Tag Archives: #China #intelligence #law #中華人民共和國國家信息與情報法草案

中國新的網絡安全法 // Internet Security Law of the People ‘s Republic of China

中國新的網絡安全法 // Internet Security Law of the People ‘s Republic of China

Table of Contents

    Chapter 1 General Provisions

Chapter 2 Network Security Support and Promotion

Chapter 3 Network Operation Safety

Section 1 General Provisions

SECTION 2: Operational safety of key information infrastructures

Chapter 4 Network Information Security

Chapter 5 Monitoring Early Warning and Emergency Handling

Chapter VI Legal Liability

Chapter VII Supplementary Provisions

Chapter 1 General Provisions

The first order to protect network security , safeguard cyberspace sovereignty and national security , public interests , protection of citizens , legal persons and other organizations , to promote the healthy development of economic and social information , this law is enacted .

Article in the territory of People’s Republic of China construction , operation , maintenance and use of the network , as well as supervision and management of network security , this Law shall apply .

Third countries adhere to both network security and information technology development , follow the active use , scientific development , according to management , to ensure the safety policy , promote the network infrastructure construction and interoperability , to encourage innovation and application of network technology , to support the development of network security personnel , Establish and improve the network security system , improve network security protection .

Article 4 The State shall formulate and continuously improve the network security strategy , clearly define the basic requirements and main objectives of the network security , and put forward the network security policies , tasks and measures in the key areas .

Article 5 The State shall take measures to monitor , defend and dispose of network security risks and threats arising from the territory of the People’s Republic of China , protect the critical information infrastructure from attack , intrusion , interference and destruction , punish the network for criminal activities and maintain the network Space security and order .

Article 6 The State shall promote the network behavior of honesty and trustworthiness , health and civilization , promote the dissemination of socialist core values , and take measures to raise the awareness and level of cybersecurity in the whole society and form a favorable environment for the whole society to participate in promoting network security .

Article VII countries active in cyberspace governance , network technology research and standards development , the fight against international exchange and cooperation network and other crimes , to promote the building of peace , security , open , cooperative cyberspace , multilateral , democratic , transparent network Governance system .

Article VIII of the National Network Information Department is responsible for co-ordination network security and related supervision and administration . State Council department in charge of telecommunications , public security departments and other relevant authorities in accordance with this Law and other relevant laws , administrative regulations , responsible for network security and supervision and administration within their respective areas of responsibility .

Local people’s governments above the county level of network security and regulatory functions , determined in accordance with relevant state regulations .

Article IX network and service operators to carry out business activities , must abide by laws , administrative regulations , respect social ethics , abide by business ethics , honesty and credit , fulfill the obligation to protect network security , and accept the supervision of government and society , social responsibility .

Article X build , operate or provide network services through a network , it should be in accordance with laws , regulations and national standards and administrative regulations of mandatory requirements , technical measures and other necessary measures , to ensure network security , stable operation , to effectively deal with network security incidents , Prevent cyber criminal activities , maintain the integrity of network data , confidentiality and usability .

Article XI  network-related industry organizations accordance with the constitution , strengthen self-discipline , to develop guidelines for network security behavior , guide members to strengthen network security , increase network security levels , and promote the healthy development of the industry .

Article XII of  the State protection of citizens , legal persons and other organizations the right to use the network in accordance with law , the promotion of universal access network , improve network service levels , and provide safe , convenient network services , to protect the free flow of network information according to law and orderly .

Any person and organization using the network should abide by the constitutional law , abide by the public order , respect social morality , not endanger the network security , shall not use the network to endanger national security , honor and interests , incite subversion of state power , overthrow the socialist system , incitement to split the country , The destruction of national unity , the promotion of terrorism , extremism , the promotion of national hatred , ethnic discrimination , the dissemination of violence , obscene pornography , fabricating and disseminating false information to disrupt economic order and social order , and infringe upon the reputation , privacy , intellectual property and other legitimate rights and interests of others And other activities .

Article XIII  countries to support research and development is conducive to healthy growth of minors networking products and services , punishing minors using the Internet to endanger physical and mental health activities according to law , to provide security for minors , healthy network environment .

Article 14  Any individual or organization shall have the right to report to the network , telecommunications , public security and other departments that are harmful to the safety of the Internet . The department that receives the report shall handle it in a timely manner and if it does not belong to the duties of the department , it shall promptly transfer the department to be handled .

The relevant departments shall keep the relevant information of the whistleblower and protect the legitimate rights and interests of the whistleblower .

Chapter 2 Network Security Support and Promotion

Article 15 The  State shall establish and improve the network security standard system . The department in charge of standardization of the State Council and other relevant departments under the State Council shall, in accordance with their respective duties , organize and formulate and revise the national standards and industry standards for network security management and network products , services and operation safety .

National support enterprises , research institutions , colleges and universities , network-related industry organizations to participate in network security national standards , industry standards .

Article 16 The   State Council and the people’s governments of provinces , autonomous regions and municipalities directly under the Central Government shall make overall plans , increase investment , support key network security technology industries and projects , support the research and development and application of network security technology , promote safe and reliable network products and services , Protection of network technology intellectual property rights , support enterprises , research institutions and colleges and universities to participate in national network security technology innovation projects .

Article 17 The   State shall promote the construction of a social security service system for network security and encourage the relevant enterprises and institutions to carry out safety services such as network security certification , testing and risk assessment .

Article 18 The   State encourages the development of network data security protection and utilization technology to promote the opening of public data resources and promote technological innovation and economic and social development .

State support innovative network security management , the use of new network technologies , enhance network security level .

Article XIX   governments at all levels and relevant departments should organize regular network security education , and guidance , and urge the relevant units to do network safety publicity and education work .

The mass media should be targeted to the community for network security publicity and education .

Article 20 The  State shall support enterprises and institutions of higher education , vocational schools and other educational and training institutions to carry out network safety-related education and training , and adopt a variety of ways to train network security personnel and promote the exchange of network security personnel .

Chapter 3 Network Operation Safety

Section 1 General Provisions

Article 21 The  State shall implement a system of network security protection . Network operators should be in accordance with the requirements of the network security level protection system , perform the following security obligations , to protect networks from interference , damage or unauthorized access , preventing data leakage or stolen , tampered with :

( 1 ) to formulate internal safety management systems and operating procedures , to determine the network security responsible person , the implementation of network security protection responsibility ;

( 2 ) to take precautions against computer viruses and network attacks , network intrusion and other hazards of network security behavior of technical measures ;

( 3 ) to take technical measures to monitor and record the operation status of the network and the network security incident , and to keep the relevant network log in accordance with the regulations for not less than six months ;

( D ) to take data classification , important data backup and encryption and other measures ;

( 5 ) other obligations stipulated by laws and administrative regulations .

Article 22 The  network products and services shall conform to the mandatory requirements of the relevant national standards . Network products , service providers may not set up malicious programs ; found their network products , services, security defects , loopholes and other risks , should immediately take remedial measures , in accordance with the provisions of the timely notification of the user and report to the relevant authorities .

The providers of network products and services shall provide continuous maintenance of their products and services ; they shall not terminate the provision of safety maintenance within the time limit prescribed by the parties or the parties .

Network products , services with the collection of user information function , the provider should be clear to the user and obtain consent ; involving the user’s personal information , but also should comply with this law and the relevant laws and administrative regulations on personal information protection requirements .

Article 23 The  network of key equipment and network security specific products should be in accordance with national standards of mandatory requirements , qualified by the agency safety certification or qualified safety testing to meet the requirements after , before they sell or provide . The State Network letter department in conjunction with the relevant departments of the State Council to develop and publish network key equipment and network security products directory , and promote safety certification and safety testing results mutual recognition , to avoid duplication of certification , testing .

