Cybersecurity Law of the People's Republic of China
Cybersecurity Law of the People's Republic of China
Cybersecurity Law of the People's Republic of China
Order of the President of the People's Republic of China No. 53
November 7, 2016
The Cybersecurity Law of the People's Republic of China, adopted at the 24th Session of the Standing Committee of the 12th National People's Congress on November 7, 2016, is hereby promulgated and shall come into force as of June 1, 2017.
Xi Jinping, President of the People's Republic of China
Cybersecurity Law of the People's Republic of China
(Adopted at the 24th Session of the Standing Committee of the 12th National People's Congress on November 7, 2016)
Contents
Chapter I General Provisions
Chapter II Support and Promotion of Cybersecurity
Chapter III Network Operation Security
Section 1 General Provisions
Section 2 Operation Security of Critical Information Infrastructure
Chapter IV Network Information Security
Chapter V Monitoring, Early Warning and Emergency Disposal
Chapter VI Legal Liability
Chapter VII Supplementary Provisions
Chapter I General Provisions
Article 1 The Cybersecurity Law of the People's Republic of China (hereinafter referred to as the "Law") is formulated for the purposes of ensuring cybersecurity, safeguarding cyberspace sovereignty, national security and public interests, protecting the legitimate rights and interests of citizens, legal persons and other organizations, and promoting the healthy development of economic and social informatization.
Article 2 The Law shall apply to the construction, operation, maintenance and use of the network as well as the supervision and administration of the cybersecurity within the territory of the People's Republic of China.
Article 3 The State adheres to equal focus on cybersecurity and information-based development, follows the guidelines of positive use, scientific development, lawful management and security assurance, promotes the construction of cyber infrastructure and its interconnection, encourages the innovation in and application of cyber technologies, supports the cultivation of talents in respect of cybersecurity, establishes and perfects the cybersecurity guarantee system and raises the ability to protect cybersecurity.
Article 4 The State shall make and continuously improve cybersecurity strategies, specify the basic requirements and main objectives for cybersecurity protection, and propose cybersecurity policies, working tasks and measures in key areas.
Article 5 The State shall take measures to monitor, defend against and deal with cybersecurity risks and threats from both within and outside the territory of the People's Republic of China, to protect critical information infrastructure from attacks, intrusions, interference and damage, to punish illegal criminal activities on the network in accordance with the law and to preserve cyberspace security and order.
Article 6 The State shall advocate honest, faithful, healthy and civilized cyber behaviors, advance the spreading of the core socialist values, and take measures to improve the awareness and level of cybersecurity of the whole of society, forming a sound environment for promoting cybersecurity with the participation of all the public.
Article 7 The State shall actively carry out international exchange and cooperation in terms of cyberspace governance, research and development of cyber technologies, establishment of the standards thereof and fighting against illegal crimes committed on the network and other aspects, promote the construction of a peaceful, safe, open and cooperative cyberspace, and establish a multilateral, democratic and transparent system for network governance.
Article 8 The national cyberspace administration authority is responsible for the overall planning and coordination of cybersecurity work and relevant supervision and administration work. The competent telecommunication department of the State Council, public security departments and other relevant authorities shall be responsible for protecting, supervising and administering cybersecurity within the scope of their respective responsibilities in accordance with the provisions of this Law and other relevant laws and administrative regulations.
Responsibilities of relevant departments under local people's governments at or above the county level for protecting, supervising and administering cybersecurity shall be determined in accordance with the relevant provisions of the State.
Article 9 Network operators, while carrying out business and service activities, shall abide by laws and administrative regulations, show respect for social moralities, follow business ethics, act in good faith, perform the obligation of cybersecurity protection and accept supervision by the government and social public and undertake social responsibilities.
Article 10 For the construction and operation of a network or the provision of services through a network, it is a requirement to, in accordance with the provisions of laws and administrative regulations and the mandatory requirements of national standards, take technical measures and other necessary measures to ensure the secure and stable operation of the network, effectively respond to cybersecurity incidents, prevent illegal crimes committed on the network, and maintain the integrity, confidentiality and availability of cyber data.
Article 11 Cyber-related industrial organizations shall, in accordance with their regulations, intensify industrial self-discipline, formulate regulations on cybersecurity behaviors, instruct their members to strengthen cybersecurity protection, raise the level of cybersecurity protection and promote the healthy development of relevant industries.
Article 12 The State protects the rights of citizens, legal persons and other organizations to use cyberspace according to the law, promotes the popularity of network access, and raises the level of network services, so as to provide the public with secure and convenient network services and guarantee the orderly and free flow of network information in accordance with the law.
Any individual and organization using the network shall comply with the constitution and the laws, follow the public order and respect social moralities, and shall neither endanger cybersecurity, nor engage in activities by making use of the network that endanger the national security, honor and interests, incite to subvert the State power and overthrow the socialist system, incite to split the country and undermine the national unity, advocate terrorism and extremism, propaganda of ethnic hatred and discrimination, spread violent and pornographic information, fabricate or disseminate false information to disturb the economic and social order, or infringe on the fame, privacy, intellectual property and other legitimate rights and interests of others.
