Can you do without a real name? The answer is no! Now the country has promulgated the "Network Security Law" to avoid network violations.
Therefore, the network real name system is imperative, and we urge you to recognize and slowly accept it, and not to engage in illegal things.
Let's talk about some regulations that deserve attention:
Article 21 of the Network Security Law stipulates that network data leakage or being stolen or tampered with is illegal;
Article 24 of the Network Security Law stipulates that users must submit authentic and valid real name authentication information;
Article 25 of the Network Security Law stipulates that operators must be able to provide emergency plans for network security incidents;
Article 42 of the Network Security Law stipulates that network operators should protect the integrity of user information from disclosure, theft or tampering.
Remember not to resell personal information. If there are more than 50 pieces of personal information, you will go to jail. This is the key point.
The following are all entries:
Original text: http://www.miit.gov.cn/n1146295/n1146557/n1146614/c5345009/content.html
Order of the President of the People's Republic of China
No. 53
The Cyber Security Law of the People's Republic of China, adopted at the 24th Meeting of the Standing Committee of the Twelfth National People's Congress of the People's Republic of China on November 7, 2016, is hereby promulgated and shall come into force as of June 1, 2017.
Xi Jinping, President of the People's Republic of China November 7, 2016
Cyber Security Law of the People's Republic of China
catalog
Chapter I General Provisions Chapter II Network Security Support and Promotion Chapter III Network Operation Security Section 1 General Provisions Section II Operation Safety of Key Information Infrastructure Chapter IV Network Information Security Chapter V Monitoring, Early Warning and Emergency Response Chapter VI Legal Liability Chapter VII Supplementary Provisions
general provisions
Article 1 This Law is formulated with a view to safeguarding network security, safeguarding cyberspace sovereignty, national security and social and public interests, protecting the legitimate rights and interests of citizens, legal persons and other organizations, and promoting the healthy development of economic and social informatization.
Article 2 This law is applicable to the construction, operation, maintenance and use of networks within the territory of the People's Republic of China, as well as the supervision and administration of network security.
Article 3 The State adheres to the principle of equal emphasis on network security and information technology development, follows the principle of active utilization, scientific development, legal management and security assurance, promotes the construction of network infrastructure and interconnection, encourages the innovation and application of network technology, supports the training of network security talents, establishes and improves the network security guarantee system, and improves network security protection capabilities.
Article 4 The State formulates and constantly improves the network security strategy, clarifies the basic requirements and main objectives for ensuring network security, and puts forward network security policies, tasks and measures in key areas.
Article 5 The State shall take measures to monitor, defend and deal with cyber security risks and threats originating within and outside the People's Republic of China, protect key information infrastructure from attacks, intrusion, interference and destruction, punish illegal and criminal cyber activities according to law, and maintain cyberspace security and order.
Article 6 The State advocates honest, trustworthy, healthy and civilized network behaviors, promotes the dissemination of socialist core values, takes measures to improve the awareness and level of network security of the whole society, and forms a good environment for the whole society to participate in and promote network security.
Article 7 The State actively carries out international exchanges and cooperation in cyberspace governance, network technology research and development, standard formulation, combating cyber crimes and other aspects, promotes the construction of a peaceful, secure, open and cooperative cyberspace, and establishes a multilateral, democratic and transparent network governance system.
Article 8 The national network information department is responsible for coordinating the network security work and related supervision and management work. The competent telecommunications department of the State Council, the public security department and other relevant organs shall, in accordance with the provisions of this Law and relevant laws and administrative regulations, be responsible for the protection, supervision and administration of network security within the scope of their respective duties.
The responsibilities of the relevant departments of the local people's governments at or above the county level for network security protection, supervision and administration shall be determined in accordance with the relevant provisions of the State.
Article 9 In carrying out business and service activities, network operators must abide by laws and administrative regulations, respect social ethics, observe business ethics, be honest and trustworthy, perform their obligations to protect network security, accept the supervision of the government and the society, and bear social responsibilities.
Article 10 When building and operating networks or providing services through networks, technical measures and other necessary measures shall be taken in accordance with the provisions of laws, administrative regulations and the mandatory requirements of national standards to ensure the security and stable operation of networks, effectively respond to network security incidents, prevent illegal and criminal activities on the network, and maintain the integrity, confidentiality and availability of network data.