Article 24 The  network operator shall handle the services such as network access , domain name registration service , fixed telephone and mobile telephone , or provide services such as information release and instant messaging , and enter into an agreement with the user or confirm the service when , should be required to provide true user identity information . If the user does not provide the true identity information , the network operator shall not provide the relevant service .

National implementation trusted identity network strategy , to support research and development of safe , convenient electronic authentication technology , to promote mutual recognition between different electronic authentication .

Article 25  network operators shall develop network security emergency response plan , timely disposal system vulnerabilities , computer viruses , network attacks , security risks and other network intrusions ; in the event of the occurrence of the harm network security , immediately launched the emergency plan , take the appropriate remedial measures , and report to the relevant authorities in accordance with the provisions .

Article 26   to carry out certification of network security , detection , risk assessment and other activities , released to the public system vulnerabilities , computer viruses , network attacks , network intrusions and other network information security , should comply with the relevant provisions of the State .

Article 27   No individual or organization may not engage in illegal intrusion into networks of others , interfere with the normal function of the network of others , active network data theft and other hazards network security ; not provide specifically for the network in the invasion , interfere with the normal function of the network and protective measures , theft Network data and other activities that endanger the network security activities , tools ; knowing that others engaged in activities that endanger network security , not to provide technical support , advertising , payment and settlement help .

Article 28 The   network operators shall provide technical support and assistance to the public security organs and the state security organs to safeguard the national security and the investigation of crimes according to law .

Article 29 The   State supports between network operators to collect information on network security , analysis , reporting and emergency response and other aspects of cooperation , to improve the security capabilities of network operators .

Relevant industry organizations to establish and improve network security norms and mechanisms for cooperation in this sector , to strengthen the analysis and evaluation of network security risks , regularly risk warning to the members , to support , to assist members to deal with network security risks .

Article 30   Network and Information Department and relevant information acquired in the performance of network security protection responsibilities , only for the need to maintain network security , shall not be used for other purposes .

SECTION 2: Operational safety of key information infrastructures

Article 31 The   state public communication and information services , energy , transportation , water conservancy , finance , public services , e-government and other important industries and fields , as well as other once destroyed , the loss of functionality or data leakage , could seriously endanger national security , people’s livelihood , the critical information infrastructure of public interest , on the basis of network security protection system on , special protection . The specific scope and safety protection of key information infrastructure shall be formulated by the State Council .

The country encourages network operators outside key information infrastructures to participate voluntarily in critical information infrastructure protection systems .

Article 32  in accordance with the division of duties prescribed by the State Council , responsible for the protection of critical information infrastructure security departments are working to formulate and implement the industry , the art of critical information infrastructure security planning , guidance and supervision of the safe operation of critical information infrastructure protection Work .

Article 33 The   construction of the critical information infrastructure to support business should ensure it has a stable , continuous operation performance , and technical measures to ensure the safety synchronized planning , simultaneous construction , simultaneous use .

Article 34   In addition to the provisions of Article 21 of this Law , critical information infrastructure operators shall perform the following security obligations :

( A ) set up a special safety management and safety management agency in charge of people , and the negative security background screening of responsibility and the key staff positions ;

( 2 ) regularly carry out network security education , technical training and skills assessment for employees ;

( Iii ) disaster recovery of critical systems and databases ;

( D ) the development of network security incident contingency plans , and regular exercise ;

( 5 ) other obligations stipulated by laws and administrative regulations .

Article 35 Where  a operator of a key information infrastructure purchases a network of products and services that may affect the safety of the State , it shall pass the national security review organized by the State Network Department in conjunction with the relevant departments of the State Council .

Article 36 of   the critical information infrastructure of network operators purchasing products and services , shall sign a confidentiality agreement with the security provider in accordance with the provisions , clear security and confidentiality obligations and responsibilities .

Article 37  Personal information and important data collected and produced by operators of key information infrastructure operators in the territory of the People’s Republic of China shall be stored in the territory . Due to business needs , do need to provide to the outside , should be in accordance with the State Network letter department in conjunction with the relevant departments of the State Council to develop a safety assessment ; laws and administrative regulations otherwise provided , in accordance with its provisions .

Article 38   critical information infrastructure operator shall himself or entrust their network security services and the possible risk of network security test and evaluation carried out at least once a year , and will assess the situation and improve the detection measures submitted to the responsible Key information Infrastructure Security protection work .

Article 39 The   State Network Letters shall coordinate the relevant departments to take the following measures for the protection of key information infrastructures :

( A ) the security risk of critical information infrastructure will be random testing , suggest improvements , can be entrusted network security services when necessary for the existence of network security risk assessment to detect ;

( 2 ) to organize the operators of key information infrastructures on a regular basis to conduct network security emergency drills to improve the level and coordination capability of responding to network security incidents ;

( 3 ) to promote the sharing of network security information between the relevant departments and operators of key information infrastructures and relevant research institutions and network security services ;

( Four ) emergency response network security incidents and recovery network functions, etc. , to provide technical support and assistance .

Chapter 4 Network Information Security

Article 40  network operators should collect information on its users strictly confidential , and establish and improve the user information protection system .

Article 41 Where a  network operator collects or uses personal information , it shall follow the principles of lawfulness , reason and necessity , publicly collect and use the rules , expressly collect and use the purpose , manner and scope of the information and agree with the collectors .

Services unrelated to the personal information of the network operator shall not collect its offer , shall not violate laws , administrative regulations and bilateral agreements to collect , use of personal information , and shall be in accordance with laws , administrative regulations and the agreement with the user , process save Of personal information .

Article 42   network operators shall not be disclosed , tampering , destruction of personal information it collects ; without the consent of the collectors , may not provide personal information to others . However , except that processing does not recognize a particular person and can not be recovered .

The network operator shall take technical measures and other necessary measures to ensure that the personal information collected by it is safe to prevent leakage , damage and loss of information . Or may occur in the event of leakage of personal information , damage , time lost the case , it should take immediate remedial measures , in accordance with the provisions promptly inform the user to the relevant competent authorities report .

Article 43   personal discovery network operators violate laws , administrative regulations or bilateral agreements to collect , use their personal information , the right to require network operators to delete their personal information ; find network operators to collect , store their personal The information is wrong , the right to require the network operator to be corrected . The network operator should take action to remove or correct it .

Article 44   No individual or organization may steal or acquire personal information in any other illegal manner and may not illegally sell or illegally provide personal information to others .

Article 45 The   departments and their staff members with network security supervision and administration according to law , must be aware of personal information in carrying out their duties , privacy and trade secrets strictly confidential , shall not disclose , sell or illegally available to others .

Article 46   No individual or organization shall be responsible for the use of network behavior , not set up to commit fraud , to teach criminal methods , production or sale of prohibited items , sites illegal and criminal activities of controlled items, etc. , communication groups , should not be used Internet publishing involves the implementation of fraud , the production or sale of prohibited items , control of goods and other criminal activities of the information .

Article 47   network operators should strengthen the management of information published by its users , we found that laws , administrative regulations prohibit the release or transfer of information , should immediately stop the transmission of the information , to take measures to eliminate the disposal, etc. , to prevent the diffusion of information , save The relevant records and report to the relevant authorities .

Article 48  electronic information sent by any individual and organization , application software provided , shall set up a malicious program , shall not contain laws , administrative regulations prohibit the release or transfer of information .

Send electronic information service providers and application software download service provider , shall perform the safety management obligations , know that the user is under the aforesaid acts , it should stop providing services , to take measures to eliminate the disposal, etc. , keep the relevant records , and the relevant authorities Report .

Article 49 The  network operators shall establish information such as complaints and reporting systems for network information security , announce complaints and report methods, and promptly accept and handle complaints and reports on the security of network information .

