solicited, and published standards and their concrete determination procedures will be made published to society in an appropriate manner. Relevant departments will be supported to establish name list systems for focus attention targets on the basis of requirement, for market subjects where untrustworthy acts exist but the degree of gravity has not reached the determination standard for joint punishment of untrustworthiness, it is permitted to implement strict supervision measures corresponding to the degree of their untrustworthiness. (All departments are respectively responsible according to their duties)

(9) Supervising rectification of untrustworthy market subjects within a limited time. Untrustworthy market subjects shall earnestly rectify matters within the provided time limits; where the rectification is insufficient, the determining department will initiate procedures for prompting talks or warning talks according to laws and regulations, according to the principle of “who determines, has the talk”, and supervise untrustworthy market subjects’ fulfilment of related duties and deletion of the harmful influence. Talk records are included into the credit record of the untrustworthy market subject, and are entered into the national credit information sharing platform after uniform collection. Forcefully advance special campaigns on untrustworthiness issues in focus areas, and adopt powerful and effective measures to accelerate the progress of rectification. (All departments are respectively responsible according to their duties)

(10) Deeply conducting joint punishment for untrustworthiness. Accelerate the construction of cross-regional, cross-sectoral, and cross-area joint punishment mechanisms for untrustworthiness, and resolve the problem that untrustworthy acts emerge repeatedly, or emerge in other areas at the roots. Establish joint punishment measure lists according to laws and regulations, dynamically renew them and publish them to society, and create a large structure for joint punishment for untrustworthiness with multi-barrelled roles for administrative, market and sectoral punishment measures, and broad participation from social forces. Focus on implementing punishment measures for untrustworthiness with great punitive strength and good supervision and management effects, including constraining targets of joint punishment for untrustworthiness according to laws and regulations from issuing shares, tendering and bidding, applying for funding projects from the finance administration, enjoying fiscal preferences and other such administrative punishment measures, restrict them from obtaining credit lines, traveling on aircraft, traveling on high-grade trains and seats and other such market punishment measures, as well as reporting for criticism, public denunciation and other such administrative punishment measures. (NDRC takes the lead, all localities and all departments are respectively responsible according to their responsibilities)

(11) Determinedly implementing market and sector ban mechanisms according to laws and regulations. Implement strict supervision and management, and strengthen punishment with the focus on food and drug products, ecology and the environment, engineering quality, safe production, care for the elderly and children, urban operational security and other such areas directly connected with the security of the popular masses’ lives and assets. Firmly implement market and sectoral ban measures within a certain time period according to laws and regulations, even up to permanent expulsion from markets, against market subjects and their relevant responsible persons who refuse to implement a judicial verdict or an administrative punishment decision, do not improve after repeated violations, resulting in major losses. (NDRC takes the lead, all localities and all departments are respectively responsible according to their duties)

(12) Lawfully investigate liability for law-breaking and untrustworthiness. Establish and complete liability investigation mechanisms, impose untrustworthiness punishment against the legal representative or main responsible persons and actual controlling persons of  market subjects listed on the joint punishment target list for untrustworthiness according to laws and regulations, and enter corresponding untrustworthy act on their personal credit record. Where unlawful or untrustworthy conduct occurs in organize undertaking work units or State-owned enterprises, it must be reported to the higher-level competent work unit and auditing department; where unlawful or trust-breaking conduct occurs among work personnel, they must be reported to their work unit and the related discipline inspection, supervision, organization and personnel departments. (All localities and all departments are respectively responsible according to their duties)

(13) Exploring the establishment of credit recovery mechanisms. Where untrustworthy market subjects correct the untrustworthy act and eliminate harmful influence within the provided time limit, they may conduct credit recovery through methods such as issuing credit commitments, completing credit rectification, passing credit inspections, accepting specialized training, submitting credit reports, participating in public interest and charity activities, etc. After recovery is completed, all localities and all departments must timely cease the publication of their untrustworthiness reports according to procedure, and terminate the implementation of joint punishment measures. Accelerate the establishment and perfection of mechanisms for coordination and joint action, handling all affairs through one network, and provide high-efficiency and convenient credit recovery services to untrustworthy market subjects. Third-party credit service bodies meeting conditions are encouraged to provide credit reports, credit management consulting and other such services. (NDRC takes the lead, all localities and all departments are respectively responsible according to their duties) 

V, Strengthening support and safeguards for credit supervision and management

(14) Striving to enhance credit supervision and management informatization construction levels. Give full rein to the information collection and sharing role of the nationwide credit information sharing platform and the national “Internet Plus Supervision and Management” system, ensure that government departments’ credit information “is fully collected where it shall be collected”, enhance the interconnection and interaction of local credit information platforms and sectoral credit information systems, create smooth government and enterprise data circulation mechanisms, create “one network” completely covering credit information of all localities, all departments and all kinds of market subjects. Rely on the national credit information sharing platform and the national “Internet Plus Supervision and Management” system to share basic market subject information, law enforcement supervision, management and punishment information, untrustworthiness joint punishment information etc. with related departmental operations systems according to requirement, add applications in the process of credit supervision and management and other such processes, support the creation of a credit supervision and management coordination mechanism with synchronized data, uniform measures and consistent standards. (NDRC and State Council General Office take the lead, all localities and all departments are respectively responsible according to their duties)

(15) Forcefully advancing credit supervision and management information openness and publication. On the basis of integrated publication of administrative licensing and administrative punishment information, entrust the “Credit China” website, the Chinese government network and other channels with further researching and promoting the open uploading of information on administrative obligations, administrative affirmations, administrative collection, administrative fees, administrative rulings, administrative compensation, administrative rewards, administrative supervision and inspection, and other such administrative acts within seven working days, promote the publication of information in judicial verdicts and law enforcement activities related to untrustworthy persons subject to enforcement and untrustworthy persons making false complaints of whom the information should be published, ensuring that “what shall be published, is fully published”. (All localities and all departments are respectively responsible according to their duties)

(16) Fully giving rein to the supporting role of “Internet Plus” and big data in credit supervision and management. Rely on the national “Internet Plus Supervision and Management” system and other such systems to effectively integrate public credit information, market credit information, complaints reporting information and related Internet and third-party information, fully use big data, artificial and other such new-generation information technologies to realize that credit supervision and management data can be compared, processes can be traced, and issues can be monitored. All localities and all departments are encouraged to, in integration with reality, cooperate with big data bodies according to laws and regulations to exploit credit information, grasp market subjects’ business situations and the characteristics of their laws in a timely and dynamic manner. Fully use the national “Internet Plus Supervision and Management” system and other such systems to establish early risk assessment and early warning mechanisms, to discover and prevent symptomatic, cross-sectoral and cross-regional risks early. Use big data to actively discover and distinguish clues for violations of laws and regulations, effectively prevent acts violating laws and regulations harming the public interests and the security of the masses’ lives and assets. It is encouraged to enhance law enforcement supervision and management efficiency through the Internet of Things, the Internet of Vision and other such non-contact supervision and management measures to enhance the efficiency of law enforcement, supervision and management, realize the standardization, accuratization and smartification of supervision and management, reduce human factors, realize fair supervision and management, stop problems such as wilful inspections, multi-headed supervision and inspection, etc., realize “entering the door once, inspecting multiple matters”, and reduce disturbance to supervision and management targets. (State Council General Office, NDRC, State Administration of Market Regulation take the lead, all departments are respectively responsible according to their duties.