Article 13 The State encourages the research and development of network products and services that are favorable to minors' healthy growth and takes punitive measures against acts by making use of the network for those activities that do harm to the physical and psychological health of minors according to the law for the purpose of creating a secure and healthy network environment for minors.
Article 14 Any individual or organization shall have the right to report the behaviors that endanger cybersecurity to the cyberspace administration authorities, telecommunication departments, public security departments, etc. Any department receiving a report shall promptly handle such report in accordance with the law and transfer the report to the department with the jurisdiction if the said report is beyond its own responsibility.
Departments concerned shall maintain the confidentiality of certain information on informants and protect their legitimate rights and interests.
Chapter II Support and Promotion of Cybersecurity
Article 15 The State establishes and improves the system of cybersecurity standards. The competent standardization administrative department under the State Council and other relevant departments under the State Council shall, in accordance with their respective responsibilities, organize the formulation of relevant national and industrial standards for cybersecurity administration and the security of network products, services and operations and make revisions at appropriate times.
The State supports enterprises, research institutions, institutions of higher education, and network-related industrial organizations to participate in the formulation of national and industrial standards for cybersecurity.
Article 16 The State Council and the people's governments of all provinces, autonomous regions and municipalities directly under the Central Government shall conduct the overall planning, increase the input, support key cybersecurity technology industries and projects, support the research, development and application of cybersecurity technologies, promote safe and reliable network products and services, and protect the intellectual property rights of network technologies and support enterprises, research institutes, institutions of higher education to participate in national innovation projects related to cybersecurity technologies.
Article 17 The State shall boost the construction of a socialized service system for cybersecurity, and encourage enterprises and institutions concerned to provide such security services as the authentication, detection and risk evaluation of cybersecurity.
Article 18 The State shall encourage the development of technologies for protecting and using network data, promote the availability of public data resources and propel technological innovation and social and economic development.
The State supports the innovation of cybersecurity administrative methods, applying new network technologies and enhancing the level of cybersecurity protection.
Article 19 People's governments at all levels and the relevant departments thereof shall organize and provide regular publicity and education on cybersecurity, and guide, supervise and urge relevant entities to provide such publicity and education on cybersecurity in an effective way.
The mass media shall provide publicity and education on cybersecurity targeted at the public specifically.
Article 20 The State supports enterprises, institutions of higher education, vocational schools and other education training institutions to carry out cybersecurity-related education and training, adopt multiple methods to cultivate talents for cybersecurity and promote the exchange of talents for cybersecurity.
Chapter III Network Operation Security
Section 1 General Provisions
Article 21 The State implements the classified protection system for cybersecurity.
......
Order of the President of the People's Republic of China No. 53
November 7, 2016
The Cybersecurity Law of the People's Republic of China, adopted at the 24th Session of the Standing Committee of the 12th National People's Congress on November 7, 2016, is hereby promulgated and shall come into force as of June 1, 2017.
Xi Jinping, President of the People's Republic of China
Cybersecurity Law of the People's Republic of China
(Adopted at the 24th Session of the Standing Committee of the 12th National People's Congress on November 7, 2016)
Contents
Chapter I General Provisions
Chapter II Support and Promotion of Cybersecurity
Chapter III Network Operation Security
Section 1 General Provisions
Section 2 Operation Security of Critical Information Infrastructure
Chapter IV Network Information Security
Chapter V Monitoring, Early Warning and Emergency Disposal
Chapter VI Legal Liability
Chapter VII Supplementary Provisions
Chapter I General Provisions
Article 1 The Cybersecurity Law of the People's Republic of China (hereinafter referred to as the "Law") is formulated for the purposes of ensuring cybersecurity, safeguarding cyberspace sovereignty, national security and public interests, protecting the legitimate rights and interests of citizens, legal persons and other organizations, and promoting the healthy development of economic and social informatization.
Article 2 The Law shall apply to the construction, operation, maintenance and use of the network as well as the supervision and administration of the cybersecurity within the territory of the People's Republic of China.
Article 3 The State adheres to equal focus on cybersecurity and information-based development, follows the guidelines of positive use, scientific development, lawful management and security assurance, promotes the construction of cyber infrastructure and its interconnection, encourages the innovation in and application of cyber technologies, supports the cultivation of talents in respect of cybersecurity, establishes and perfects the cybersecurity guarantee system and raises the ability to protect cybersecurity.
Article 4 The State shall make and continuously improve cybersecurity strategies, specify the basic requirements and main objectives for cybersecurity protection, and propose cybersecurity policies, working tasks and measures in key areas.
Article 5 The State shall take measures to monitor, defend against and deal with cybersecurity risks and threats from both within and outside the territory of the People's Republic of China, to protect critical information infrastructure from attacks, intrusions, interference and damage, to punish illegal criminal activities on the network in accordance with the law and to preserve cyberspace security and order.
Article 6 The State shall advocate honest, faithful, healthy and civilized cyber behaviors, advance the spreading of the core socialist values, and take measures to improve the awareness and level of cybersecurity of the whole of society, forming a sound environment for promoting cybersecurity with the participation of all the public.