Supervision and inspection network operators to network and Information Department and relevant departments according to law , shall cooperate .

Article 50   National Grid and other departments concerned to fulfill the letter of network information security supervision and administration according to law , found legal , information and administrative regulations prohibit the release or transfer , should be required to stop the transmission network operator , to take measures to eliminate the disposal, etc. , keep the relevant records ; the above information comes from outside the People’s Republic of China , it shall notify the relevant agencies to take technical measures and other necessary measures to interrupt transmission .

Chapter 5 Monitoring Early Warning and Emergency Handling

Article 51 The   State shall establish a network security monitoring and early warning and information communication system . The national network letter department should coordinate the relevant departments to strengthen the network security information collection , analysis and notification work , in accordance with the provisions of unified release of network security monitoring and early warning information .

Article 52   is responsible for critical information infrastructure security affairs , shall establish and improve the industry , network security monitoring and early warning and communications systems in the art , and network security monitoring and early warning information submitted in accordance with the provisions .

Article 53   National Grid and Information Department to coordinate relevant departments to establish and improve network security risk assessment and emergency response mechanisms , the development of network security emergency response plan , and regular exercise .

Responsible for key information infrastructure security work departments should develop the industry , the field of network security incident contingency plans , and regularly organize exercises .

Network security emergency response plan should be in accordance with the degree of harm after the incident , the network security incidents were graded sphere of influence and other factors , and provides the appropriate emergency measures .

Article 54   of network security event that occurs when the risk increases , the provincial people’s governments shall, in accordance with statutory authorities and procedures , and the characteristics of the network security risks and possible harm , take the following measures :

( A ) asked the relevant authorities , institutions and personnel timely collection , reporting information , strengthening the monitoring of network security risks ;

( Two ) organizational departments , agencies and professionals , network security risk assessment information for analysis , predicting the likelihood of events , the scope and extent of harm ;

( C ) to the community release network security risk early warning , release to avoid , reduce the harm measures .

Article 55   of network security incidents , should immediately start emergency response plan network security , network security incident investigation and assessment , require network operators to take technical measures and other necessary measures , to eliminate safety hazards , prevent harm to expand , and in a timely manner Publish public-related warning messages to the community .

Article 56  above the provincial level people’s governments in the implementation of network safety supervision and management responsibilities , found that there is a big security risk or network security incidents , be in accordance with the authority and procedures of the legal representative of the network operator’s Person or main person in charge . The network operator shall take measures as required and carry out rectification and rectification to eliminate the hidden danger .

Article 57  because of network security incidents , the occurrence of unexpected events or production safety accidents , should be in accordance with the ” Emergency Response Law of People’s Republic of China “, ” Production Safety Law of People’s Republic of China ,” the relevant laws and so on , disposal and administrative regulations The

Article 58 for the maintenance of national security and public order , require major emergency incidents disposal of social security , the State Council decision or approval , can take temporary measures such as limiting network traffic in a particular area .

Chapter VI Legal Liability

Article 59 Where the   network operator fails to perform the obligations of the network security protection stipulated in Article 21 and Article 25 of this Law , the relevant competent department shall order it to make corrections and give a warning ; refusing to correct or cause harm to the network security and other consequences of , at 100,000 yuan fine of $ 10,000 or more , the person directly responsible for the 50,000 yuan fine of $ 5,000 or more .

If the operator of the key information infrastructure fails to perform the obligations of the network security protection as prescribed in Article 33 , Article 34 , Article 36 and Article 38 of this Law , the relevant competent department shall order it to make corrections and give a warning ; refuse to correct or cause harm network security consequences , at 1,000,000 yuan fine of $ 100,000 or more , the person directly responsible for at 100,000 yuan fine of $ 10,000 or more .

Article 60   in violation of the first paragraph of Article 22 of this Law , (2) and the first paragraph Article 48 , any of the following acts , ordered by the competent department of corrections , give a warning ; refuse to correct Or cause harm to the network security and other consequences , at 50,000 yuan to more than 500,000 yuan fine , the person in charge directly responsible for more than 10,000 yuan more than 100,000 yuan fine :

( A ) set up malicious programs ;

( Two ) of their products , security flaws services , risk exposure and other remedial measures are not taken immediately , or failing to promptly inform the user of the report to the relevant authorities ;

( 3 ) to terminate the security of its products and services .

Article 61   network operators who violate the provisions of Article 24 first paragraph , did not require users to provide real identity information , or provide related services for the user does not provide real identity information , by the competent authorities ordered to make corrections ; or refuse to correct the circumstances are serious , at five hundred thousand fine of $ 50,000 or more , and may be ordered by the competent authorities to suspend the relevant business , ordered to stop , to close the site , revoke the relevant business license or business license revoked , directly responsible for The person in charge and other directly responsible persons shall be fined not less than 10,000 yuan but not more than 100,000 yuan .

Article 62  in violation of Article 26 of this Law , to carry out certification of network security , detection , risk assessment and other activities , or to the public distribution system vulnerability , computer viruses , network attacks , network intrusions and other network security information , by the relevant the competent department shall order correction , given a warning ; refuse to correct or circumstances are serious , at 100,000 yuan fine of $ 10,000 or more , and may be ordered by the competent authorities to suspend the relevant business , ordered to stop , to close the site , revoked or related business license revoke the business license , the persons in charge and other directly responsible personnel directly responsible for 50,000 yuan fine of $ 5,000 or more .

Article 63   violation of Article 27 of this Law , engaged in activities that endanger network security , or to provide dedicated program to endanger network security activities , tools , technical support, or to endanger the security of network activity for others , advertising , payment settlement and other help , not constitute a crime , the public security authorities confiscate the illegal income , 5 days detention , can fine of over 50,000 yuan to 500,000 yuan fine ; the circumstances are serious , at least five days 15 days of detention , and may impose a fine of not less than 100,000 yuan but not more than one million yuan .

Units with the conduct of , the public security authorities confiscate the illegal income , at a fine of one million yuan more than 100,000 yuan , and directly in charge and other directly responsible personnel shall be punished in accordance with the preceding paragraph .

Violation of Article 27 of this Law , subject to administrative penalties for public security personnel , shall not engage in network security management and network operators work in key positions within five years ; people subject to criminal punishment , he may not engage in key positions in operations and network security management network Work .

Article 64 A  provider of a network operator , a network product or service shall , in violation of the provisions of Article 22 , paragraph 3 , and Article 41 to Article 43 of this Law , violate the right of the personal information to be protected according to law , ordered to make corrections by the competent authorities , can be a warning or a fine according to the seriousness single office , confiscate the illegal income , illegal income more than doubled a fine of ten times , there is no illegal income , at a fine of one million yuan , directly responsible Supervisors and other directly responsible persons shall be fined not less than 10,000 yuan but not more than 100,000 yuan ; if the circumstances are serious , they may order to suspend the relevant business , suspend business for rectification , close the website , revoke the relevant business license or revoke the business license .

Violation of the provisions of Article 44 of this Law , theft or other illegal means to obtain , illegally sell or illegally provide personal information to others , does not constitute a crime , the public security organs confiscated the illegal income , and more than double the illegal income ten times If there is no illegal income , a fine of not more than one million yuan shall be imposed .

Article 65 of the   critical information infrastructure of operators in violation of the provisions of Article 35 of this Law , used without safety review or not to review the security of the network through a product or service , by the competent authorities ordered to stop using , at the purchase amount More than ten times the fine ; the person directly in charge and other directly responsible persons shall be fined not less than 10,000 yuan but not more than 100,000 yuan .

Article 66   critical information infrastructure operators in violation of the provisions of Article 37 of this Law , outside the network data storage , or network data provided to the outside , ordered to make corrections by the competent authorities , be given a warning , confiscate the illegal income , of fifty yuan fine of $ 50,000 or more , and may be ordered to suspend the business , ordered to stop , to close the site , revoke the relevant business license or revoke the business license ; in charge and other directly responsible personnel directly responsible yuan and not Fine of not more than 100,000 yuan .