Article 11 Network related industry organizations shall, in accordance with the Articles of Association, strengthen industry self-discipline, formulate codes of conduct for network security, guide members to strengthen network security protection, improve the level of network security protection, and promote the healthy development of the industry.
Article 12 The State protects the right of citizens, legal persons and other organizations to use the Internet according to law, promotes the popularization of network access, improves the level of network services, provides safe and convenient network services for society, and ensures the orderly and free flow of network information according to law.
Any individual or organization using the Internet shall abide by the Constitution and laws, observe public order, respect social morality, and shall not endanger network security. It shall not use the Internet to endanger national security, honor, and interests, incite subversion of state power, overthrow the socialist system, incite separatism, undermine national unity, promote terrorism, extremism, and promote national hatred Ethnic discrimination, dissemination of violence, obscene and pornographic information, fabrication and dissemination of false information to disrupt economic and social order, and infringement of others' reputation, privacy, intellectual property rights and other legitimate rights and interests.
Article 13 The State supports the research and development of online products and services that are conducive to the healthy growth of minors, punishes according to law the use of the Internet to engage in activities that endanger the physical and mental health of minors, and provides minors with a safe and healthy online environment.
Article 14 Any individual or organization shall have the right to report any act endangering network security to the departments of network information, telecommunications, public security, etc. The department receiving the report shall deal with it in a timely manner according to law; If it is not the responsibility of the department, it shall be timely transferred to the department that has the authority to deal with it.
The relevant departments shall keep confidential the relevant information of the informant and protect the legitimate rights and interests of the informant.
Chapter II Network Security Support and Promotion
Article 15 The State establishes and improves the network security standard system. The standardization administration department under the State Council and other relevant departments under the State Council shall, according to their respective responsibilities, organize the formulation and timely revision of national and industrial standards related to network security management and network products, services and operation security.
The State supports enterprises, research institutions, colleges and universities, and network related industry organizations to participate in the formulation of national and industrial standards for network security.
Article 16 The State Council and the people's governments of provinces, autonomous regions and municipalities directly under the Central Government should make overall plans, increase investment, support key network security technology industries and projects, support research, development and application of network security technology, promote secure and reliable network products and services, protect intellectual property rights of network technology, and support enterprises Research institutions and colleges and universities participate in the national network security technology innovation project.
Article 17 The State promotes the construction of the network security socialized service system, and encourages relevant enterprises and institutions to carry out network security certification, detection, risk assessment and other security services.
Article 18 The State encourages the development of network data security protection and utilization technologies, promotes the openness of public data resources, and promotes technological innovation and economic and social development.
The state supports the innovation of network security management methods, uses new network technologies, and improves the level of network security protection.
Article 19 People's governments at all levels and their relevant departments shall organize regular network security publicity and education, and guide and urge relevant units to do a good job in network security publicity and education.
The mass media should carry out targeted publicity and education on network security to the society.
Article 20 The State supports enterprises, institutions of higher learning, vocational schools and other education and training institutions to carry out network security related education and training, and to cultivate network security talents in various ways to promote the exchange of network security talents.
Chapter III Network Operation Security
Section 1 General Provisions
Article 21 The State implements a system of graded protection of network security. The network operator shall, in accordance with the requirements of the network security level protection system, perform the following security protection obligations, protect the network from interference, destruction or unauthorized access, and prevent network data from being leaked, stolen or tampered with:
(1) Formulate the internal security management system and operating procedures, determine the person in charge of network security, and implement the responsibility for network security protection;
(2) Take technical measures to prevent computer viruses, network attacks, network intrusions and other behaviors endangering network security;
(3) Take technical measures to monitor and record network operation status and network security events, and keep relevant network logs for at least six months as required;
(4) Take measures such as data classification, important data backup and encryption;
(5) Other obligations stipulated by laws and administrative regulations.
Article 22 Network products and services shall meet the mandatory requirements of relevant national standards. The providers of network products and services shall not set up malicious programs; If it finds that its network products and services have security defects, loopholes and other risks, it shall take remedial measures immediately, inform users in a timely manner according to regulations and report to the relevant competent departments.
The providers of network products and services shall continuously provide security maintenance for their products and services; The provision of safety maintenance shall not be terminated within the time limit specified or agreed by the parties.
If network products and services have the function of collecting user information, their providers shall make clear to users and obtain their consent; Where the user's personal information is involved, the provisions of this Law and relevant laws and administrative regulations on the protection of personal information shall also be observed.
