(Approved by the State Council on December 11, 1997 and promulgated by the Ministry of Public Security on December 30, 1997)
Table of Contents
Responsibility for Security and Protection
Security and Supervision
Chapter I. Comprehensive Regulations
In order to strengthen the security and the protection of computer information networks and of the Internet, and to preserve the social order and social stability, these regulations have been established on the basis of the "PRC Computer Information Network Protection Regulations", the "PRC Temporary Regulations on Computer Information Networks and the Internet" and other laws and administrative regulations.
The security, protection and management of all computer information networks within the borders of the PRC fall under these regulations.
The computer management and supervision organization of the Ministry of Public Security is responsible for the security, protection and management of computer information networks and the Internet. The Computer Management and Supervision organization of the Ministry of Public Security should protect the public security of computer information networks and the Internet as well as protect the legal rights of Internet service providing units and individuals as well as the public interest.
No unit or individual may use the Internet to harm national security, disclose state secrets, harm the interests of the State, of society or of a group, the legal rights of citizens, or to take part in criminal activities.
No unit or individual may use the Internet to create, replicate, retrieve, or transmit the following kinds of information:
(1) Inciting to resist or breaking the Constitution or laws or the implementation of administrative regulations;
(2) Inciting to overthrow the government or the socialist system;
(3) Inciting division of the country, harming national unification;
(4) Inciting hatred or discrimination among nationalities or harming the unity of the nationalities;
(5) Making falsehoods or distorting the truth, spreading rumors, destroying the order of society;
(6) Promoting feudal superstitions, sexually suggestive material, gambling, violence, murder;
(7) Terrorism or inciting others to criminal activity; openly insulting other people or distorting the truth to slander people;
(8) Injuring the reputation of state organs;
(9) Other activities against the Constitution, laws or administrative regulations.
No unit or individual may engage in the following activities which harm the security of computer information networks:
(1) No-one may use computer networks or network resources without getting proper prior approval
(2) No-one may without prior permission may change network functions or to add or delete information
(3) No-one may without prior permission add to, delete, or alter materials stored, processed or being transmitted through the network.
(4) No-one may deliberately create or transmit viruses.
(5) Other activities which harm the network are also prohibited.
The freedom and privacy of network users is protected by law. No unit or individual may, in violation of these regulations, use the Internet to violate the freedom and privacy of network users.
Chapter II. Responsibility for Security and Protection
Units and individuals engaged in Internet business must accept the security supervision, inspection, and guidance of the Public Security organization. This includes providing to the Public Security organization information, materials and digital document, and assisting the Public Security organization to discover and properly handle incidents involving law violations and criminal activities involving computer information networks.
The supervisory section or supervisory units of units which provide service through information network gateways through which information is imported and exported and connecting network units should, according to the law and relevant state regulations assume responsibility for the Internet network gateways as well as the security, protection, and management of the subordinate networks.
Connecting network units, entry point units and corporations that use computer information networks and the Internet and other organizations must assume the following responsibilities for network security and protection:
(1) Assume responsibility for network security, protection and management and establish a thoroughly secure, protected and well managed network;
(2) Carry out technical measures for network security and protection. Ensure network operational security and information security;
(3) Assume responsibility for the security education and training of network users;
(4) Register units and individuals to whom information is provided. Provide information according to the stipulations of article five;
(5) Establish a system for registering the users of electronic bulletin board systems on the computer information network as well as a system for managing bulletin board information;
(6) If a violation of articles four, five, six or seven is discovered than an unaltered record of the violation should be kept and reported to the local Public Security organization;
(7) According to the relevant State regulations, remove from the network and address, directory or server which has content in violation of article five.
The network user should fill out a user application form when applying for network services. The format of this application form is determined by Public Security.
Connecting network units, entry point units, and corporations that use computer information networks and the Internet and other organizations (including connecting network units that are inter-provincial, autonomous region, municipalities directly under the Central Government or the branch organization of these units) should, within 30 days of the opening of network connection, carry out the proper registration procedures with a unit designated by the Public Security organization of the provincial, autonomous region, or municipality directly under the Central Government peoples' government.