Article 67   in violation of the provisions of Article 46 of this Law , the website set up for the implementation of criminal activities , distribution group , or use the Internet release of information related to the implementation of criminal activities , does not constitute a crime , the public security organs 5 days detention , can impose a fine of 100,000 yuan ; the circumstances are serious , at least five days custody for 15 days or less , you can fine of over 50,000 yuan to 500,000 yuan fine . Close the website for the implementation of criminal activities , communication groups .

If the unit has the preceding paragraph , the public security organ shall be fined not less than 100,000 yuan but not more than 500,000 yuan , and shall be punished in accordance with the provisions of the preceding paragraph for the person directly in charge and other directly responsible persons .

Article 68  network operators in violation of the provisions of Article 47 of this Law , legal , administrative regulations prohibit the release or transfer of information transmission is not stopped , to take measures to eliminate the disposal, etc. , keep the relevant records , ordered by the competent department of corrections , given a warning , confiscation of illegal gains ; refuse to correct or circumstances are serious , at 500,000 yuan more than 100,000 yuan , and can be ordered to suspend the relevant business , ordered to stop , to close the site , revoke the relevant business license or business license revoked , A fine of not less than 10,000 yuan but not more than 100,000 yuan shall be imposed on the person directly in charge and other directly responsible persons .

Electronic messaging services provider , application software download service providers , non-compliance and safety management obligations specified in the second paragraph of Article 48 of this Law , in accordance with the preceding paragraph shall be punished .

Article 69   network operators in violation of the provisions of this Act , any of the following acts , by the competent authorities shall order rectification ; refuse to correct or circumstances are serious , at 500,000 Yuan more than 50,000 yuan , directly responsible for the charge and other directly responsible personnel , at one million yuan to 100,000 yuan fine :

( A ) not in accordance with the requirements of the relevant departments of the law , administrative regulations prohibit the release or the information’s transmission , taken to stop transmission , disposal measures to eliminate such ;

( 2 ) refusing or hindering the supervision and inspection carried out by the relevant departments according to law ;

( 3 ) refusing to provide technical support and assistance to the public security organs and the state security organs .

Article 70  issued or transmitted in Article 12 (2) and other laws , administrative regulations prohibit the release or transfer of information , in accordance with relevant laws , penalties and administrative regulations .

Article 71   of this Law prescribed offenses , in accordance with relevant laws , administrative regulations credited to the credit files , and to be publicized .

Article 72 Where  an operator of a government organ of a state organ fails to perform its obligations under the provisions of this Law , it shall be ordered by its superior organ or the relevant organ to make corrections , and the directly responsible person in charge and other directly responsible persons shall be punished according to law .

Article 73  Network and Information Department and relevant departments in violation of the provisions of Article 30 of this Law , the information acquired in the performance of network security protection responsibilities for other purposes , given to the persons in charge and other directly responsible personnel directly responsible according to law Punish .

The network department and the relevant departments of the staff neglected duty , abuse of power , favoritism , does not constitute a crime , according to the law to give punishment .

Article 74 Whoever , in violation of the   provisions of this Law , causes damage to others , shall bear civil liability according to law .

Violation of the provisions of this Law , constitute a violation of public security management behavior , according to the law to give security management punishment ; constitute a crime , shall be held criminally responsible .

Article 75   The organs , organizations and individuals engaged in activities , such as attack , intrusion , interference or destruction , which violate the key information infrastructure of the People’s Republic of China , cause serious consequences, and shall hold legal liabilities according to law ; the public security departments and relevant departments of the State Council the institution may decide , organize , to freeze property or other necessary personal sanctions .

Chapter VII Supplementary Provisions

Article 76   The meaning of the following terms in this Law :

( A ) network , refers to a computer or other information terminals and associated equipment consisting of the information collected in accordance with certain rules and procedures , storage , transmission , switching , the system processing .

( Two ) network security , refers to taking the necessary measures , to prevent attacks on the network , intrusion , interference , destruction and illegal use and accidents , the network is in a state of stable and reliable operation , integrity, and protect network data , privacy , The ability to be available .

( C ) network operators , refers to the network of owners , managers and network service providers .

( D ) network data , refers to the network through the collection , storage , transmission , processing and production of various electronic data .

( Five ) personal information , refer to various identification information can be used alone or in combination with other natural personal identity information electronically recorded or otherwise , including but not limited to a natural person’s name , date of birth , ID number , personal biometric information , Address , telephone number and so on .

Article 77 The   storage , processing network information involving state secrets operational security , in addition shall comply with this Act , shall also comply with privacy laws , administrative regulations .

Article 78   security protection of military networks , otherwise provided by the Central Military Commission .

Article 79   of this Law since 2017  6 June 1 from the date of implementation .

Original mandarin Chinese:

目    录

    第一章  总    则

第二章  网络安全支持与促进

第三章  网络运行安全

第一节  一般规定

第二节  关键信息基础设施的运行安全

第四章  网络信息安全

第五章  监测预警与应急处置

第六章  法律责任

第七章  附    则

第一章  总    则

第一条  为了保障网络安全,维护网络空间主权和国家安全、社会公共利益,保护公民、法人和其他组织的合法权益,促进经济社会信息化健康发展,制定本法。

第二条  在中华人民共和国境内建设、运营、维护和使用网络,以及网络安全的监督管理,适用本法。

第三条  国家坚持网络安全与信息化发展并重,遵循积极利用、科学发展、依法管理、确保安全的方针,推进网络基础设施建设和互联互通,鼓励网络技术创新和应用,支持培养网络安全人才,建立健全网络安全保障体系,提高网络安全保护能力。

第四条  国家制定并不断完善网络安全战略,明确保障网络安全的基本要求和主要目标,提出重点领域的网络安全政策、工作任务和措施。

第五条  国家采取措施,监测、防御、处置来源于中华人民共和国境内外的网络安全风险和威胁,保护关键信息基础设施免受攻击、侵入、干扰和破坏,依法惩治网络违法犯罪活动,维护网络空间安全和秩序。

第六条  国家倡导诚实守信、健康文明的网络行为,推动传播社会主义核心价值观,采取措施提高全社会的网络安全意识和水平,形成全社会共同参与促进网络安全的良好环境。

第七条  国家积极开展网络空间治理、网络技术研发和标准制定、打击网络违法犯罪等方面的国际交流与合作,推动构建和平、安全、开放、合作的网络空间,建立多边、民主、透明的网络治理体系。

第八条  国家网信部门负责统筹协调网络安全工作和相关监督管理工作。国务院电信主管部门、公安部门和其他有关机关依照本法和有关法律、行政法规的规定,在各自职责范围内负责网络安全保护和监督管理工作。

县级以上地方人民政府有关部门的网络安全保护和监督管理职责,按照国家有关规定确定。

第九条  网络运营者开展经营和服务活动,必须遵守法律、行政法规,尊重社会公德,遵守商业道德,诚实信用,履行网络安全保护义务,接受政府和社会的监督,承担社会责任。

第十条  建设、运营网络或者通过网络提供服务,应当依照法律、行政法规的规定和国家标准的强制性要求,采取技术措施和其他必要措施,保障网络安全、稳定运行,有效应对网络安全事件,防范网络违法犯罪活动,维护网络数据的完整性、保密性和可用性。