Article 23 Key network equipment and special network security products shall not be sold or provided until they have passed the safety certification or safety testing by a qualified institution in accordance with the mandatory requirements of relevant national standards. The national network information department, together with the relevant departments of the State Council, formulates and publishes the catalogue of key network equipment and special network security products, and promotes mutual recognition of security certification and security testing results to avoid repeated certification and testing.
Article 24 A network operator shall, when signing an agreement with a user or confirming the provision of services, require the user to provide real identity information when it handles network access, domain name registration services, fixed line telephone, mobile phone and other access procedures for the user, or provides information release, instant messaging and other services for the user. If users do not provide real identity information, network operators shall not provide relevant services for them.
The State implements the strategy of network trusted identity, supports research and development of secure and convenient electronic identity authentication technology, and promotes mutual recognition between different electronic identity authentication.
Article 25 Network operators shall formulate emergency plans for network security incidents, and deal with security risks such as system vulnerabilities, computer viruses, network attacks and network intrusions in a timely manner; In case of any incident endangering network security, the emergency plan shall be immediately launched, corresponding remedial measures shall be taken, and relevant competent departments shall be reported according to regulations.
Article 26 To carry out activities such as network security authentication, detection and risk assessment, and to release network security information such as system vulnerabilities, computer viruses, network attacks and network intrusions to the public, the relevant regulations of the State shall be observed.
Article 27 No individual or organization may engage in activities that endanger network security, such as illegally intruding into others' networks, interfering with the normal functions of others' networks, and stealing network data; It is not allowed to provide programs and tools specially used to invade the network, interfere with the normal functions and protective measures of the network, steal network data and other activities endangering network security; Those who clearly know that others are engaged in activities endangering network security shall not be provided with technical support, advertising promotion, payment and settlement and other assistance.
Article 28 Network operators shall provide technical support and assistance to public security organs and national security organs in their activities of safeguarding national security and investigating crimes according to law.
Article 29 The State supports cooperation among network operators in the collection, analysis, notification and emergency disposal of network security information, so as to improve the security guarantee capability of network operators.
Relevant industry organizations should establish and improve their own network security protection norms and cooperation mechanisms, strengthen the analysis and assessment of network security risks, regularly warn members of risks, and support and assist members to deal with network security risks.
Article 30 The information obtained by the network information department and relevant departments in performing their network security protection duties can only be used for the needs of maintaining network security, and cannot be used for other purposes.
Section II Operation Safety of Key Information Infrastructure
Article 31 The State shall, on the basis of the system of graded protection of network security, Implement key protection. The specific scope and security protection measures of key information infrastructure shall be formulated by the State Council.
The State encourages network operators other than key information infrastructure to voluntarily participate in the protection system of key information infrastructure.
Article 32 In accordance with the division of responsibilities stipulated by the State Council, the departments responsible for the security protection of key information infrastructure shall prepare and organize the implementation of security plans for key information infrastructure in their respective industries and fields, and guide and supervise the security protection of key information infrastructure operation.
Article 33 The construction of key information infrastructure shall ensure that it has the performance of supporting stable and continuous business operation, and ensure that security technical measures are planned, constructed and used simultaneously.
Article 34 In addition to the provisions of Article 21 of this Law, the operators of key information infrastructure shall also perform the following security protection obligations:
(1) Set up a special safety management organization and a person in charge of safety management, and review the safety background of the person in charge and the personnel in key positions;
(2) Regularly conduct network security education, technical training and skill assessment for employees;
(3) Disaster recovery backup for important systems and databases;
(4) Prepare an emergency plan for network security incidents and conduct regular drills;
(5) Other obligations stipulated by laws and administrative regulations.
Article 35 Where the operators of key information infrastructure purchase network products and services that may affect national security, they shall pass the national security review organized by the national network information department in conjunction with the relevant departments of the State Council.
Article 36 When purchasing network products and services, the operator of key information infrastructure shall sign a security and confidentiality agreement with the provider in accordance with the provisions to clarify the security and confidentiality obligations and responsibilities.
Article 37 The personal information and important data collected and generated by the operator of key information infrastructure in the operation of the People's Republic of China shall be stored in China. If it is really necessary to provide for overseas services due to business needs, the security assessment shall be carried out in accordance with the measures formulated by the national network information department in conjunction with the relevant departments of the State Council; Where laws and administrative regulations provide otherwise, such provisions shall prevail.
