Search This Section
16 Jul 2015
On 6 July 2015, the Standing Committee of the National People’s Congress (“SCNPC”) released the Cyber Security Law (Draft) (“Draft”) for public comment. Cyber security legislation has recently become a focus of the PRC government, with provisions on cyber security being incorporated into the National Security Law, the Anti-Terrorism law (Draft) as well as other laws and regulations. Following closely this legislative trend, the Draft more systematically regulates cyber security issues and is likely to significantly impact the development of the Internet industry in China. The main content of the Draft is summarized below.
I. Cyber Security Interests And Main Threats
Article 1 of the Draft stipulates that cyber security interests include the following three items, and the legislative objective of the Draft is to protect such interests:
The Explanation of the Cyber Security Law (Draft) released along with the Draft explains that the Draft focuses on regulating the three main threats to such rights and interests, namely:
II. Application Scope of the Cyber Security Law
Article 2 of the Draft stipulates that the Draft applies to the construction, operation, maintenance and use of networks, and the supervision and administration of cyber security within the PRC territory. Against the backdrop of the boom of Mobile Internet, the Draft defines the “network” as the network and system consisting of computers or other information terminals and relevant equipment which collects, stores, transmits, exchanges and processes information in accordance with certain rules and procedures. Therefore, the Cyber Security Law shall apply to activities relating to the construction, operation, maintenance and use of the Internet within the territory of the PRC.
III. The Responsibilities Of Each Party
The Draft clearly stipulates the duties and responsibilities of the three main groups that participate in the activities related to the Internet, i.e., supervisors, users and operators:
Article 6 of the Draft stipulates that the national cyberspace administration authority is responsible for the coordination of cyber security work and the relevant supervision and administration work, while the Ministry of Industry and Information Technology (“MIIT”), the Ministry of Public Security (“MPS”) and other relevant government departments shall be in charge of the protection and supervision of cyber security within their respective scopes of authority.
Currently, the national cyberspace administration authority consists of the Office of the Central Leading Group of Cyberspace Affairs and Cyberspace Administration of China. Such authority will be the coordinating authority for cyber security in the future, while the MIIT, the MPS, the Ministry of State Securities and relevant ministries and committees will be responsible for cyber security in their own fields.
As for Internet users, the Draft expressly forbids conducting activities related to the three main threats to cyber security, namely:
In the meantime, Article 10 of the Draft stipulates that users have right to report activities that impair cyber security to the relevant cyber security supervisors.
In the Draft, the definition of network operator (“Network Operators”) is broad enough to include: the owners of network, administrators of network, and service providers who provide relevant services through networks owned or managed by others, including basic telecommunication operators, network information service providers, and important information system operators.
In view of the central role the Network Operator plays in cyber security, the Draft specifies and elaborates on the responsibilities of the Network Operator, which mainly include:
Apart from the abovementioned regulations targeting the overall Network Operators, the Draft strengthens cyber security protection by additionally stipulating many responsibilities for the Network Operators of key information infrastructure, such as the networks related to the energy, transportation, water conservation, finance, power supply, water supply, gas supply and healthcare industries, and social security, military, government organizations and networks with numerous users.
Currently, the Draft is in the process of legislation, and has been initially reviewed by the fifth session of twelfth SCNPC. The Draft is released for public comment between 6 July 2015 and 5 August 2015. Given that the PRC government is putting significant emphasis on the legislation of cyber security, it is predicted that the Draft will be fast-tracked for comments and revision, second or third reviews, and discussion and approval by voting. We would recommend and advise Network Operators to plan ahead by paying close attention to the influence the Draft will have on their business, and be fully prepared for the formal implementation of the Draft.