第十一条  网络相关行业组织按照章程,加强行业自律,制定网络安全行为规范,指导会员加强网络安全保护,提高网络安全保护水平,促进行业健康发展。

第十二条  国家保护公民、法人和其他组织依法使用网络的权利,促进网络接入普及,提升网络服务水平,为社会提供安全、便利的网络服务,保障网络信息依法有序自由流动。

任何个人和组织使用网络应当遵守宪法法律,遵守公共秩序,尊重社会公德,不得危害网络安全,不得利用网络从事危害国家安全、荣誉和利益,煽动颠覆国家政权、推翻社会主义制度,煽动分裂国家、破坏国家统一,宣扬恐怖主义、极端主义,宣扬民族仇恨、民族歧视,传播暴力、淫秽色情信息,编造、传播虚假信息扰乱经济秩序和社会秩序,以及侵害他人名誉、隐私、知识产权和其他合法权益等活动。

第十三条  国家支持研究开发有利于未成年人健康成长的网络产品和服务,依法惩治利用网络从事危害未成年人身心健康的活动,为未成年人提供安全、健康的网络环境。

第十四条  任何个人和组织有权对危害网络安全的行为向网信、电信、公安等部门举报。收到举报的部门应当及时依法作出处理;不属于本部门职责的,应当及时移送有权处理的部门。

有关部门应当对举报人的相关信息予以保密,保护举报人的合法权益。

第二章  网络安全支持与促进

第十五条  国家建立和完善网络安全标准体系。国务院标准化行政主管部门和国务院其他有关部门根据各自的职责,组织制定并适时修订有关网络安全管理以及网络产品、服务和运行安全的国家标准、行业标准。

国家支持企业、研究机构、高等学校、网络相关行业组织参与网络安全国家标准、行业标准的制定。

第十六条  国务院和省、自治区、直辖市人民政府应当统筹规划,加大投入,扶持重点网络安全技术产业和项目,支持网络安全技术的研究开发和应用,推广安全可信的网络产品和服务,保护网络技术知识产权,支持企业、研究机构和高等学校等参与国家网络安全技术创新项目。

第十七条  国家推进网络安全社会化服务体系建设,鼓励有关企业、机构开展网络安全认证、检测和风险评估等安全服务。

第十八条  国家鼓励开发网络数据安全保护和利用技术,促进公共数据资源开放,推动技术创新和经济社会发展。

国家支持创新网络安全管理方式,运用网络新技术,提升网络安全保护水平。

第十九条  各级人民政府及其有关部门应当组织开展经常性的网络安全宣传教育,并指导、督促有关单位做好网络安全宣传教育工作。

大众传播媒介应当有针对性地面向社会进行网络安全宣传教育。

第二十条  国家支持企业和高等学校、职业学校等教育培训机构开展网络安全相关教育与培训,采取多种方式培养网络安全人才,促进网络安全人才交流。

第三章  网络运行安全

第一节 一般规定

第二十一条  国家实行网络安全等级保护制度。网络运营者应当按照网络安全等级保护制度的要求,履行下列安全保护义务,保障网络免受干扰、破坏或者未经授权的访问,防止网络数据泄露或者被窃取、篡改:

(一)制定内部安全管理制度和操作规程,确定网络安全负责人,落实网络安全保护责任;

(二)采取防范计算机病毒和网络攻击、网络侵入等危害网络安全行为的技术措施;

(三)采取监测、记录网络运行状态、网络安全事件的技术措施,并按照规定留存相关的网络日志不少于六个月;

(四)采取数据分类、重要数据备份和加密等措施;

(五)法律、行政法规规定的其他义务。

第二十二条  网络产品、服务应当符合相关国家标准的强制性要求。网络产品、服务的提供者不得设置恶意程序;发现其网络产品、服务存在安全缺陷、漏洞等风险时,应当立即采取补救措施,按照规定及时告知用户并向有关主管部门报告。

网络产品、服务的提供者应当为其产品、服务持续提供安全维护;在规定或者当事人约定的期限内,不得终止提供安全维护。

网络产品、服务具有收集用户信息功能的,其提供者应当向用户明示并取得同意;涉及用户个人信息的,还应当遵守本法和有关法律、行政法规关于个人信息保护的规定。

第二十三条  网络关键设备和网络安全专用产品应当按照相关国家标准的强制性要求,由具备资格的机构安全认证合格或者安全检测符合要求后,方可销售或者提供。国家网信部门会同国务院有关部门制定、公布网络关键设备和网络安全专用产品目录,并推动安全认证和安全检测结果互认,避免重复认证、检测。

第二十四条  网络运营者为用户办理网络接入、域名注册服务,办理固定电话、移动电话等入网手续,或者为用户提供信息发布、即时通讯等服务,在与用户签订协议或者确认提供服务时,应当要求用户提供真实身份信息。用户不提供真实身份信息的,网络运营者不得为其提供相关服务。

国家实施网络可信身份战略,支持研究开发安全、方便的电子身份认证技术,推动不同电子身份认证之间的互认。

第二十五条  网络运营者应当制定网络安全事件应急预案,及时处置系统漏洞、计算机病毒、网络攻击、网络侵入等安全风险;在发生危害网络安全的事件时,立即启动应急预案,采取相应的补救措施,并按照规定向有关主管部门报告。

第二十六条  开展网络安全认证、检测、风险评估等活动,向社会发布系统漏洞、计算机病毒、网络攻击、网络侵入等网络安全信息,应当遵守国家有关规定。

第二十七条  任何个人和组织不得从事非法侵入他人网络、干扰他人网络正常功能、窃取网络数据等危害网络安全的活动;不得提供专门用于从事侵入网络、干扰网络正常功能及防护措施、窃取网络数据等危害网络安全活动的程序、工具;明知他人从事危害网络安全的活动的,不得为其提供技术支持、广告推广、支付结算等帮助。

第二十八条  网络运营者应当为公安机关、国家安全机关依法维护国家安全和侦查犯罪的活动提供技术支持和协助。

第二十九条  国家支持网络运营者之间在网络安全信息收集、分析、通报和应急处置等方面进行合作,提高网络运营者的安全保障能力。

有关行业组织建立健全本行业的网络安全保护规范和协作机制,加强对网络安全风险的分析评估,定期向会员进行风险警示,支持、协助会员应对网络安全风险。

第三十条  网信部门和有关部门在履行网络安全保护职责中获取的信息,只能用于维护网络安全的需要,不得用于其他用途。

第二节 关键信息基础设施的运行安全

第三十一条  国家对公共通信和信息服务、能源、交通、水利、金融、公共服务、电子政务等重要行业和领域,以及其他一旦遭到破坏、丧失功能或者数据泄露,可能严重危害国家安全、国计民生、公共利益的关键信息基础设施,在网络安全等级保护制度的基础上,实行重点保护。关键信息基础设施的具体范围和安全保护办法由国务院制定。

国家鼓励关键信息基础设施以外的网络运营者自愿参与关键信息基础设施保护体系。

第三十二条  按照国务院规定的职责分工,负责关键信息基础设施安全保护工作的部门分别编制并组织实施本行业、本领域的关键信息基础设施安全规划,指导和监督关键信息基础设施运行安全保护工作。

第三十三条  建设关键信息基础设施应当确保其具有支持业务稳定、持续运行的性能,并保证安全技术措施同步规划、同步建设、同步使用。

第三十四条  除本法第二十一条的规定外,关键信息基础设施的运营者还应当履行下列安全保护义务:

(一)设置专门安全管理机构和安全管理负责人,并对该负责人和关键岗位的人员进行安全背景审查;

(二)定期对从业人员进行网络安全教育、技术培训和技能考核;

(三)对重要系统和数据库进行容灾备份;

(四)制定网络安全事件应急预案,并定期进行演练;