(17) Realistically strengthening the protection of  credit information security and market subjects’ rights and interests. Strictly investigate and prosecute acts where credit information is leaked or distorted in violation of regulations, or credit information is used in pursuit of private gain, etc. Strengthen the construction of basic credit information security infrastructure and security protection capabilities. Establish and complete credit information objection and complaint structures, information providing and collecting work units must as quickly as possible examine and verify information to which market subjects have raised an objection and feed back the results, information verified as containing errors must be timely corrected or deleted. Where market subjects’ lawful rights and interests were harmed after they were erroneously assigned to the untrustworthiness joint punishment target list, or untrustworthiness joint measures were erroneously adopted, relevant departments and work units must vigorously adopt measures to eliminate the harmful influence. (All localities and al departments are responsible on the basis of their duties)

(18) Vigorously guiding sectoral organizations and credit service bodies to coordinate supervision and management. Relevant department-authorized sectoral associations and chambers of commerce are supported to assist in the conduct of sectoral credit construction and credit supervision and management, sectoral associations and chambers of commerce are encouraged to establish member credit records, conduct credit commitments, credit training, sincerity propaganda, sincerity advocacy etc., make sincerity into an important component for sectoral rules and sectoral conventions, and guide their sectors in strengthening awareness about doing business lawfully and sincerely. Promote the development of information services for credit inquiry, credit grading, credit insurance, credit guarantees, contract fulfilment guarantees, credit management consulting and training, etc., and realistically let third-party credit service bodies play a specialized role in aspects such as credit information collection, processing, use, etc. Relevant departments are encouraged to launch cooperation’s with third-party credit service bodies in areas such as credit record integration, credit information sharing, credit big data analysis, credit risk early warning, examination and verification of cases of untrustworthiness, tracing and monitoring of untrustworthy activities, etc. (NDRC, Ministry of Civil Affairs, People’s Bank of China are respectively responsible according to their duties)

VI, Strengthening organization and implementation of credit supervision and management

(19) Strengthening organizational leadership. All localities and all departments must make building credit-based novel supervision and management mechanisms into an important measure in deeply advancing the “release, manage, serve” reform, put it in an ever more prominent position, strengthen organizational leadership, detail divisions of work and responsibilities, and promote implementation in a forceful, orderly and effective manner. Perfect supplementary structures to credit supervision and management, and strengthen links with other elements of “release, manage, serve” reform. Departments responsible for market supervision and management and sectoral supervision and management must realistically bear their dominant responsibility in sectoral credit construction and credit supervision and management, fully give rein to the roles of sectoral organizations and third-party credit service bodies, create beneficial conditions for public supervision, integrate and create joint forces for credit supervision and management with joint participation from all of society. (NDRCD takes the lead, all departments and all localities are respectively responsible according to their duties) 

(20) Launching trials and demonstrations. Organize and launch credit construction and credit supervision and management trials and demonstrations revolving around credit commitments, credit recovery, untrustworthiness joint punishment, credit big data exploitation and use and other such focus work. On the basis of exploration and innovation in all localities and all departments, timely summarize, abstract and exchange good methods and good experiences in launching credit construction and credit supervision and management, and reproduce and broaden them on an ever greater scale (NDRC takes the lead, all localities and all departments are respectively responsible according to their duties)

(21) Accelerating the establishment of rules and structures. Promote the formulation of social credit system construction-related laws, accelerate the research and promulgation of public credit information management regulations, unified social credit code management rules and other such regulations. Establish and complete nationwide uniform credit supervision and management norms and standards, timely publish related local regulations, government rules and normative documents, and upgrade methods effective in credit supervision and management practice into structures and norms. Grasp the formulation of national standards urgently needed in credit supervision and management. (NDRC, Ministry of Justice take the lead, all localities and all departments are respectively responsible according to their duties)

(22) Conducting propaganda and explanation. All localities and all departments must, through all kinds of channels and methods, conduct policy propaganda and explanation work in a thorough and detailed manner for market subjects, to let businesspeople fully understand and vigorously cooperate with credit-based novel supervision and management measures. Strengthen guidance and training for grass-roots and first-line supervision and management personnel. Organize news media to report broadly, vigorously propagate credit supervision and management measures and their results, and create a benign social atmosphere. (NDRC takes the lead, all localities and all departments are respectively responsible according to their duties)

