As reported in our previous post, the Chinese legislator recently passed a new Anti-terrorism Law which imposes certain cybersecurity-related obligations on telecom business operators and Internet Service Providers.  It also passed the 9th Amendment to the Criminal Code which exposes network service providers that fail to comply with certain cybersecurity-related obligations to criminal liability.  This law as well as other related developments are covered in this post.

Criminal Liabilities For Jeopardizing Cybersecurity

Following the 9th Amendment to the Criminal Code, network service providers may be exposed to criminal liability, if they: 

  1. fail to comply with network security management obligations, causing large-scale dissemination of illegal information or other serious results; or

  2. knowingly provide technical support (such as Internet access, server hosting, network storage or communications transmission) to aid crimes committed through information networks.

In both cases, the offence may lead to up to 3 years’ imprisonment or criminal detention, and/or fines. In case the offender is an entity, personal liabilities will be pursued against the “persons directly in-charge” and “other persons directly liable”. 

Curiously, the 9th Amendment to Criminal Code (as well as the draft Cybersecurity Law, and a few related regulations) use the term “network service providers“, while the Anti-terrorism Law and the Internet Security Provisions use “Internet service providers“.  In our view, they have the same meaning as there seems no convincing reason to differentiate between them, but there is room for argument.  Given the importance of this concept, clarifications will hopefully be offered soon.

Other Developments

The long-awaited Administrative Regulations on Maps were promulgated in November 2015 with effect from 1 January 2016 (the “Map Regulations”). 

The Map Regulations have a dedicated chapter on “Internet map services”, which codifies existing rules concerning the provision of Internet and mobile map services in China.  Previously, those rules were scattered in isolated circulars and regulations issued by the National Administration of Surveying, Mapping and Geoinformation. 

Online navigation, geographic information uploading and marking, and map database development are among the services which require an appropriate surveying and mapping license. Such license is still quite restricted for foreign invested enterprises.   In addition, the Map Regulations reiterate that map data must be stored on servers located within China and safeguarded by prescribed security measures.  Service providers are required, among others, to monitor and censor information that is prohibited by the State from being shown on maps.

What To Look Out For In 2016?

As shown in the diagram below, a number of laws and regulations that have a bearing on national or public security are being drafted or deliberated at the moment. We will follow these threads, especially the progress of the Cybersecurity Law, and keep you updated. 

Diagram II – Security-related Legislation In The Pipeline

Contributor: Ruan Zhenyu