(五)法律、行政法规规定的其他义务。

第三十五条  关键信息基础设施的运营者采购网络产品和服务,可能影响国家安全的,应当通过国家网信部门会同国务院有关部门组织的国家安全审查。

第三十六条  关键信息基础设施的运营者采购网络产品和服务,应当按照规定与提供者签订安全保密协议,明确安全和保密义务与责任。

第三十七条  关键信息基础设施的运营者在中华人民共和国境内运营中收集和产生的个人信息和重要数据应当在境内存储。因业务需要,确需向境外提供的,应当按照国家网信部门会同国务院有关部门制定的办法进行安全评估;法律、行政法规另有规定的,依照其规定。

第三十八条  关键信息基础设施的运营者应当自行或者委托网络安全服务机构对其网络的安全性和可能存在的风险每年至少进行一次检测评估,并将检测评估情况和改进措施报送相关负责关键信息基础设施安全保护工作的部门。

第三十九条  国家网信部门应当统筹协调有关部门对关键信息基础设施的安全保护采取下列措施:

(一)对关键信息基础设施的安全风险进行抽查检测,提出改进措施,必要时可以委托网络安全服务机构对网络存在的安全风险进行检测评估;

(二)定期组织关键信息基础设施的运营者进行网络安全应急演练,提高应对网络安全事件的水平和协同配合能力;

(三)促进有关部门、关键信息基础设施的运营者以及有关研究机构、网络安全服务机构等之间的网络安全信息共享;

(四)对网络安全事件的应急处置与网络功能的恢复等,提供技术支持和协助。

第四章  网络信息安全

第四十条  网络运营者应当对其收集的用户信息严格保密,并建立健全用户信息保护制度。

第四十一条  网络运营者收集、使用个人信息,应当遵循合法、正当、必要的原则,公开收集、使用规则,明示收集、使用信息的目的、方式和范围,并经被收集者同意。

网络运营者不得收集与其提供的服务无关的个人信息,不得违反法律、行政法规的规定和双方的约定收集、使用个人信息,并应当依照法律、行政法规的规定和与用户的约定,处理其保存的个人信息。

第四十二条  网络运营者不得泄露、篡改、毁损其收集的个人信息;未经被收集者同意,不得向他人提供个人信息。但是,经过处理无法识别特定个人且不能复原的除外。

网络运营者应当采取技术措施和其他必要措施,确保其收集的个人信息安全,防止信息泄露、毁损、丢失。在发生或者可能发生个人信息泄露、毁损、丢失的情况时,应当立即采取补救措施,按照规定及时告知用户并向有关主管部门报告。

第四十三条  个人发现网络运营者违反法律、行政法规的规定或者双方的约定收集、使用其个人信息的,有权要求网络运营者删除其个人信息;发现网络运营者收集、存储的其个人信息有错误的,有权要求网络运营者予以更正。网络运营者应当采取措施予以删除或者更正。

第四十四条  任何个人和组织不得窃取或者以其他非法方式获取个人信息,不得非法出售或者非法向他人提供个人信息。

第四十五条  依法负有网络安全监督管理职责的部门及其工作人员,必须对在履行职责中知悉的个人信息、隐私和商业秘密严格保密,不得泄露、出售或者非法向他人提供。

第四十六条  任何个人和组织应当对其使用网络的行为负责,不得设立用于实施诈骗,传授犯罪方法,制作或者销售违禁物品、管制物品等违法犯罪活动的网站、通讯群组,不得利用网络发布涉及实施诈骗,制作或者销售违禁物品、管制物品以及其他违法犯罪活动的信息。

第四十七条  网络运营者应当加强对其用户发布的信息的管理,发现法律、行政法规禁止发布或者传输的信息的,应当立即停止传输该信息,采取消除等处置措施,防止信息扩散,保存有关记录,并向有关主管部门报告。

第四十八条  任何个人和组织发送的电子信息、提供的应用软件,不得设置恶意程序,不得含有法律、行政法规禁止发布或者传输的信息。

电子信息发送服务提供者和应用软件下载服务提供者,应当履行安全管理义务,知道其用户有前款规定行为的,应当停止提供服务,采取消除等处置措施,保存有关记录,并向有关主管部门报告。

第四十九条  网络运营者应当建立网络信息安全投诉、举报制度,公布投诉、举报方式等信息,及时受理并处理有关网络信息安全的投诉和举报。

网络运营者对网信部门和有关部门依法实施的监督检查,应当予以配合。

第五十条  国家网信部门和有关部门依法履行网络信息安全监督管理职责,发现法律、行政法规禁止发布或者传输的信息的,应当要求网络运营者停止传输,采取消除等处置措施,保存有关记录;对来源于中华人民共和国境外的上述信息,应当通知有关机构采取技术措施和其他必要措施阻断传播。

第五章  监测预警与应急处置

第五十一条  国家建立网络安全监测预警和信息通报制度。国家网信部门应当统筹协调有关部门加强网络安全信息收集、分析和通报工作,按照规定统一发布网络安全监测预警信息。

第五十二条  负责关键信息基础设施安全保护工作的部门,应当建立健全本行业、本领域的网络安全监测预警和信息通报制度,并按照规定报送网络安全监测预警信息。

第五十三条  国家网信部门协调有关部门建立健全网络安全风险评估和应急工作机制,制定网络安全事件应急预案,并定期组织演练。

负责关键信息基础设施安全保护工作的部门应当制定本行业、本领域的网络安全事件应急预案,并定期组织演练。

网络安全事件应急预案应当按照事件发生后的危害程度、影响范围等因素对网络安全事件进行分级,并规定相应的应急处置措施。

第五十四条  网络安全事件发生的风险增大时,省级以上人民政府有关部门应当按照规定的权限和程序,并根据网络安全风险的特点和可能造成的危害,采取下列措施:

(一)要求有关部门、机构和人员及时收集、报告有关信息,加强对网络安全风险的监测;

(二)组织有关部门、机构和专业人员,对网络安全风险信息进行分析评估,预测事件发生的可能性、影响范围和危害程度;

(三)向社会发布网络安全风险预警,发布避免、减轻危害的措施。

第五十五条  发生网络安全事件,应当立即启动网络安全事件应急预案,对网络安全事件进行调查和评估,要求网络运营者采取技术措施和其他必要措施,消除安全隐患,防止危害扩大,并及时向社会发布与公众有关的警示信息。

第五十六条  省级以上人民政府有关部门在履行网络安全监督管理职责中,发现网络存在较大安全风险或者发生安全事件的,可以按照规定的权限和程序对该网络的运营者的法定代表人或者主要负责人进行约谈。网络运营者应当按照要求采取措施,进行整改,消除隐患。

第五十七条  因网络安全事件,发生突发事件或者生产安全事故的,应当依照《中华人民共和国突发事件应对法》、《中华人民共和国安全生产法》等有关法律、行政法规的规定处置。

第五十八条 因维护国家安全和社会公共秩序,处置重大突发社会安全事件的需要,经国务院决定或者批准,可以在特定区域对网络通信采取限制等临时措施。

第六章  法律责任

第五十九条  网络运营者不履行本法第二十一条、第二十五条规定的网络安全保护义务的,由有关主管部门责令改正,给予警告;拒不改正或者导致危害网络安全等后果的,处一万元以上十万元以下罚款,对直接负责的主管人员处五千元以上五万元以下罚款。

关键信息基础设施的运营者不履行本法第三十三条、第三十四条、第三十六条、第三十八条规定的网络安全保护义务的,由有关主管部门责令改正,给予警告;拒不改正或者导致危害网络安全等后果的,处十万元以上一百万元以下罚款,对直接负责的主管人员处一万元以上十万元以下罚款。

第六十条  违反本法第二十二条第一款、第二款和第四十八条第一款规定,有下列行为之一的,由有关主管部门责令改正,给予警告;拒不改正或者导致危害网络安全等后果的,处五万元以上五十万元以下罚款,对直接负责的主管人员处一万元以上十万元以下罚款:

(一)设置恶意程序的;