The units mentioned above have the responsibility to report for the record to the local public security organization information on the units and individuals which have connections to the network. The units must also report in a timely manner to Public Security organization any changes in the information about units or individuals using the network.
People who register public accounts should strengthen their management of the account and establish an account registration system. Accounts may not be lent or transferred.
Whenever units involved in matters such as national affairs, economic construction, building the national defense, and advanced science and technology are registered, evidence of the approval of the chief administrative section should be shown.
Appropriate measures should be taken to ensure the security and protection of the computer information network and Internet network links of the units mentioned above.
Chapter III. Security and Supervision
The provincial, autonomous region or municipal Public Security agency or bureau, as well as city and county Public Security organizations should have appropriate organizations to ensure the security, protection and management of the Internet.
The Public Security organization computer management and supervision organization should have information on the connecting network units, entry point unit, and users, establish a filing system for this information, maintain statistical information on these files and report to higher level units as appropriate.
The Public Security computer management and supervision organization should have establish a system for ensuring the security, protection and good management of the connecting network units, entry point unit, and users. The Public Security organization should supervise and inspect network security, protection and management and the implementation of security measures.
If the Public Security computer management and supervision organization discovers an address, directory or server with content in violation of Article 5, then the appropriate units should be notified to close or delete it.
The Public Security computer management and supervision organization is responsible for pursuing and dealing with illegal computer information network activities and criminal cases involving computer information networks. Criminal activities in violation of Article 4 or Article 7 should according to the relevant State regulations, be handed over to the relevant department or to the legal system for appropriate disposition.
Chapter IV. Legal Responsibility
For violations of law, administrative regulations or of Article 5 or Article 6 of these regulations, the Public Security organization gives a warning and if there income from illegal activities, confiscates the illegal earnings.
A fine not to exceed 5000 RMB to individuals and 15,000 RMB to work units may be assessed.
For serious offenses computer and network access can be closed down for up to six months, and if necessary Public Security can suggest that the business operating license of the concerned unit or the cancellation of its network registration.
Activities contravening public security management regulations are punishable in accordance with provisions of the public security management penalties articles.
Where crimes have occurred, prosecutions for criminal responsibility should be made.
Where one of the activities listed below has occurred, the Public Security organization should order that remedial action should be taken with a specific period and give a warning; if there has been illegal income, the income should be confiscated; if remedial action is not taken within the specified period, then a fine of not more than 5000 RMB may be assessed against the top management personnel in charge of the area and other persons directly responsible [for the violation] and a fine of
not more than 15,000 RMB against the unit; in the case of serious offenses, the network and equipment can be closed for up to six months.
If necessary Public Security may suggest that the business license of the organization be canceled and its network registration canceled.
(1) Not establishing a management system for network security and protection;
(2) Not implementing security techniques and protection measures;
(3) Not providing security education and training for network users;
(4) Not providing information, materials or electronic documentation needed for security, protection and management or providing false information;
(5) Not inspecting the content of information released on behalf of someone else or not registering the unit or individual on whose behalf the information was released;
(6) Not establishing a system for registering users and managing the information of electronic bulletin boards;
(7) Not removing web addresses and directories or not closing servers according to the relevant state regulations;
(8) Not establishing a system for registering users of public accounts;
(9) Lending or transferring accounts.
Violation of Article 4 or Article 7 of these regulations shall be punished according to the relevant laws and regulations.
Violations of Article 11 or Article 12 of these regulations or not fulfilling the responsibility or registering users shall be punished by a warning from Public Security or suspending network operations for six months.
Chapter V. Additional Regulations
These regulations should be consulted with regards to the implementation of the security, protection and management of computer information networks connecting to networks in the Hong Kong Special Administrative Region as well as with networks in the Taiwan and Macao districts.
These regulations go into effect on the day of promulgation.