State Council General Office

9 July 2019      

国务院办公厅关于加快推进社会信用体系建设 构建以信用为基础的新型监管机制的指导意见
国办发〔2019〕35号

各省、自治区、直辖市人民政府,国务院各部委、各直属机构:
为加强社会信用体系建设,深入推进“放管服”改革,进一步发挥信用在创新监管机制、提高监管能力和水平方面的基础性作用,更好激发市场主体活力,推动高质量发展,经国务院同意,现提出如下意见。
一、总体要求
以习近平新时代中国特色社会主义思想为指导,深入贯彻落实党的十九大和十九届二中、三中全会精神,按照依法依规、改革创新、协同共治的基本原则,以加强信用监管为着力点,创新监管理念、监管制度和监管方式,建立健全贯穿市场主体全生命周期,衔接事前、事中、事后全监管环节的新型监管机制,不断提升监管能力和水平,进一步规范市场秩序,优化营商环境,推动高质量发展。
二、创新事前环节信用监管
(一)建立健全信用承诺制度。在办理适用信用承诺制的行政许可事项时,申请人承诺符合审批条件并提交有关材料的,应予即时办理。申请人信用状况较好、部分申报材料不齐备但书面承诺在规定期限内提供的,应先行受理,加快办理进度。书面承诺履约情况记入信用记录,作为事中、事后监管的重要依据,对不履约的申请人,视情节实施惩戒。要加快梳理可开展信用承诺的行政许可事项,制定格式规范的信用承诺书,并依托各级信用门户网站向社会公开。鼓励市场主体主动向社会作出信用承诺。支持行业协会商会建立健全行业内信用承诺制度,加强行业自律。(各地区各部门按职责分别负责)
(二)探索开展经营者准入前诚信教育。充分利用各级各类政务服务窗口,广泛开展市场主体守法诚信教育。为市场主体办理注册、审批、备案等相关业务时,适时开展标准化、规范化、便捷化的法律知识和信用知识教育,提高经营者依法诚信经营意识。开展诚信教育不得收费,也不得作为市场准入的必要条件。(各地区各部门按职责分别负责)
(三)积极拓展信用报告应用。鼓励各类市场主体在生产经营活动中更广泛、主动地应用信用报告。在政府采购、招标投标、行政审批、市场准入、资质审核等事项中,充分发挥公共信用服务机构和第三方信用服务机构出具的信用报告作用。探索建立全国统一的信用报告标准,推动信用报告结果实现异地互认。(发展改革委、人民银行牵头,各地区各部门按职责分别负责)
三、加强事中环节信用监管
(四)全面建立市场主体信用记录。根据权责清单建立信用信息采集目录,在办理注册登记、资质审核、日常监管、公共服务等过程中,及时、准确、全面记录市场主体信用行为,特别是将失信记录建档留痕,做到可查可核可溯。(各地区各部门按职责分别负责)完善法人和非法人组织统一社会信用代码制度,以统一社会信用代码为标识,整合形成完整的市场主体信用记录,并通过“信用中国”网站、国家企业信用信息公示系统或中国政府网及相关部门门户网站等渠道依法依规向社会公开。完成12315市场监管投诉举报热线和信息化平台整合工作,大力开展消费投诉公示,促进经营者落实消费维权主体责任。(发展改革委、市场监管总局负责)
(五)建立健全信用信息自愿注册机制。鼓励市场主体在“信用中国”网站或其他渠道上自愿注册资质证照、市场经营、合同履约、社会公益等信用信息,并对信息真实性公开作出信用承诺,授权网站对相关信息进行整合、共享与应用。经验证的自愿注册信息可作为开展信用评价和生成信用报告的重要依据。(发展改革委牵头,各部门按职责分别负责)
(六)深入开展公共信用综合评价。全国信用信息共享平台要加强与相关部门的协同配合,依法依规整合各类信用信息,对市场主体开展全覆盖、标准化、公益性的公共信用综合评价,定期将评价结果推送至相关政府部门、金融机构、行业协会商会参考使用,并依照有关规定向社会公开。推动相关部门利用公共信用综合评价结果,结合部门行业管理数据,建立行业信用评价模型,为信用监管提供更精准的依据。(发展改革委牵头,各部门按职责分别负责)
(七)大力推进信用分级分类监管。在充分掌握信用信息、综合研判信用状况的基础上,以公共信用综合评价结果、行业信用评价结果等为依据,对监管对象进行分级分类,根据信用等级高低采取差异化的监管措施。“双随机、一公开”监管要与信用等级相结合,对信用较好、风险较低的市场主体,可合理降低抽查比例和频次,减少对正常生产经营的影响;对信用风险一般的市场主体,按常规比例和频次抽查;对违法失信、风险较高的市场主体,适当提高抽查比例和频次,依法依规实行严管和惩戒。(各地区各部门按职责分别负责)
四、完善事后环节信用监管
(八)健全失信联合惩戒对象认定机制。有关部门依据在事前、事中监管环节获取并认定的失信记录,依法依规建立健全失信联合惩戒对象名单制度。以相关司法裁判、行政处罚、行政强制等处理结果为依据,按程序将涉及性质恶劣、情节严重、社会危害较大的违法失信行为的市场主体纳入失信联合惩戒对象名单。加快完善相关管理办法,明确认定依据、标准、程序、异议申诉和退出机制。制定管理办法要充分征求社会公众意见,出台的标准及其具体认定程序以适当方式向社会公开。支持有关部门根据监管需要建立重点关注对象名单制度,对存在失信行为但严重程度尚未达到失信联合惩戒对象认定标准的市场主体,可实施与其失信程度相对应的严格监管措施。(各部门按职责分别负责)
(九)督促失信市场主体限期整改。失信市场主体应当在规定期限内认真整改,整改不到位的,按照“谁认定、谁约谈”的原则,由认定部门依法依规启动提示约谈或警示约谈程序,督促失信市场主体履行相关义务、消除不良影响。约谈记录记入失信市场主体信用记录,统一归集后纳入全国信用信息共享平台。大力推进重点领域失信问题专项治理,采取有力有效措施加快推进整改。(各部门按职责分别负责)
(十)深入开展失信联合惩戒。加快构建跨地区、跨行业、跨领域的失信联合惩戒机制,从根本上解决失信行为反复出现、易地出现的问题。依法依规建立联合惩戒措施清单,动态更新并向社会公开,形成行政性、市场性和行业性等惩戒措施多管齐下,社会力量广泛参与的失信联合惩戒大格局。重点实施惩戒力度大、监管效果好的失信惩戒措施,包括依法依规限制失信联合惩戒对象股票发行、招标投标、申请财政性资金项目、享受税收优惠等行政性惩戒措施,限制获得授信、乘坐飞机、乘坐高等级列车和席次等市场性惩戒措施,以及通报批评、公开谴责等行业性惩戒措施。(发展改革委牵头,各地区各部门按职责分别负责)
(十一)坚决依法依规实施市场和行业禁入措施。以食品药品、生态环境、工程质量、安全生产、养老托幼、城市运行安全等与人民群众生命财产安全直接相关的领域为重点,实施严格监管,加大惩戒力度。对拒不履行司法裁判或行政处罚决定、屡犯不改、造成重大损失的市场主体及其相关责任人,坚决依法依规在一定期限内实施市场和行业禁入措施,直至永远逐出市场。(发展改革委牵头,各地区各部门按职责分别负责)
(十二)依法追究违法失信责任。建立健全责任追究机制,对被列入失信联合惩戒对象名单的市场主体,依法依规对其法定代表人或主要负责人、实际控制人进行失信惩戒,并将相关失信行为记入其个人信用记录。机关事业单位、国有企业出现违法失信行为的,要通报上级主管单位和审计部门;工作人员出现违法失信行为的,要通报所在单位及相关纪检监察、组织人事部门。(各地区各部门按职责分别负责)
(十三)探索建立信用修复机制。失信市场主体在规定期限内纠正失信行为、消除不良影响的,可通过作出信用承诺、完成信用整改、通过信用核查、接受专题培训、提交信用报告、参加公益慈善活动等方式开展信用修复。修复完成后,各地区各部门要按程序及时停止公示其失信记录,终止实施联合惩戒措施。加快建立完善协同联动、一网通办机制,为失信市场主体提供高效便捷的信用修复服务。鼓励符合条件的第三方信用服务机构向失信市场主体提供信用报告、信用管理咨询等服务。(发展改革委牵头,各地区各部门按职责分别负责)
五、强化信用监管的支撑保障
(十四)着力提升信用监管信息化建设水平。充分发挥全国信用信息共享平台和国家“互联网+监管”系统信息归集共享作用,对政府部门信用信息做到“应归尽归”,推进地方信用信息平台、行业信用信息系统互联互通,畅通政企数据流通机制,形成全面覆盖各地区各部门、各类市场主体的信用信息“一张网”。依托全国信用信息共享平台和国家“互联网+监管”系统,将市场主体基础信息、执法监管和处置信息、失信联合惩戒信息等与相关部门业务系统按需共享,在信用监管等过程中加以应用,支撑形成数据同步、措施统一、标准一致的信用监管协同机制。(发展改革委、国务院办公厅牵头,各地区各部门按职责分别负责)
(十五)大力推进信用监管信息公开公示。在行政许可、行政处罚信息集中公示基础上,依托“信用中国”网站、中国政府网或其他渠道,进一步研究推动行政强制、行政确认、行政征收、行政给付、行政裁决、行政补偿、行政奖励和行政监督检查等其他行政行为信息7个工作日内上网公开,推动在司法裁判和执行活动中应当公开的失信被执行人、虚假诉讼失信人相关信息通过适当渠道公开,做到“应公开、尽公开”。(各地区各部门按职责分别负责)
(十六)充分发挥“互联网+”、大数据对信用监管的支撑作用。依托国家“互联网+监管”等系统,有效整合公共信用信息、市场信用信息、投诉举报信息和互联网及第三方相关信息,充分运用大数据、人工智能等新一代信息技术,实现信用监管数据可比对、过程可追溯、问题可监测。鼓励各地区各部门结合实际,依法依规与大数据机构合作开发信用信息,及时动态掌握市场主体经营情况及其规律特征。充分利用国家“互联网+监管”等系统建立风险预判预警机制,及早发现防范苗头性和跨行业跨区域风险。运用大数据主动发现和识别违法违规线索,有效防范危害公共利益和群众生命财产安全的违法违规行为。鼓励通过物联网、视联网等非接触式监管方式提升执法监管效率,实现监管规范化、精准化、智能化,减少人为因素,实现公正监管,杜绝随意检查、多头监管等问题,实现“进一次门、查多项事”,减少对监管对象的扰动。(国务院办公厅、发展改革委、市场监管总局牵头,各部门按职责分别负责)
(十七)切实加大信用信息安全和市场主体权益保护力度。严肃查处违规泄露、篡改信用信息或利用信用信息谋私等行为。加强信用信息安全基础设施和安全防护能力建设。建立健全信用信息异议投诉制度,对市场主体提出异议的信息,信息提供和采集单位要尽快核实并反馈结果,经核实有误的信息要及时予以更正或撤销。因错误认定失信联合惩戒对象名单、错误采取失信联合惩戒措施损害市场主体合法权益的,有关部门和单位要积极采取措施消除不良影响。(各地区各部门按职责分别负责)
(十八)积极引导行业组织和信用服务机构协同监管。支持有关部门授权的行业协会商会协助开展行业信用建设和信用监管,鼓励行业协会商会建立会员信用记录,开展信用承诺、信用培训、诚信宣传、诚信倡议等,将诚信作为行规行约重要内容,引导本行业增强依法诚信经营意识。推动征信、信用评级、信用保险、信用担保、履约担保、信用管理咨询及培训等信用服务发展,切实发挥第三方信用服务机构在信用信息采集、加工、应用等方面的专业作用。鼓励相关部门与第三方信用服务机构在信用记录归集、信用信息共享、信用大数据分析、信用风险预警、失信案例核查、失信行为跟踪监测等方面开展合作。(发展改革委、民政部、人民银行按职责分别负责)
六、加强信用监管的组织实施
(十九)加强组织领导。各地区各部门要把构建以信用为基础的新型监管机制作为深入推进“放管服”改革的重要举措,摆在更加突出的位置,加强组织领导,细化责任分工,有力有序有效推动落实。完善信用监管的配套制度,并加强与其他“放管服”改革事项的衔接。负有市场监管、行业监管职责的部门要切实承担行业信用建设和信用监管的主体责任,充分发挥行业组织、第三方信用服务机构作用,为公众监督创造有利条件,整合形成全社会共同参与信用监管的强大合力。(发展改革委牵头,各地区各部门按职责分别负责)
(二十)开展试点示范。围绕信用承诺、信用修复、失信联合惩戒、信用大数据开发利用等重点工作,组织开展信用建设和信用监管试点示范。在各地区各部门探索创新的基础上,及时总结、提炼、交流开展信用建设和信用监管的好经验、好做法,在更大范围复制推广。(发展改革委牵头,各地区各部门按职责分别负责)
(二十一)加快建章立制。推动制定社会信用体系建设相关法律,加快研究出台公共信用信息管理条例、统一社会信用代码管理办法等法规。建立健全全国统一的信用监管规则和标准,及时出台相关地方性法规、政府规章或规范性文件,将信用监管中行之有效的做法上升为制度规范。抓紧制定开展信用监管急需的国家标准。(发展改革委、司法部牵头,各地区各部门按职责分别负责)
(二十二)做好宣传解读。各地区各部门要通过各种渠道和形式,深入细致向市场主体做好政策宣传解读工作,让经营者充分理解并积极配合以信用为基础的新型监管措施。加强对基层和一线监管人员的指导和培训。组织新闻媒体广泛报道,积极宣传信用监管措施及其成效,营造良好社会氛围。(发展改革委牵头,各地区各部门按职责分别负责)
国务院办公厅
2019年7月9日

