China’s recently proposed draft cybersecurity law makes it clear that the national Internet information authorities should perform the duties of supervision and management of network security. Once a publication or transmission of information that is prohibited by laws and regulations occurs, the authorities must demand the service provider to stop the transmission network operator, take measures to eliminate the information, and save the relevant records. When the above mentioned information comes from abroad, the authorities must notify the relevant agencies to take technical and other necessary measures to block the dissemination of the information.
The Draft emphasizes real name registration, requiring that Internet service providers should require the users to submit real identity information at the time of signing an agreement or confirmation or service. If the user does not submit real identity information, the service provider is not allowed to provide the related services. Any service provider who does not require users to submit real identity information, or who provides service to users who have not submitted their real identity is subject to a fine between 50,000 yuan (US$8,053) and 500,000 yuan (US$80,530). That provider may also be ordered to suspend all relevant business, stop or close operations, or have its relevant business license revoked.
The Draft classifies the websites or online systems that have a large number of users into the category of critical information infrastructure. It requires that the operator of the critical information infrastructure should collect and store important data such as citizen’s personal information within its borders. Any operator that stores Internet based data overseas, or provides data to overseas organizations or individuals without security assessments is subject to a fine between 50,000 yuan (US$8,053) and 500,000 yuan (US$80,530). It may also be ordered to suspend all relevant business, stop or close its operation, or have its relevant business license revoked. Executives directly responsible and other personnel directly responsible are subject to a fine between 10,000 yuan (US$1,611) and 100,000 yuan (US$16,110).
The Draft makes provisions for Internet security monitoring and an early warning and emergency response system. It requires that, when an Internet security incident occurs, the authorities at government offices above the county level should immediately start the network security emergency response plan and release the public-related warnings and relevant information. The Draft makes provision for Internet control: "For safeguarding national security and maintaining public order, out of the need to deal with major emergency social safety incidents, the State Council or provincial governments under the approval of the State Council can adopt temporary measures including limiting Internet communications in some areas."
Source: People’s Daily Online, July 9, 2015