(二)对其产品、服务存在的安全缺陷、漏洞等风险未立即采取补救措施,或者未按照规定及时告知用户并向有关主管部门报告的;

(三)擅自终止为其产品、服务提供安全维护的。

第六十一条  网络运营者违反本法第二十四条第一款规定,未要求用户提供真实身份信息,或者对不提供真实身份信息的用户提供相关服务的,由有关主管部门责令改正;拒不改正或者情节严重的,处五万元以上五十万元以下罚款,并可以由有关主管部门责令暂停相关业务、停业整顿、关闭网站、吊销相关业务许可证或者吊销营业执照,对直接负责的主管人员和其他直接责任人员处一万元以上十万元以下罚款。

第六十二条  违反本法第二十六条规定,开展网络安全认证、检测、风险评估等活动,或者向社会发布系统漏洞、计算机病毒、网络攻击、网络侵入等网络安全信息的,由有关主管部门责令改正,给予警告;拒不改正或者情节严重的,处一万元以上十万元以下罚款,并可以由有关主管部门责令暂停相关业务、停业整顿、关闭网站、吊销相关业务许可证或者吊销营业执照,对直接负责的主管人员和其他直接责任人员处五千元以上五万元以下罚款。

第六十三条  违反本法第二十七条规定,从事危害网络安全的活动,或者提供专门用于从事危害网络安全活动的程序、工具,或者为他人从事危害网络安全的活动提供技术支持、广告推广、支付结算等帮助,尚不构成犯罪的,由公安机关没收违法所得,处五日以下拘留,可以并处五万元以上五十万元以下罚款;情节较重的,处五日以上十五日以下拘留,可以并处十万元以上一百万元以下罚款。

单位有前款行为的,由公安机关没收违法所得,处十万元以上一百万元以下罚款,并对直接负责的主管人员和其他直接责任人员依照前款规定处罚。

违反本法第二十七条规定,受到治安管理处罚的人员,五年内不得从事网络安全管理和网络运营关键岗位的工作;受到刑事处罚的人员,终身不得从事网络安全管理和网络运营关键岗位的工作。

第六十四条  网络运营者、网络产品或者服务的提供者违反本法第二十二条第三款、第四十一条至第四十三条规定,侵害个人信息依法得到保护的权利的,由有关主管部门责令改正,可以根据情节单处或者并处警告、没收违法所得、处违法所得一倍以上十倍以下罚款,没有违法所得的,处一百万元以下罚款,对直接负责的主管人员和其他直接责任人员处一万元以上十万元以下罚款;情节严重的,并可以责令暂停相关业务、停业整顿、关闭网站、吊销相关业务许可证或者吊销营业执照。

违反本法第四十四条规定,窃取或者以其他非法方式获取、非法出售或者非法向他人提供个人信息,尚不构成犯罪的,由公安机关没收违法所得,并处违法所得一倍以上十倍以下罚款,没有违法所得的,处一百万元以下罚款。

第六十五条  关键信息基础设施的运营者违反本法第三十五条规定,使用未经安全审查或者安全审查未通过的网络产品或者服务的,由有关主管部门责令停止使用,处采购金额一倍以上十倍以下罚款;对直接负责的主管人员和其他直接责任人员处一万元以上十万元以下罚款。

第六十六条  关键信息基础设施的运营者违反本法第三十七条规定,在境外存储网络数据,或者向境外提供网络数据的,由有关主管部门责令改正,给予警告,没收违法所得,处五万元以上五十万元以下罚款,并可以责令暂停相关业务、停业整顿、关闭网站、吊销相关业务许可证或者吊销营业执照;对直接负责的主管人员和其他直接责任人员处一万元以上十万元以下罚款。

第六十七条  违反本法第四十六条规定,设立用于实施违法犯罪活动的网站、通讯群组,或者利用网络发布涉及实施违法犯罪活动的信息,尚不构成犯罪的,由公安机关处五日以下拘留,可以并处一万元以上十万元以下罚款;情节较重的,处五日以上十五日以下拘留,可以并处五万元以上五十万元以下罚款。关闭用于实施违法犯罪活动的网站、通讯群组。

单位有前款行为的,由公安机关处十万元以上五十万元以下罚款,并对直接负责的主管人员和其他直接责任人员依照前款规定处罚。

第六十八条  网络运营者违反本法第四十七条规定,对法律、行政法规禁止发布或者传输的信息未停止传输、采取消除等处置措施、保存有关记录的,由有关主管部门责令改正,给予警告,没收违法所得;拒不改正或者情节严重的,处十万元以上五十万元以下罚款,并可以责令暂停相关业务、停业整顿、关闭网站、吊销相关业务许可证或者吊销营业执照,对直接负责的主管人员和其他直接责任人员处一万元以上十万元以下罚款。

电子信息发送服务提供者、应用软件下载服务提供者,不履行本法第四十八条第二款规定的安全管理义务的,依照前款规定处罚。

第六十九条  网络运营者违反本法规定,有下列行为之一的,由有关主管部门责令改正;拒不改正或者情节严重的,处五万元以上五十万元以下罚款,对直接负责的主管人员和其他直接责任人员,处一万元以上十万元以下罚款:

(一)不按照有关部门的要求对法律、行政法规禁止发布或者传输的信息,采取停止传输、消除等处置措施的;

(二)拒绝、阻碍有关部门依法实施的监督检查的;

(三)拒不向公安机关、国家安全机关提供技术支持和协助的。

第七十条  发布或者传输本法第十二条第二款和其他法律、行政法规禁止发布或者传输的信息的,依照有关法律、行政法规的规定处罚。

第七十一条  有本法规定的违法行为的,依照有关法律、行政法规的规定记入信用档案,并予以公示。

第七十二条  国家机关政务网络的运营者不履行本法规定的网络安全保护义务的,由其上级机关或者有关机关责令改正;对直接负责的主管人员和其他直接责任人员依法给予处分。

第七十三条  网信部门和有关部门违反本法第三十条规定,将在履行网络安全保护职责中获取的信息用于其他用途的,对直接负责的主管人员和其他直接责任人员依法给予处分。

网信部门和有关部门的工作人员玩忽职守、滥用职权、徇私舞弊,尚不构成犯罪的,依法给予处分。

第七十四条  违反本法规定,给他人造成损害的,依法承担民事责任。

违反本法规定,构成违反治安管理行为的,依法给予治安管理处罚;构成犯罪的,依法追究刑事责任。

第七十五条  境外的机构、组织、个人从事攻击、侵入、干扰、破坏等危害中华人民共和国的关键信息基础设施的活动,造成严重后果的,依法追究法律责任;国务院公安部门和有关部门并可以决定对该机构、组织、个人采取冻结财产或者其他必要的制裁措施。

第七章  附    则

第七十六条  本法下列用语的含义:

(一)网络,是指由计算机或者其他信息终端及相关设备组成的按照一定的规则和程序对信息进行收集、存储、传输、交换、处理的系统。

(二)网络安全,是指通过采取必要措施,防范对网络的攻击、侵入、干扰、破坏和非法使用以及意外事故,使网络处于稳定可靠运行的状态,以及保障网络数据的完整性、保密性、可用性的能力。

(三)网络运营者,是指网络的所有者、管理者和网络服务提供者。

(四)网络数据,是指通过网络收集、存储、传输、处理和产生的各种电子数据。

(五)个人信息,是指以电子或者其他方式记录的能够单独或者与其他信息结合识别自然人个人身份的各种信息,包括但不限于自然人的姓名、出生日期、身份证件号码、个人生物识别信息、住址、电话号码等。

第七十七条  存储、处理涉及国家秘密信息的网络的运行安全保护,除应当遵守本法外,还应当遵守保密法律、行政法规的规定。

第七十八条  军事网络的安全保护,由中央军事委员会另行规定。

第七十九条  本法自2017年6月1日起施行。

Communist Party of China referring URL:

http://www.npc.gov.cn/npc/xinwen/2016-11/07/content_2001605.htm

 

中華人民共和國國家信息與情報法草案 // People’s Republic of China DRAFT National Information & Intelligence Law

中華人民共和國國家信息與情報法草案

People’s Republic of China DRAFT National Information & Intelligence Law

A Note on the “National Information Law of the People ‘s Republic of China (Draft)”

First, the general idea of ​​legislation
First, under the guidance of the overall national security concept, adhere to the principle of socialist rule of law, focus on strengthening and safeguarding national intelligence work, respecting and safeguarding human rights, providing basic legal principles and legal basis for national intelligence work.
The second is to sum up the successful experience of China’s national intelligence work, based on the current and future period to carry out the actual needs of national intelligence work, provides the national intelligence work system mechanism, the national intelligence work agency’s authority and national intelligence work and so on.
The third is to deal with the national security law, anti-espionage law, anti-terrorism law and other legal relations, do with these laws convergence.