Regulations on Internet Security Supervision and Inspection by Public Security Bodies

Posted on Updated on

Ministry of Public Security of the People’s Republic of China Decree

No. 151

The “Regulations on Internet Security Supervision and Inspection by Public Security Bodies” were passed at the Minister’s business meeting of the Ministry of Public Security on 5 September 2018, are hereby promulgated, and take effect on 1 November 2018.

Minister: Zhao Kezhi

15 September 2018

Regulations on Internet Security Supervision and Inspection by Public Security Bodies

Chapter I: General provisions

Article 1: These Regulations are formulated in order to standardize public security bodies’ Internet security supervision and inspection work, prevent online law-breaking and crime, safeguard cybersecurity, protect the lawful rights and interests of citizens, legal persons and other organizations, on the basis of the “People’s Police Law of the People’s Republic of China”, the “Cybersecurity Law of the People’s Republic of China” and other such laws and administrative regulations. 

Article 2: These Regulations apply to public security bodies conducting security supervision and inspection of Internet service providers’ and network-using work units’ fulfilment of cybersecurity duties provided in laws and administrative regulations. 

Article 3: Internet security supervision and inspection work is conducted by county-level or higher local People’s Government public security body cybersecurity protection departments. 

Higher-level public security bodies shall implement guidance and supervision of lower levels’ public security bodies’ conduct of Internet security supervision and inspection work.

Article 4: Public security bodies conducting Internet security supervision and inspection shall abide by the policies of scientific management, ensuring and stimulating development, strictly abide by statutory powers and procedures, incessantly improve law enforcement methods, and comprehensively implement law enforcement responsibilities. 

Article 5: Public security bodies and their work personnel shall strictly preserve the secrecy of personal information and privacy, commercial secrets and State secrets they learn in the process of fulfilling Internet security supervision and inspection duties and responsibilities, they may not leak this, sell it or illegally provide it to others.

Public security bodies and their work personnel can only use information they learn in the process of fulfilling Internet security supervision and inspection duties as required for maintaining cybersecurity, and may not use it for other purposes.

Article 6: Public security bodies shall timely notify relevant controlling departments and work units about cybersecurity risks they discover in the process of Internet security supervision and inspection work, which may harm national security, public security or social order.

Article 7: Public security bodies shall establish and implement rules for Internet security supervision and inspection work, and consciously accept supervision by inspection counterparts and the popular masses.

Chapter II: Supervision and inspection counterparts and content.

Article 8: Internet security supervision and inspection will be conducted by public security bodies of the locality of Internet service providers’ network service operations bodies and network using work units’ network management bodies. Where an Internet service provider is an individual, it may be implemented by the public security body of their regular place of residence.

Article 9: Public security bodies shall, on the basis of cybersecurity protection requirements and the concrete circumstances of cybersecurity risks and vulnerabilities, conduct supervision and inspection of the following Internet service providers and network-using work units.

(1) Those providing Internet access, Internet data centre, content distribution and domain name services;

(2) Those providing Internet information services;

(3) Those providing public network access services;

(4) Those providing other Internet services. 

Focus supervision and inspection shall be conducted of those who have not conducted the services provided in the previous Paragraph for a full year, those where a cybersecurity incident, breach of law or crime occurred within two years, or those who have been subject to administrative punishment by a public security body for not fulfilling statutory cybersecurity duties.

Article 10: Public security bodies shall, on the basis of the actual circumstances of Internet service providers’ and network-using work units fulfilling their statutory cybersecurity duties, and according to relevant State regulations and standards, conduct supervision and inspection of the following content:

(1) Whether or not they have conducted network work unit filing formalities, and have reported the access work unit, basic user information and changes therein;

(2) Whether or not they have formulated and implemented cybersecurity management rules and operating rules, and appointed a person responsible for cybersecurity;

(3) Whether or not they have adopted technical measures to record and preserve user registration information and network use record information according to the law;

(4) Whether or not they have adopted technical measures to defend against computer viruses, cyberattacks, cyber intrusions, etc.;

(5) Whether or not they have adopted corresponding prevention measures against the publication or transmission of information prohibited in laws and administrative regulations according to the law in public information services;

(6) Whether or not they have provided technical support and assistance to public security bodies lawfully maintaining cybersecurity, preventing and investigating terror activities, or investigating crimes according to statutory provisions;

(7) Whether or not they have fulfilled cybersecurity multi-level protection duties as provided in laws and administrative regulations.