Article 38 The operator of key information infrastructure shall, by itself or by entrusting a network security service institution, conduct at least one inspection and evaluation of the security and possible risks of its network every year, and submit the inspection and evaluation results and improvement measures to the relevant departments responsible for the security protection of key information infrastructure.
Article 39 The national network information department shall coordinate with relevant departments to take the following measures for the security protection of key information infrastructure:
(1) Spot check and test the security risks of key information infrastructure, propose improvement measures, and entrust the network security service agency to test and evaluate the security risks of the network when necessary;
(2) Regularly organize operators of key information infrastructure to carry out network security emergency drills to improve the level of response to network security incidents and the ability of coordination;
(3) Promote the sharing of network security information among relevant departments, operators of key information infrastructure, relevant research institutions, network security service institutions, etc;
(4) Provide technical support and assistance for emergency disposal of network security incidents and recovery of network functions.
Chapter IV
Article 40 Network operators shall strictly keep confidential the user information they collect, and establish and improve the user information protection system.
Article 41 When collecting and using personal information, network operators shall follow the principles of legality, legitimacy and necessity, make public the rules of collection and use, clearly indicate the purpose, method and scope of collection and use of information, and obtain the consent of the recipient.
The network operator shall not collect personal information unrelated to the services it provides, nor collect and use personal information in violation of the provisions of laws and administrative regulations and the agreement between the two parties, and shall handle the personal information it keeps in accordance with the provisions of laws and administrative regulations and the agreement with users.
Article 42 Network operators shall not disclose, tamper with, or destroy the personal information they collect; Without the consent of the collector, personal information shall not be provided to others. However, the exception is those who cannot identify specific individuals and cannot be recovered after processing.
Network operators shall take technical measures and other necessary measures to ensure the security of personal information they collect and prevent information leakage, damage and loss. When personal information is leaked, damaged or lost or is likely to occur, remedial measures shall be taken immediately, users shall be informed in a timely manner according to regulations and relevant competent departments shall be reported.
Article 43 If an individual finds that the network operator collects and uses his personal information in violation of laws, administrative regulations or the agreement between the two parties, he has the right to require the network operator to delete his personal information; If it is found that the personal information collected and stored by the network operator is wrong, it has the right to request the network operator to correct it. The network operator shall take measures to delete or correct it.
Article 44 No individual or organization may steal or obtain personal information by other illegal means, or illegally sell or provide personal information to others.
Article 45 The departments and their staff responsible for the supervision and administration of network security according to law must keep strictly confidential the personal information, privacy and business secrets they have learned in performing their duties, and must not disclose, sell or illegally provide them to others.
Article 46 Any individual or organization shall be responsible for its use of the Internet, and shall not set up websites or communication groups for illegal and criminal activities such as fraud, teaching criminal methods, making or selling prohibited articles and controlled articles, and shall not use the Internet to publish information involving fraud, making or selling prohibited articles Information on controlled goods and other illegal and criminal activities.
Article 47 Network operators shall strengthen the management of information published by their users. If they find information prohibited by laws and administrative regulations from being published or transmitted, they shall immediately stop transmitting the information, take measures such as elimination, prevent the spread of information, keep relevant records, and report to the relevant competent departments.
Article 48 The electronic information sent or the application software provided by any individual or organization shall not be set up with malicious programs, and shall not contain information prohibited from being published or transmitted by laws and administrative regulations.
The electronic information sending service provider and the application software downloading service provider shall fulfill their security management obligations. If they know that their users have committed the acts specified in the preceding paragraph, they shall stop providing services, take measures such as elimination, keep relevant records, and report to the relevant competent departments.
Article 49 Network operators shall establish a system of complaints and reports on network information security, publicize information such as the way of complaints and reports, and promptly accept and handle complaints and reports on network information security.
The network operator shall cooperate with the network information department and relevant departments in their supervision and inspection according to law.
Article 50 Where the national network information department and relevant departments perform their duties of supervision and administration of network information security according to law, and find information prohibited by laws and administrative regulations from being published or transmitted, they shall require network operators to stop transmission, take measures such as elimination, and keep relevant records; With regard to the above-mentioned information from outside the People's Republic of China, the relevant institutions shall be notified to take technical measures and other necessary measures to block the dissemination.