Article 7 The State shall actively carry out international exchange and cooperation in terms of cyberspace governance, research and development of cyber technologies, establishment of the standards thereof and fighting against illegal crimes committed on the network and other aspects, promote the construction of a peaceful, safe, open and cooperative cyberspace, and establish a multilateral, democratic and transparent system for network governance.
Article 8 The national cyberspace administration authority is responsible for the overall planning and coordination of cybersecurity work and relevant supervision and administration work. The competent telecommunication department of the State Council, public security departments and other relevant authorities shall be responsible for protecting, supervising and administering cybersecurity within the scope of their respective responsibilities in accordance with the provisions of this Law and other relevant laws and administrative regulations.
Responsibilities of relevant departments under local people's governments at or above the county level for protecting, supervising and administering cybersecurity shall be determined in accordance with the relevant provisions of the State.
Article 9 Network operators, while carrying out business and service activities, shall abide by laws and administrative regulations, show respect for social moralities, follow business ethics, act in good faith, perform the obligation of cybersecurity protection and accept supervision by the government and social public and undertake social responsibilities.
Article 10 For the construction and operation of a network or the provision of services through a network, it is a requirement to, in accordance with the provisions of laws and administrative regulations and the mandatory requirements of national standards, take technical measures and other necessary measures to ensure the secure and stable operation of the network, effectively respond to cybersecurity incidents, prevent illegal crimes committed on the network, and maintain the integrity, confidentiality and availability of cyber data.
Article 11 Cyber-related industrial organizations shall, in accordance with their regulations, intensify industrial self-discipline, formulate regulations on cybersecurity behaviors, instruct their members to strengthen cybersecurity protection, raise the level of cybersecurity protection and promote the healthy development of relevant industries.
Article 12 The State protects the rights of citizens, legal persons and other organizations to use cyberspace according to the law, promotes the popularity of network access, and raises the level of network services, so as to provide the public with secure and convenient network services and guarantee the orderly and free flow of network information in accordance with the law.
Any individual and organization using the network shall comply with the constitution and the laws, follow the public order and respect social moralities, and shall neither endanger cybersecurity, nor engage in activities by making use of the network that endanger the national security, honor and interests, incite to subvert the State power and overthrow the socialist system, incite to split the country and undermine the national unity, advocate terrorism and extremism, propaganda of ethnic hatred and discrimination, spread violent and pornographic information, fabricate or disseminate false information to disturb the economic and social order, or infringe on the fame, privacy, intellectual property and other legitimate rights and interests of others.
Article 13 The State encourages the research and development of network products and services that are favorable to minors' healthy growth and takes punitive measures against acts by making use of the network for those activities that do harm to the physical and psychological health of minors according to the law for the purpose of creating a secure and healthy network environment for minors.
Article 14 Any individual or organization shall have the right to report the behaviors that endanger cybersecurity to the cyberspace administration authorities, telecommunication departments, public security departments, etc. Any department receiving a report shall promptly handle such report in accordance with the law and transfer the report to the department with the jurisdiction if the said report is beyond its own responsibility.
Departments concerned shall maintain the confidentiality of certain information on informants and protect their legitimate rights and interests.
Chapter II Support and Promotion of Cybersecurity
Article 15 The State establishes and improves the system of cybersecurity standards. The competent standardization administrative department under the State Council and other relevant departments under the State Council shall, in accordance with their respective responsibilities, organize the formulation of relevant national and industrial standards for cybersecurity administration and the security of network products, services and operations and make revisions at appropriate times.
The State supports enterprises, research institutions, institutions of higher education, and network-related industrial organizations to participate in the formulation of national and industrial standards for cybersecurity.
Article 16 The State Council and the people's governments of all provinces, autonomous regions and municipalities directly under the Central Government shall conduct the overall planning, increase the input, support key cybersecurity technology industries and projects, support the research, development and application of cybersecurity technologies, promote safe and reliable network products and services, and protect the intellectual property rights of network technologies and support enterprises, research institutes, institutions of higher education to participate in national innovation projects related to cybersecurity technologies.
Article 17 The State shall boost the construction of a socialized service system for cybersecurity, and encourage enterprises and institutions concerned to provide such security services as the authentication, detection and risk evaluation of cybersecurity.
Article 18 The State shall encourage the development of technologies for protecting and using network data, promote the availability of public data resources and propel technological innovation and social and economic development.
The State supports the innovation of cybersecurity administrative methods, applying new network technologies and enhancing the level of cybersecurity protection.
Article 19 People's governments at all levels and the relevant departments thereof shall organize and provide regular publicity and education on cybersecurity, and guide, supervise and urge relevant entities to provide such publicity and education on cybersecurity in an effective way.
The mass media shall provide publicity and education on cybersecurity targeted at the public specifically.
Article 20 The State supports enterprises, institutions of higher education, vocational schools and other education training institutions to carry out cybersecurity-related education and training, adopt multiple methods to cultivate talents for cybersecurity and promote the exchange of talents for cybersecurity.
Chapter III Network Operation Security
Section 1 General Provisions
Article 21 The State implements the classified protection system for cybersecurity.
......