Article 11: Apart from the content listed in Article 10 of these Regulations, public security bodies shall also conduct supervision and inspection of the following content, on the basis of the category of provided Internet services:

(1) Where Internet access services are provided, supervising and inspecting whether they have recorded and preserved network address, allocation and use details;

(2) Where Internet data centre services are provided, supervising and inspecting whether they have recorded user information of the host entrustment, host rental and virtual space rental they provide;

(3) Where Internet domain name services are provided, supervising and inspecting whether they have recorded network domain name application and modification information, and whether or not they have adopted measures to deal with unlawful domain names according to the law.

(4) Where Internet information services are provided, supervising and inspecting whether they have adopted user-disseminated information management measures according to the law, whether or not they have adopted measures to deal with already published or transmitted information of which the dissemination or transmission is prohibited by laws and administrative regulations, and maintained related records;

(5) Where Internet content distribution services are provided, supervising and inspecting whether or not they have recorded circumstances concerning content distribution network and content source network links;

(6) Where Internet public access services are provided, supervising and inspecting whether or not they have adopted technical network and information security protection measures conform to national standards.

Article 12: During periods of national major cybersecurity defence tasks, public security bodies may conduct targeted security supervision and inspection of the following content of Internet service providers and network-using work units related to national major cybersecurity defence tasks:

(1) Whether or not they have formulated work plans required for major national cybersecurity defence tasks, clarified cybersecurity duties and work divisions, and appointed a management person for cybersecurity;

(2) Whether or not they have organized and conducted cybersecurity risk assessments, and adopted corresponding risk control measures to remedy cybersecurity leaks and vulnerabilities;

(3) Whether or not they have formulated cybersecurity emergency response plans, organized and conducted emergency response exercises, and whether or not emergency response-related equipment is complete and effective.

(4) Whether or not they have adopted other cybersecurity protection tasks required for major cybersecurity protection tasks according to the law;

(5) Whether or not they have reported cybersecurity protection measures and implementation circumstances to public security bodies according to requirement. 

Internet security supervision and inspection with preventing terror attacks as its major objective will be implemented according to the content provided in the previous Paragraph.

Chapter III: Supervision and inspection procedures

Article 13: Public security bureaus conducting Internet security supervision and inspection may adopt on-site supervision and inspection or remote monitoring methods to do so.

Article 14: When public security bodies conduct on-site Internet security supervision and inspection, the number of People’s Police may not be less than 2, and they shall produce their People’s Police card and county-level or higher local People’s Government public security body-issued supervision and inspection notification letter.

Article 15: Public security bodies conducting on-site Internet security supervision and inspection may adopt the following measures on the basis of requirement:

(1) Entering business premises, computer rooms, work premises;

(2) Requiring the supervision and inspection counterpart’s responsible person or cybersecurity management personnel to explain supervision and inspection matters;

(3) Consulting and reproducing information related to Internet security supervision and inspection;

(4) Checking the operational state of technical network and information security protection measures.

Article 16: Public security bodies may conduct remote monitoring on whether or not cybersecurity leaks exist with Internet service providers and network-using work units.

Public security bodies conducting remote monitoring shall notify the supervision and inspection counterpart in advance about the inspection time, inspection cope and other such matters, or publish the related inspection matters, they may not interfere with or destroy the regular operations of the supervision and inspection counterpart’s networks.

Article 17: Public security bodies conducting on-site supervision and inspection or remote monitoring may entrust cybersecurity service bodies having corresponding technical capabilities with providing technical support. 

Cybersecurity service bodies and their work personnel shall strictly preserve the secrecy of personal information and privacy, commercial secrets and State secrets they learn in the process of fulfilling Internet security supervision and inspection duties and responsibilities, they may not leak this, sell it or illegally provide it to others.

Public security bodies shall strictly supervise cybersecurity service bodies’ implementation of cybersecurity management and secrecy protection responsibilities.

Article 18: Public security bodies conducting on-site supervision and inspection shall draft supervision and inspection records, and have them signed by the People’s Police conducting supervision and inspection and the responsible person or cybersecurity management personnel from the supervision and inspection counterpart. Where the responsible person or cybersecurity management personnel from the supervision and inspection counterpart object to the supervision and inspection record, they shall be allowed to explain the matter; where they refuse to sign, People’s Police shall indicate this on the supervision and inspection record.

Public security bodies conducting remote monitoring shall draft supervision and inspection records, and have the supervision and inspection record signed by two or more People’s Police conducting the supervision and inspection. 

Where cybersecurity service bodies are entrusted with providing technical support, the technical support personnel shall sign the supervision and inspection record together.

Article 19: Public security bodies discovering that cybersecurity risks or vulnerabilities exist in Internet service providers and network-using work unit in the process of Internet security supervision and inspection, shall urge and guide them to adopt measures to eliminate the risks or vulnerabilities, and indicate this in the supervision and inspection records; where they discover unlawful acts, but circumstances are light or no results have been created, they shall order them to correct the matter within a limited time.

Where the supervision and inspection counterpart believes they have completed correction before the end of the time limit, they may submit a re-inspection application in writing to the public security body.

Public security bodies shall, within three working days after the time limit ends or after receiving an earlier re-inspection application from the supervision and inspection counterpart, conduct a re-inspection of the corrected situation, and feed back the re-inspection results within three working days after the re-inspection concludes.

Article 12: All kinds of material collected in the process of inspection, or all kinds of produced documents and other materials, shall be stored in files according to regulations.

Chapter IV: Legal liability

Article 21: Where public security bodies discover Internet service providers or network-using work units committed the following unlawful acts in the process of Internet security supervision and inspection, they shall impose administrative punishment according to the law:

(1) Those not formulating or implementing cybersecurity management rules and operating rules, or not appointing a responsible person for cybersecurity, will be punished according to Article 59 Paragraph I of the “Cybersecurity Law of the People’s Republic of China”;

(2) Those not adopting technical measures to defend against computer viruses, cyberattacks, cyber intrusions and other such acts harming cybersecurity, will be punished according to the provisions of Article 59 Paragraph I of the “Cybersecurity Law of the People’s Republic of China”;

(3) Those not adopting measures to record and preserve user registration information and web access daily record information, will be punished according to the provisions of Article 59 Paragraph I of the “Cybersecurity Law of the People’s Republic of China”;

(4) Those not requiring users to provide real identity information according to requirements in the process of providing Internet information dissemination, instant communication and other such services, or who provide related services to users not providing real identity information, will be punished according to the provisions of Article 61 of the “Cybersecurity Law of the People’s Republic of China”;

(5) Those who do not adopt measures to cease transmission and delete information of which the dissemination and transmission is prohibited by laws and administrative regulations according to the law or according to public security bodies’ requirements, and preserve relevant records, will be punished according to the provisions of Article 68 or Article 69 Paragraph I of the “Cybersecurity Law of the People’s Republic of China”;

(6) Those refusing to provide technical support and assistance to public security bodies maintaining cybersecurity and investigating criminal activities according to the law, will be punished according to the provisions of Article 69 Paragraph III of the “Cybersecurity Law of the People’s Republic of China”.

Where the acts in the preceding items 4 to 6 violate the “Anti-Terrorism Law of the People’s Republic of China”, they will be punished according to the provisions of Article 84 or Article 86 Paragraph I of the “Anti-Terrorism Law of the People’s Republic of China”.