Chapter V
Article 51 The State establishes a system of network security monitoring, early warning and information notification. The national network information department shall coordinate with relevant departments to strengthen the collection, analysis and notification of network security information, and uniformly release network security monitoring and early warning information according to regulations.
Article 52 The department responsible for the security protection of key information infrastructure shall establish and improve the network security monitoring and early warning and information notification system in its own industry and field, and submit the network security monitoring and early warning information according to the regulations.
Article 53 The national network information department shall coordinate relevant departments to establish and improve the network security risk assessment and emergency response mechanism, formulate the emergency plan for network security incidents, and organize regular drills.
The department responsible for the security protection of key information infrastructure shall formulate the emergency plan for network security incidents in the industry and field, and organize regular drills.
The emergency plan for network security incidents shall classify the network security incidents according to the degree of harm, scope of influence and other factors after the incident, and specify corresponding emergency response measures.
Article 54 When the risk of network security incidents increases, the relevant departments of the people's governments at or above the provincial level should take the following measures in accordance with the prescribed limits of authority and procedures, and according to the characteristics of network security risks and possible hazards:
(1) Require relevant departments, institutions and personnel to collect and report relevant information in a timely manner, and strengthen the monitoring of network security risks;
(2) Organize relevant departments, institutions and professionals to analyze and evaluate network security risk information, and predict the possibility, scope of influence and degree of harm of the event;
(3) Release early warning of network security risks to the society, and release measures to avoid and mitigate hazards.
Article 55 In the event of a network security incident, the emergency plan for network security incidents should be launched immediately to investigate and evaluate network security incidents, and network operators should be required to take technical measures and other necessary measures to eliminate potential security risks, prevent the spread of harm, and timely release warning information related to the public.
Article 56 If the relevant departments of the people's governments at or above the provincial level find that the network has relatively large security risks or security incidents in the course of performing their duties of network security supervision and administration, they may, according to the prescribed authority and procedures, interview the legal representative or the main person in charge of the network operator. The network operator shall take measures as required to rectify and eliminate hidden dangers.
Article 57 Where an emergency or production safety accident occurs due to a network security incident, it shall be handled in accordance with the provisions of the Emergency Response Law of the People's Republic of China, the Production Safety Law of the People's Republic of China and other relevant laws and administrative regulations.
Article 58 Temporary measures such as restrictions on network communications may be taken in specific areas for the purpose of maintaining national security and public order and dealing with major social security emergencies, upon the decision or approval of the State Council.
Chapter VI Legal Liability
Article 59 If a network operator fails to perform its obligations of network security protection as stipulated in Articles 21 and 25 of this Law, the relevant competent department shall order it to make corrections and give it a warning; Those who refuse to correct or cause consequences such as endangering network security shall be fined not less than 10000 yuan but not more than 100000 yuan, and the directly responsible person in charge shall be fined not less than 5000 yuan but not more than 50000 yuan.
If the operator of key information infrastructure fails to perform the obligations of network security protection as prescribed in Articles 33, 34, 36 and 38 of this Law, the relevant competent department shall order it to make corrections and give it a warning; If it refuses to correct or causes consequences such as endangering network security, it shall be fined not less than 100000 yuan but not more than 1 million yuan, and the person in charge directly responsible shall be fined not less than 10000 yuan but not more than 100000 yuan.
Article 60 Whoever, in violation of the provisions of the first and second paragraphs of Article 22 and the first paragraph of Article 48 of this Law, commits one of the following acts shall be ordered to make corrections and given a warning by the relevant competent department; Those who refuse to correct or cause consequences such as endangering network security shall be fined not less than 50000 yuan but not more than 500000 yuan, and the person in charge directly responsible shall be fined not less than 10000 yuan but not more than 100000 yuan:
(1) Setting malicious programs;
(2) Failing to take immediate remedial measures against the security defects, loopholes and other risks of its products and services, or failing to inform users in a timely manner and report to the relevant competent authorities as required;
(3) Unauthorized termination of providing safety maintenance for its products and services.
Article 61 Where a network operator, in violation of the provisions of the first paragraph of Article 24 of this Law, fails to require users to provide their true identity information, or provides relevant services to users who do not provide their true identity information, the relevant competent department shall order them to make corrections; If it refuses to make corrections or the circumstances are serious, it shall be fined not less than 50000 yuan but not more than 500000 yuan, and the relevant competent department may order it to suspend relevant business, suspend business for rectification, close its website, revoke its relevant business license or revoke its business license, and the person in charge directly responsible and other persons directly responsible shall be fined not less than 10000 yuan but not more than 100000 yuan.