Second, the main content of the draft
(A) clear the national intelligence work tasks and institutional mechanisms. The draft stipulates that the national intelligence work should adhere to the overall national security concept and provide information for the major national decision-making, provide intelligence support for the prevention and mitigation of the risks that endanger national security, safeguard national power, sovereignty, unity, independence and territorial integrity, people’s well-being and economy Social sustainable development and other significant national interests (Article 2). Establish a sound national reunification, division of labor, scientific and efficient national intelligence system (Article 3). National security organs and public security organs intelligence agencies, military intelligence agencies in accordance with the division of responsibilities, with each other, do intelligence work, carry out intelligence action (Article 5).
(2) to clarify the powers of the State Intelligence Working Party. The drafting regulations stipulate that the national intelligence work agencies shall collect and deal with the organs of foreign institutions, organizations, individuals or implement or direct the financing of others, or the harm that the domestic institutions, organizations and individuals collusion with the overseas institutions, organizations and individuals of the People’s Republic of China Information on interests (Article 10). The national intelligence work agency shall provide information reference or basis (Article 11) for the prevention, suppression and punishment of foreign institutions, organizations and individuals in China to carry out acts that endanger our national security and interests in China. When the staff of the State Intelligence Working Party carry out their tasks according to law, they may go to the relevant authorities, organizations, enterprises and organizations and individuals to understand and inquire about the relevant circumstances, inspect or retrieve the relevant files, materials and articles; enter the relevant areas and places that restrict access; Enjoy the convenience of accommodation (Article 15, Article 16).
(3) to clarify the protection of national intelligence work. The drafting stipulates that the state shall strengthen the construction of the national intelligence work organization and carry out special management of its institutions, personnel, establishment, funds and assets; establish a management system for personnel recruitment, selection, assessment, training, treatment and withdrawal of personnel Nineteen). (Article 21) shall be protected by the staff of the national intelligence working agency and the personnel of the cooperative relationship and their close relatives. For those who contribute to the national intelligence work and need to be resettled, the relevant departments shall assist the national intelligence work agencies to properly resettle (Article 22). The draft also provides for the support and cooperation of citizens and organizations (Article 6, Article 13). Provides for the imposition of national intelligence work, disclosure of legal responsibility for state secrets related to national intelligence work (Article 25, Article 26).
(4) to clarify the norms and supervision of national intelligence work. The draft stipulates that national intelligence work should be carried out in accordance with the law, respect and protect human rights (Article VII). The national intelligence working agencies and their staff shall not go beyond their powers, abuse their power and engage in malpractices for personal gains, and shall not violate the lawful rights and interests of citizens and organizations and shall not disclose state secrets, trade secrets and personal privacy (Article 18). The State Intelligence Working Party shall abide by the relevant provisions of the State when using the necessary means, means and channels (Article 14, Article 15, Article 16 and Article 17). The national intelligence working agency shall establish a supervision and safety review system (Article 23). The draft also stipulates that any individual and organization shall have the right to report to the higher authorities or relevant departments for the violation of the powers, abuse of power, malpractice for personal gains and other offenses against the national intelligence working agencies and their staff members (Article 24).

Original Mandarin Chinese:

關於《中華人民共和國國家情報法(草案)》的說明

一、立法的總體思路
一是以總體國家安全觀為指導,堅持社會主義法治原則,著眼於加強和保障國家情報工作,尊重和保障人權,為國家情報工作提供基本的法律原則和法律依據。
二是總結我國國家情報工作的成功經驗,立足於當前和今後一段時期開展國家情報工作的實際需要,規定了國家情報工作的體制機制、國家情報工作機構的職權以及國家情報工作保障等內容。
三是處理好與國家安全法、反間諜法、反恐怖主義法等法律的關係,做好與這些法律的銜接。
二、草案的主要內容
(一)明確國家情報工作的任務和體制機制。草案規定,國家情報工作堅持總體國家安全觀,為國家重大決策提供情報參考,為防範和化解危害國家安全的風險提供情報支持,維護國家政權、主權、統一、獨立和領土完整、人民福祉、經濟社會可持續發展和國家其他重大利益(第二條)。建立健全集中統一、分工協作、科學高效的國家情報體制(第三條)。國家安全機關和公安機關情報機構、軍隊情報機構按照職責分工,相互配合,做好情報工作、開展情報行動(第五條)。
(二)明確國家情報工作機構的職權。草案規定,國家情報工作機構應當依法蒐集、處理境外機構、組織、個人實施或者指使、資助他人實施,或者境內機構、組織、個人與境外機構、組織、個人相勾結實施的危害中華人民共和國國家安全、利益的相關信息(第十條)。國家情報工作機構應當為防範、制止和懲治境外機構、組織、個人在中國境內實施的危害我國國家安全、利益的行為提供情報參考或依據(第十一條)。國家情報工作機構工作人員依法執行任務時,可以向有關機關、團體、企業事業組織和個人了解、詢問有關情況,查閱或者調取有關的檔案、資料、物品;進入限制進入的有關地區、場所;享受通行便利等(第十五條、第十六條)。
(三)明確國家情報工作保障。草案規定,國家加強國家情報工作機構建設,對其機構設置、人員、編制、經費、資產實行特殊管理;建立適應情報工作需要的人員錄用、選調、考核、培訓、待遇、退出等管理制度(第十九條)。對國家情報工作機構工作人員和有合作關係人員及其近親屬人身安全予以保護(第二十一條)。對為國家情報工作作出貢獻並需要安置的人員,有關部門應當協助國家情報工作機構妥善安置(第二十二條)。草案還規定了公民和組織的支持、配合義務(第六條、第十三條)。規定了阻礙國家情報工作、洩露與國家情報工作有關的國家秘密的法律責任(第二十五條、第二十六條)。
(四)明確對國家情報工作的規範和監督。草案規定,國家情報工作應當依法進行,尊重和保障人權(第七條)。國家情報工作機構及其工作人員不得超越職權、濫用職權、徇私舞弊,不得侵犯公民和組織的合法權益,不得洩露國家秘密、商業秘密和個人隱私(第十八條)。國家情報工作機構使用必要的方式、手段和渠道開展工作時,應當遵守國家有關規定(第十四條、第十五條、第十六條、第十七條)。國家情報工作機構應當建立監督和安全審查制度(第二十三條)。草案還規定了任何個人和組織對國家情報工作機構及其工作人員超越職權、濫用職權、徇私舞弊和其他違法行為,有權向上級機關或者有關部門檢舉、控告(第二十四條)。

 

Original Communist Chinese Government Source:

http://www.npc.gov.cn/COBRS_LFYJNEW/user/UserIndex.jsp?ID=8289337