Article 22: Where public security bodies, in the process of Internet security supervision and inspection, discover Internet service providers and network-using work units steal or obtain personal information in an illegal manner, illegally sell or illegally provide it to others, but it does not constitute a crime, they will be punished according to the provisions of Article 64 Paragraph II of the “Cybersecurity Law of the People’s Republic of China”.

Article 23: Where public security bodies, in the process of Internet security supervision and inspection, discover Internet service providers and network-using work units have installed malicious programmes in the Internet services they provide, they will be punished according to the provisions of Article 60 Paragraph I of the “Cybersecurity Law of the People’s Republic of China”.

Article 24: Where Internet service providers and network-using work units refuse or impede public security bodies’ conduct of Internet security supervision and inspection, they will be punished according to the provisions of Article 69 Paragraph II of the “Cybersecurity Law of the People’s Republic of China”; where they refuse to cooperate with anti-terrorism work, they will be punished according to the provisions of Article 91 or Article 92 of the “Anti-Terrorism Law of the People’s Republic of China.

Article 25: Where cybersecurity service bodies and their work personnel entrusted with providing technical support engage in illegal intrusion into the supervision and inspection counterpart’s networks, interfere with the regular functioning of the supervision and inspection counterpart’s networks, or steal online data and other such activities harming cybersecurity, they will be punished according to the provisions of Article 63 of the “Cybersecurity Law of the People’s Republic of China”; where they steal personal information they have obtained in the process of their work or obtain it in an illegal manner, illegally sell or illegally provide it to others, they will be punished according to the provisions of Article 64 Paragraph II of the “Cybersecurity Law of the People’s Republic of China”, where it constitutes a crime, criminal liability will be prosecuted according to the law.

Where bodies and their work personnel as provided in the previous Paragraph infringe the commercial secrets of the supervision and inspection counterpart, constituting a crime, criminal liability will be prosecuted according to the law.

Article 26: Where public security bodies and their work personnel, in the process of Internet security supervision and inspection work, are derelict in their duties, abuse their powers, or engage in favouritism, the directly responsible person in charge and other directly responsible personnel will be punished according to the law; where it constitutes a crime, criminal liability will be prosecuted according to the law.

Article 27: Where Internet service providers and network-using work units violate these Regulations, constituting a violation of public security management, they will be subject to public order management punishment; where it constitutes a crime, criminal liability will be prosecuted according to the law.

Chapter V: Supplementary provisions

Article 28: Supervision and inspection of commercial Internet access service venues will be implementing according to the relevant provisions of the “Commercial Internet Access Service Venue Management Regulations”.

Article 29: These Regulations take effect on 1 November 2018.

中华人民共和国公安部令
第151号

《公安机关互联网安全监督检查规定》已经2018年9月5日公安部部长办公会议通过,现予发布,自2018年11月1日起施行。

部长  赵克志

2018年9月15日

公安机关互联网安全监督检查规定

第一章 总则

第一条 为规范公安机关互联网安全监督检查工作,预防网络违法犯罪,维护网络安全,保护公民、法人和其他组织合法权益,根据《中华人民共和国人民警察法》《中华人民共和国网络安全法》等有关法律、行政法规,制定本规定。

第二条 本规定适用于公安机关依法对互联网服务提供者和联网使用单位履行法律、行政法规规定的网络安全义务情况进行的安全监督检查。

第三条 互联网安全监督检查工作由县级以上地方人民政府公安机关网络安全保卫部门组织实施。

上级公安机关应当对下级公安机关开展互联网安全监督检查工作情况进行指导和监督。

第四条 公安机关开展互联网安全监督检查,应当遵循依法科学管理、保障和促进发展的方针,严格遵守法定权限和程序,不断改进执法方式,全面落实执法责任。

第五条 公安机关及其工作人员对履行互联网安全监督检查职责中知悉的个人信息、隐私、商业秘密和国家秘密,应当严格保密,不得泄露、出售或者非法向他人提供。

公安机关及其工作人员在履行互联网安全监督检查职责中获取的信息,只能用于维护网络安全的需要,不得用于其他用途。

第六条 公安机关对互联网安全监督检查工作中发现的可能危害国家安全、公共安全、社会秩序的网络安全风险,应当及时通报有关主管部门和单位。

第七条 公安机关应当建立并落实互联网安全监督检查工作制度,自觉接受检查对象和人民群众的监督。

第二章 监督检查对象和内容

第八条 互联网安全监督检查由互联网服务提供者的网络服务运营机构和联网使用单位的网络管理机构所在地公安机关实施。互联网服务提供者为个人的,可以由其经常居住地公安机关实施。

第九条 公安机关应当根据网络安全防范需要和网络安全风险隐患的具体情况,对下列互联网服务提供者和联网使用单位开展监督检查:

(一)提供互联网接入、互联网数据中心、内容分发、域名服务的;

(二)提供互联网信息服务的;

(三)提供公共上网服务的;

(四)提供其他互联网服务的;

对开展前款规定的服务未满一年的,两年内曾发生过网络安全事件、违法犯罪案件的,或者因未履行法定网络安全义务被公安机关予以行政处罚的,应当开展重点监督检查。

第十条 公安机关应当根据互联网服务提供者和联网使用单位履行法定网络安全义务的实际情况,依照国家有关规定和标准,对下列内容进行监督检查:

(一)是否办理联网单位备案手续,并报送接入单位和用户基本信息及其变更情况;

(二)是否制定并落实网络安全管理制度和操作规程,确定网络安全负责人;

(三)是否依法采取记录并留存用户注册信息和上网日志信息的技术措施;

(四)是否采取防范计算机病毒和网络攻击、网络侵入等技术措施;

(五)是否在公共信息服务中对法律、行政法规禁止发布或者传输的信息依法采取相关防范措施;

(六)是否按照法律规定的要求为公安机关依法维护国家安全、防范调查恐怖活动、侦查犯罪提供技术支持和协助;

(七)是否履行法律、行政法规规定的网络安全等级保护等义务。

第十一条 除本规定第十条所列内容外,公安机关还应当根据提供互联网服务的类型,对下列内容进行监督检查:

(一)对提供互联网接入服务的,监督检查是否记录并留存网络地址及分配使用情况;

(二)对提供互联网数据中心服务的,监督检查是否记录所提供的主机托管、主机租用和虚拟空间租用的用户信息;

(三)对提供互联网域名服务的,监督检查是否记录网络域名申请、变动信息,是否对违法域名依法采取处置措施;

(四)对提供互联网信息服务的,监督检查是否依法采取用户发布信息管理措施,是否对已发布或者传输的法律、行政法规禁止发布或者传输的信息依法采取处置措施,并保存相关记录;

(五)对提供互联网内容分发服务的,监督检查是否记录内容分发网络与内容源网络链接对应情况;

(六)对提供互联网公共上网服务的,监督检查是否采取符合国家标准的网络与信息安全保护技术措施。

第十二条 在国家重大网络安全保卫任务期间,对与国家重大网络安全保卫任务相关的互联网服务提供者和联网使用单位,公安机关可以对下列内容开展专项安全监督检查:

(一)是否制定重大网络安全保卫任务所要求的工作方案、明确网络安全责任分工并确定网络安全管理人员;

(二)是否组织开展网络安全风险评估,并采取相应风险管控措施堵塞网络安全漏洞隐患;

(三)是否制定网络安全应急处置预案并组织开展应急演练,应急处置相关设施是否完备有效;

(四)是否依法采取重大网络安全保卫任务所需要的其他网络安全防范措施;