Article 62 If anyone, in violation of the provisions of Article 26 of this law, conducts network security authentication, detection, risk assessment and other activities, or releases network security information such as system vulnerabilities, computer viruses, network attacks, and network intrusions to the public, the relevant competent department shall order him to make corrections and give him a warning; If it refuses to make corrections or the circumstances are serious, it shall be fined not less than 10000 yuan but not more than 100000 yuan, and the relevant competent department may order it to suspend relevant business, suspend business for rectification, close its website, revoke its relevant business license or revoke its business license, and the person in charge directly responsible and other persons directly responsible shall be fined not less than 5000 yuan but not more than 50000 yuan.
Article 63 If anyone, in violation of the provisions of Article 27 of this Law, engages in activities endangering network security, or provides procedures and tools specially used for activities endangering network security, or provides technical support, advertising promotion, payment settlement and other assistance for others to engage in activities endangering network security, but does not constitute a crime, the public security organ shall confiscate the illegal income, Be detained for not more than five days and may also be fined not less than 50000 yuan but not more than 500000 yuan; If the circumstances are relatively serious, he shall be detained for not less than five days but not more than 15 days and may also be fined not less than 100000 yuan but not more than one million yuan.
If a unit commits the act mentioned in the preceding paragraph, the public security organ shall confiscate its illegal gains, impose a fine of not less than 100000 yuan but not more than one million yuan, and punish the persons directly in charge and other persons directly responsible in accordance with the provisions of the preceding paragraph.
Those who have been punished for public security administration in violation of the provisions of Article 27 of this law shall not be engaged in key positions of network security management and network operation within five years; Those who are subject to criminal punishment shall not be engaged in key posts of network security management and network operation for life.
Article 64 If a network operator or a provider of network products or services violates the provisions of the third paragraph of Article 22 and Articles 41 to 43 of this Law and infringes upon the right to protection of personal information according to law, the relevant competent department shall order it to make corrections, and may, according to the circumstances, impose a single or concurrent warning, confiscate its illegal income, or impose a fine of not less than one time but not more than ten times its illegal income, If there are no illegal gains, a fine of not more than one million yuan shall be imposed, and the person in charge and other persons directly responsible shall be fined not less than 10000 yuan but not more than 100000 yuan; If the circumstances are serious, they may also be ordered to suspend the relevant business, suspend business for rectification, close the website, revoke the relevant business license or revoke the business license.
If anyone, in violation of the provisions of Article 44 of this Law, steals or obtains, illegally sells or illegally provides personal information to others by other illegal means, but does not constitute a crime, the public security organ shall confiscate the illegal gains and impose a fine of not less than one time but not more than ten times the illegal gains, or a fine of not more than one million yuan if there are no illegal gains.
Article 65 If an operator of key information infrastructure violates the provisions of Article 35 of this Law by using network products or services that have not passed the security review or security review, the relevant competent department shall order it to stop using them and impose a fine of not less than one time but not more than ten times the purchase amount; The directly responsible person in charge and other directly responsible persons shall be fined not less than 10000 yuan but not more than 100000 yuan.
Article 66 If an operator of key information infrastructure violates the provisions of Article 37 of this Law by storing network data overseas or providing network data overseas, the relevant competent department shall order it to make corrections, give a warning, confiscate its illegal income, impose a fine of not less than 50000 yuan but not more than 500000 yuan, and may also order it to suspend relevant business, suspend business for rectification, close its website Revocation of relevant business license or business license; The directly responsible person in charge and other directly responsible persons shall be fined not less than 10000 yuan but not more than 100000 yuan.
Article 67 If anyone, in violation of the provisions of Article 46 of this Law, establishes a website or a communication group for the purpose of committing illegal or criminal activities, or uses the network to publish information about the commission of illegal or criminal activities, but does not constitute a crime, he shall be detained for not more than five days by the public security organ and may also be fined not less than 10000 yuan but not more than 100000 yuan; If the circumstances are relatively serious, he shall be detained for not less than five days but not more than 15 days and may also be fined not less than 50000 yuan but not more than 500000 yuan. Close websites and distribution groups used to commit criminal activities.
If a unit commits the act mentioned in the preceding paragraph, it shall be fined not less than 100000 yuan but not more than 500000 yuan by the public security organ, and the persons who are directly in charge and other persons who are directly responsible shall be punished in accordance with the provisions of the preceding paragraph.