(五)是否按照要求向公安机关报告网络安全防范措施及落实情况。

对防范恐怖袭击的重点目标的互联网安全监督检查,按照前款规定的内容执行。

第三章 监督检查程序

第十三条 公安机关开展互联网安全监督检查,可以采取现场监督检查或者远程检测的方式进行。

第十四条 公安机关开展互联网安全现场监督检查时,人民警察不得少于二人,并应当出示人民警察证和县级以上地方人民政府公安机关出具的监督检查通知书。

第十五条 公安机关开展互联网安全现场监督检查可以根据需要采取以下措施:

(一)进入营业场所、机房、工作场所;

(二)要求监督检查对象的负责人或者网络安全管理人员对监督检查事项作出说明;

(三)查阅、复制与互联网安全监督检查事项相关的信息;

(四)查看网络与信息安全保护技术措施运行情况。

第十六条 公安机关对互联网服务提供者和联网使用单位是否存在网络安全漏洞,可以开展远程检测。

公安机关开展远程检测,应当事先告知监督检查对象检查时间、检查范围等事项或者公开相关检查事项,不得干扰、破坏监督检查对象网络的正常运行。

第十七条 公安机关开展现场监督检查或者远程检测,可以委托具有相应技术能力的网络安全服务机构提供技术支持。

网络安全服务机构及其工作人员对工作中知悉的个人信息、隐私、商业秘密和国家秘密,应当严格保密,不得泄露、出售或者非法向他人提供。公安机关应当严格监督网络安全服务机构落实网络安全管理与保密责任。

第十八条 公安机关开展现场监督检查,应当制作监督检查记录,并由开展监督检查的人民警察和监督检查对象的负责人或者网络安全管理人员签名。监督检查对象负责人或者网络安全管理人员对监督检查记录有异议的,应当允许其作出说明;拒绝签名的,人民警察应当在监督检查记录中注明。

公安机关开展远程检测,应当制作监督检查记录,并由二名以上开展监督检查的人民警察在监督检查记录上签名。

委托网络安全服务机构提供技术支持的,技术支持人员应当一并在监督检查记录上签名。

第十九条 公安机关在互联网安全监督检查中,发现互联网服务提供者和联网使用单位存在网络安全风险隐患,应当督促指导其采取措施消除风险隐患,并在监督检查记录上注明;发现有违法行为,但情节轻微或者未造成后果的,应当责令其限期整改。

监督检查对象在整改期限届满前认为已经整改完毕的,可以向公安机关书面提出提前复查申请。

公安机关应当自整改期限届满或者收到监督检查对象提前复查申请之日起三个工作日内,对整改情况进行复查,并在复查结束后三个工作日内反馈复查结果。

第二十条 监督检查过程中收集的资料、制作的各类文书等材料,应当按照规定立卷存档。

第四章 法律责任

第二十一条 公安机关在互联网安全监督检查中,发现互联网服务提供者和联网使用单位有下列违法行为的,依法予以行政处罚:

(一)未制定并落实网络安全管理制度和操作规程,未确定网络安全负责人的,依照《中华人民共和国网络安全法》第五十九条第一款的规定予以处罚;

(二)未采取防范计算机病毒和网络攻击、网络侵入等危害网络安全行为的技术措施的,依照《中华人民共和国网络安全法》第五十九条第一款的规定予以处罚;

(三)未采取记录并留存用户注册信息和上网日志信息措施的,依照《中华人民共和国网络安全法》第五十九条第一款的规定予以处罚;

(四)在提供互联网信息发布、即时通讯等服务中,未要求用户提供真实身份信息,或者对不提供真实身份信息的用户提供相关服务的,依照《中华人民共和国网络安全法》第六十一条的规定予以处罚;

(五)在公共信息服务中对法律、行政法规禁止发布或者传输的信息未依法或者不按照公安机关的要求采取停止传输、消除等处置措施、保存有关记录的,依照《中华人民共和国网络安全法》第六十八条或者第六十九条第一项的规定予以处罚;

(六)拒不为公安机关依法维护国家安全和侦查犯罪的活动提供技术支持和协助的,依照《中华人民共和国网络安全法》第六十九条第三项的规定予以处罚。

有前款第四至六项行为违反《中华人民共和国反恐怖主义法》规定的,依照《中华人民共和国反恐怖主义法》第八十四条或者第八十六条第一款的规定予以处罚。

第二十二条 公安机关在互联网安全监督检查中,发现互联网服务提供者和联网使用单位,窃取或者以其他非法方式获取、非法出售或者非法向他人提供个人信息,尚不构成犯罪的,依照《中华人民共和国网络安全法》第六十四条第二款的规定予以处罚。

第二十三条 公安机关在互联网安全监督检查中,发现互联网服务提供者和联网使用单位在提供的互联网服务中设置恶意程序的,依照《中华人民共和国网络安全法》第六十条第一项的规定予以处罚。

第二十四条 互联网服务提供者和联网使用单位拒绝、阻碍公安机关实施互联网安全监督检查的,依照《中华人民共和国网络安全法》第六十九条第二项的规定予以处罚;拒不配合反恐怖主义工作的,依照《中华人民共和国反恐怖主义法》第九十一条或者第九十二条的规定予以处罚。

第二十五条 受公安机关委托提供技术支持的网络安全服务机构及其工作人员,从事非法侵入监督检查对象网络、干扰监督检查对象网络正常功能、窃取网络数据等危害网络安全的活动的,依照《中华人民共和国网络安全法》第六十三条的规定予以处罚;窃取或者以其他非法方式获取、非法出售或者非法向他人提供在工作中获悉的个人信息的,依照《中华人民共和国网络安全法》第六十四条第二款的规定予以处罚,构成犯罪的,依法追究刑事责任。

前款规定的机构及人员侵犯监督检查对象的商业秘密,构成犯罪的,依法追究刑事责任。

第二十六条 公安机关及其工作人员在互联网安全监督检查工作中,玩忽职守、滥用职权、徇私舞弊的,对直接负责的主管人员和其他直接责任人员依法予以处分;构成犯罪的,依法追究刑事责任。

第二十七条 互联网服务提供者和联网使用单位违反本规定,构成违反治安管理行为的,依法予以治安管理处罚;构成犯罪的,依法追究刑事责任。

第五章 附则

第二十八条 对互联网上网服务营业场所的监督检查,按照《互联网上网服务营业场所管理条例》的有关规定执行。

第二十九条 本规定自2018年11月1日起施行。

Regulations for Internet Security Supervision and Inspection by Public Security Bodies

Posted on Updated on

(Opinion-seeking Draft)

Chapter I: General Principles

Article 1: In order to strengthen and standardize Internet security supervision and inspection work by public security bodies, prevent online law-breaking and crime, safeguard cybersecurity, protect the lawful rights and interests of citizens, legal persons and other organizations, on the basis of the “People’s Police Law of the People’s Republic of China”, the “Cybersecurity Law of the People’s Republic of China” and other such relevant laws and administrative regulations, these Regulations are formulated. Read the rest of this entry »

Opinions concerning Appropriately Limiting Specific Gravely Untrustworthy Persons from Traveling on Civil Aircraft for a Certain Period, and Promoting the Construction of the Social Credit System

Posted on

FGCJ (2018)385

All provincial, autonomous region, municipal and the Xinjiang Production-Construction Corps social credit system construction leading work units, spiritual civilization offices, higher people’s courts, finance offices (bureaus), human resources and social security offices (bureaus), the State Administration of Taxation, local taxation bureaus, all delegated agencies of the China Securities Regulatory Commission, all local civil aviation management bureaus, all transportation (general) airline companies, airport companies, the China Civil Aviation Information Group, airport public security bureaus: Read the rest of this entry »

Opinions concerning Appropriately Limiting Specific Gravely Untrustworthy Persons from Riding Trains for a Certain Period, and Promoting the Construction of the Social Credit System

Posted on

FGCJ (2018)384

All provincial, autonomous region, municipal and Xinjiang Production-Construction Corps social credit system construction leading work units, spiritual civilization offices, higher-level people’s courts, finance offices (bureaus), human resources and social security offices (bureaus), the State Administration of Taxation, local taxation bureaus, all delegated agencies of the China Securities Regulatory commission, railway transportation enterprises, the Academy of Railway Science, and all railway public security bureaus: Read the rest of this entry »

Microblog Information Service Management Regulations

Posted on Updated on

Article 1: In order to stimulate the healthy and orderly development of microblog information services, protect the lawful rights and interests of citizens, legal persons and other organizations, and safeguard national security and the public interest, on the basis of the “Cybersecurity Law of the People’s Republic of China” and the “State Council Notice concerning Authorizing the Cyberspace Administration of China to take Responsibility for Internet Information Content Work”, these Regulations are formulated. Read the rest of this entry »

Internet News Information Service Work Unit Content Management Staff Management Rules

Posted on Updated on

Chapter I: General provisions

Article 1: In order to strengthen management of content management staff in Internet news information service work units, safeguard the lawful rights and interests of staff and the social public, and stimulate the healthy and orderly development of internet news information services, on the basis of the “Cybersecurity Law of the People’s Republic of China” and the “Internet News Information Management Regulations”, these Rules are formulated. Read the rest of this entry »

Provisions on the Management of Internet Forum Community Services

Posted on Updated on

This translation was completed by ChinaLawTranslate, and is republished here with kind permission

Article 1: These Provisions are formulated on the basis of the “Cybersecurity Law of the P.R.C.”and the“State Council’s Notification of Authorization of the State Internet Information Office to be Responsible for Efforts to promote the healthy and orderly development of the internet forum community industry, so as to standardize Internet forum community services, stimulate the healthy and orderly development of Internet forum community services, protect the lawful rights and interests of citizens, legal persons, and other organizations, safeguard national security and the public interest. Read the rest of this entry »

Public Internet Cybersecurity Threat Monitoring and Mitigation Measures

Posted on Updated on

This translation was kindly provided by John Costello

Ministry of Industry and Information Technology Network [2017] No. 202

Provincial, autonomous region, and municipal communications authorities, China Telecom Group Corporation, China Mobile Communications Corporation, China Unicom Group Corporation, China National Computer Emergency Technical Team/Coordination Center of China (CNCERT), China Information Communications Research Institute, National Industrial Information Security Development Research Center, China Internet Association, domain name registration management and service organs, internet companies, and cybersecurity enterprises:

In order to deepen the implementation of the spirit of General Secretary Xi Jinping’s important speeches on cybersecurity, actively respond to the dire and complex cybersecurity situation, to move forward robust public internet cybersecurity threat monitoring and mitigation mechanism, safeguard the legitimate rights and interests of citizens, legals person, and other organizations, and in accordance with “Cybersecurity Law of the People’s Republic of China” and other relevant laws and regulations, the “Public Internet Cybersecurity Threat Monitoring and Mitigation Measures”. Hereby issued to you, please realistically and effectively implement and carry out.

Ministry of Industry and Information Technology Read the rest of this entry »

Critical Information Infrastructure Security Protection Regulations

Posted on Updated on

This document was translated jointly by Graham Webster, Paul Triolo and Rogier Creemers

CAC Notice concerning the Public Solicitation of Opinions on the “Critical Information Infrastructure Security Protection Regulations (Opinion-seeking Draft)”

http://www.cac.gov.cn/2017-07/11/m_1121294220.htm

In order to guarantee the security of critical information infrastructure, based on the “Cybersecurity Law of the People’s Republic of China”, our Administration, jointly with relevant departments, has drafted the “Critical Information Infrastructure Security Protection Regulations (Opinion-seeking Draft)”, which is now made public for open solicitation of opinions. Relevant work units and individuals from all circles may, before 10 August, put forward opinions through the following ways:

1, Sending opinions in a letter form to: Beijing Xicheng Chegongzhuang Avenue 11, CAC Cybersecurity Coordination Bureau, Post Code 100044, and clearly indicate “opinion solicitation” on the envelope

2, Sending an e-mail to: security@cac.gov.cn.

CAC

10 July 2017

Critical Information Infrastructure Security Protection Regulations

(Opinion-seeking draft)

Chapter 1: General principles Read the rest of this entry »

Implementing Rules for the Management of Internet News Information Service Licences

Posted on Updated on

Article 1: In order to further raise the standardization and scientization levels of Internet news information service licence management, and stimulate the healthy and orderly development of Internet news information services, on the basis of the “Administrative Licensing Law of the People’s Republic of China” and the “Internet News Information Service Management Regulations” (hereafter simply named “Regulations”), these Implementing Rules are formulated.

Article 2: These Implementing Rules apply to national and provincial, autonomous region and municipal Internet information offices’ implementation of Internet news information service licensing. Read the rest of this entry »

Interim Security Review Measures for Network Products and Services

Posted on Updated on

This translation was kindly provided by Paul Triolo

Article 1 These Measures are developed with a view to enhancing the secure and controllable levels of network products and services, guarding against cyber security risks, and safeguarding the national security, and in accordance with the laws and regulations such as National Security Law of the People’s Republic of China and the Cybersecurity Law of the People’s Republic of China.

Article 2 Important network products and services procured for use in networks and information systems that touch on national security are subject to a cybersecurity review.

Article 3 A cybersecurity review shall be conducted for network products and services and their supply chains, in a manner that combines enterprise commitments with public supervision, combines third-party assessments with government continuous regulation, and combines laboratory testing with on-site checks, on-line monitoring and background investigations. Read the rest of this entry »

Internet News Information Service Management Regulations

Posted on Updated on

Chapter I: General Provisions

Article 1: In order to strengthen Internet information content management and stimulate the healthy and orderly development of Internet news information services, on the basis of the “Cybersecurity Law of the People’s Republic of China”, the “Internet Information Service Management Rules”, and the “State Council Notice concerning Authorizing the State Internet Information Office to Take Responsibility of Internet Information Content Management Work”, these Regulations are formulated.

Read the rest of this entry »

Regulations for Internet Content Management Administration Law Enforcement Procedures

Posted on Updated on

This translation was kindly provided by John Costello

State Internet Information Office

Decree No. 2

“Regulations for Internet Content Management Administration Law Enforcement Procedures” approved in a meeting of the State Internet Information Office is hereby announced, to be implemented from June 1, 2017 onward.

Director Xu Lin

May 2, 2017

Regulations for Internet Content Management Administration Law Enforcement Procedures Read the rest of this entry »

Encryption Law of the People’s Republic of China (Opinion-seeking Draft)

Posted on Updated on

This translation was created jointly with Paul Triolo and John Costello

Table of contents

Chapter I: General principles

Chapter II: The use of encryption

Chapter III: Encryption security

Chapter IV: Stimulating the development of encryption

Chapter V: Supervision and management

Chapter VI: Legal liability

Chapter VII: Supplementary provisions

Chapter I: General principles

Read the rest of this entry »