Article 68 If a network operator, in violation of the provisions of Article 47 of this Law, fails to stop the transmission of information that is prohibited by laws and administrative regulations from being published or transmitted, take measures such as elimination, or keep relevant records, the relevant competent department shall order it to make corrections, give a warning, and confiscate its illegal income; If he refuses to make corrections or the circumstances are serious, he shall be fined not less than 100000 yuan but not more than 500000 yuan, and may be ordered to suspend relevant business, suspend business for rectification, close website, revoke relevant business license or revoke business license, and the person in charge and other persons directly responsible shall be fined not less than 10000 yuan but not more than 100000 yuan.
If an electronic information transmission service provider or an application software download service provider fails to perform its security management obligations as prescribed in the second paragraph of Article 48 of this Law, it shall be punished in accordance with the provisions of the preceding paragraph.
Article 69 Where a network operator, in violation of the provisions of this Law, commits one of the following acts, the relevant competent department shall order it to make corrections; If he refuses to make corrections or the circumstances are serious, he shall be fined not less than 50000 yuan but not more than 500000 yuan, and the person in charge and other persons directly responsible shall be fined not less than 10000 yuan but not more than 100000 yuan:
(1) Failing to take measures to stop or eliminate the transmission of information prohibited from being released or transmitted by laws and administrative regulations in accordance with the requirements of relevant departments;
(2) Refusing or obstructing the supervision and inspection carried out by relevant departments according to law;
(3) Refusing to provide technical support and assistance to public security organs and national security organs.
Article 70 Anyone who publishes or transmits information prohibited by the second paragraph of Article 12 of this Law and other laws and administrative regulations shall be punished in accordance with the provisions of relevant laws and administrative regulations.
Article 71 Anyone who commits an illegal act as prescribed by this Law shall be recorded in the credit file and publicized in accordance with the provisions of relevant laws and administrative regulations.
Article 72 If the operator of the government affairs network of a State organ fails to perform its obligations of network security protection as stipulated in this Law, its superior organ or relevant organ shall order it to make corrections; The directly responsible person in charge and other directly responsible persons shall be given sanctions according to law.
Article 73 If the network information department and relevant departments violate the provisions of Article 30 of this law and use the information obtained in the performance of network security protection duties for other purposes, the directly responsible person in charge and other directly responsible persons shall be punished according to law.
If the staff of the network information department and relevant departments neglect their duties, abuse their power, and engage in malpractices for personal gain, which does not constitute a crime, they shall be punished according to law.
Article 74 Anyone who violates the provisions of this Law and causes damage to others shall bear civil liability according to law.
Those who violate the provisions of this Law and constitute acts violating the administration of public security shall be given administrative penalties for public security according to law; If a crime is constituted, criminal responsibility shall be investigated according to law.
Article 75 Where an overseas institution, organization or individual engages in activities that endanger the key information infrastructure of the People's Republic of China, such as attacking, invading, interfering with or destroying it, and causes serious consequences, it shall be investigated for legal responsibility according to law; The public security department under the State Council and the relevant departments may also decide to freeze property or take other necessary sanctions against such institutions, organizations or individuals.
Chapter VII Supplementary Provisions
Article 76 For the purpose of this Law, the meanings of the following terms are as follows:
(1) Network refers to a system composed of computers or other information terminals and related equipment that collects, stores, transmits, exchanges and processes information according to certain rules and procedures.
(2) Network security refers to the ability to take necessary measures to prevent attacks, intrusion, interference, destruction, illegal use and accidents on the network, so that the network can be in a stable and reliable operation state, and to ensure the integrity, confidentiality and availability of network data.
(3) Network operators refer to the owners, managers and network service providers of networks.
(4) Network data refers to various electronic data collected, stored, transmitted, processed and generated through the network.
(5) Personal information refers to various information recorded electronically or in other ways that can identify the personal identity of a natural person independently or in combination with other information, including but not limited to the name, date of birth, ID card number, personal biometric information, address, telephone number, etc. of a natural person.
Article 77 The operational security protection of networks that store and process information involving state secrets shall, in addition to this Law, comply with the provisions of confidentiality laws and administrative regulations.
Article 78 The security protection of military networks shall be separately prescribed by the Central Military Commission.
Article 79 This Law shall come into force as of June 1, 2017.