National Network letter office issued the information service safety evaluation regulation with public opinion attribute.


National Network letter office issued the information service safety evaluation regulation with public opinion attribute.

Internet information services security assessment provisions with public opinion or social mobilization capability

Article 1 In order to strengthen the safety management of Internet information services and related new technologies and applications with the attributes of public opinion or social mobilization, standardize the activities of Internet information services, and safeguard national security, social order and public interests, the Internet Information Services Administration is in accordance with the Law of the People's Republic of China on Network Security and the Internet Information Services Administration. "Regulations", "computer information network international networking security protection management measures", the provisions are formulated.

Article 2 The Internet information services with the attributes of public opinion or the ability of social mobilization referred to in these Provisions include the following situations:

(1) Providing information services such as forums, blogs, micro-blogs, chat rooms, communication groups, public accounts, short videos, live webcasting, information sharing, small programs, etc., or providing corresponding functions;

(2) To set up other Internet information services that provide channels for public opinion expression or have the ability to mobilize the public to engage in specific activities.

Article 3 If an Internet information service provider has one of the following circumstances, it shall conduct its own security assessment in accordance with these Provisions and be responsible for the assessment results:

(1) Information services with the attributes of public opinion or the ability of social mobilization are online, or information services are provided with additional relevant functions;

(2) Major changes have taken place in the functional attributes of information services, the way of technology implementation and the allocation of basic resources by using new technologies and new applications, leading to significant changes in the attributes of public opinion or the ability of social mobilization;

(3) Significant increase in the scale of users has led to significant changes in the attributes of public opinion or social mobilization of information services;

(4) The spread of illegal and harmful information indicates that existing security measures are difficult to effectively prevent and control network security risks;

(5) Other situations in which a security assessment is required by a written notification from an Internet correspondence department or a public security organ at or above the prefecture or municipal level.

Article 4 Internet information service providers may implement security assessment on their own or entrust third-party security assessment agencies to implement it.

Article 5 In conducting security assessment, Internet information service providers shall conduct a comprehensive assessment of the legitimacy of information services and new technology applications, the effectiveness of implementing security measures prescribed by laws, administrative regulations, departmental rules and standards, and the effectiveness of preventing and controlling security risks, with emphasis on the following contents: :

(1) To determine the situation of the person in charge of safety management, the information auditor or the establishment of a safety management organization appropriate to the services provided;

(two) user's real identity verification and registration information retention measures;

(3) Logging information such as user's account number, operation time, operation type, network source address and target address, network source port, client's hardware characteristics, and measures for retaining information records issued by users;

(4) Preventive disposal of illegal and harmful information in user account and communication group name, nickname, brief introduction, remark, logo, information publishing, forwarding, comment and communication group, as well as relevant record preservation measures;

(5) Personal information protection and technical measures to prevent the spread of illegal and harmful information and the risk of uncontrolled social mobilization function;

(6) Establishing a complaint and reporting system, publishing information on complaints and reporting methods, and receiving and dealing with complaints and reports in a timely manner;

(7) Establishment of a working mechanism to provide technical, data support and assistance to Internet information service departments in fulfilling their duties of supervision and management of Internet information services according to law;

(8) Establishment of a working mechanism to provide technical, data support and assistance to public security organs and state security organs in safeguarding national security and investigating and punishing crimes in accordance with law.

Article 6 Where an Internet information service provider finds a potential security hazard in the security assessment, it shall rectify it in time until the relevant security hazard is eliminated.

After safety assessment, safety assessment reports shall be formed if they conform to laws, administrative regulations, departmental rules and standards. The safety assessment report shall include the following contents:

(1) The basic information about the functions, scope of service, hardware and software facilities, deployment location of Internet information services and the acquisition of relevant certificates;

(two) the implementation of the safety management system and technical measures and the effectiveness of risk prevention and control;

(three) safety assessment conclusion;

(four) other relevant situations that should be explained.

Article 7 Internet information service providers shall submit safety assessment reports to local and municipal Internet telecommunications departments and public security organs through the National Internet Security Management Service Platform.

In the case of Items 1 and 2 of Article 3 of these Provisions, Internet information service providers shall submit safety assessment reports before information services, new technologies and applications are launched or functions are added; in the case of Items 3, 4 and 5 of Article 3 of these Provisions, Internet information service providers shall submit safety assessment reports within 30 working days from the date of occurrence of relevant situations. Submit safety assessment report.

Article 8 Internet and telecommunications departments and public security organs at or above the prefectural and municipal levels shall, in accordance with their respective responsibilities, conduct a written review of the safety assessment report.

If it finds that the content of the security assessment report, the project is missing, or that the security assessment method is obviously inappropriate, the Internet information service provider shall be ordered to reassess within a time limit.

If it is found that the content of the security assessment report is unclear, the Internet information service provider may be ordered to make additional explanations.

Article 9 Departments of Internet and telecommunications and public security organs shall conduct on-site inspections of Internet information service providers according to their respective duties, if they deem it necessary, on the basis of the written examination of security assessment reports.

In principle, the on-site inspection carried out by the network and telecommunications departments and public security organs shall be jointly implemented, and the normal business activities of Internet information service providers shall not be interfered with.

Article 10 For Internet information services that are subject to greater security risks and may affect national security, social order and public interests, the provincial-level and above-level Internet and telecommunications departments and public security organs shall organize experts to conduct evaluation and, if necessary, conduct on-site inspections in conjunction with the relevant departments of their respective territories.

Article 11 Online telecommunications departments and public security organs shall conduct on-site inspections in accordance with relevant laws, administrative regulations and departmental rules and regulations.

Article 12 Network and telecommunications departments and public security organs shall establish monitoring and management systems, strengthen risk management of network security, and urge Internet information service providers to fulfill their network security obligations in accordance with the law.

If it is found that Internet information service providers with the attributes of public opinion or the ability of social mobilization fail to carry out security assessment in accordance with these Provisions, the network and telecommunications departments and public security organs shall notify them to carry out security assessment in accordance with these Provisions.

Article 13 If the Internet information service providers with the attributes of public opinion or the ability of social mobilization are found to refuse to carry out security assessment in accordance with these Provisions, the Internet information service departments and public security organs shall, through the National Internet Security Management Service Platform, inform the public that there are security risks in the Internet information service, and in accordance with their respective duties. Those who are responsible for supervising and inspecting the Internet information service and find that there are illegal acts shall be dealt with in accordance with the law.

Article 14 The network and telecommunications departments shall coordinate and coordinate the security assessment of Internet information services with the attributes of public opinion or the ability of social mobilization. The security assessment work of public security organs shall be regularly notified to the network and telecommunications departments.

Article 15 Internet correspondence departments, public security organs and their staff members shall strictly keep state secrets, business secrets and personal information they know in the performance of their duties confidential and shall not disclose, sell or illegally provide to others.

Article 16 The security assessment of new technologies and applications of Internet news information services shall be carried out in accordance with the Regulations on the Administration of Security Assessment of New Technologies and Applications of Internet News Information Services.

The seventeenth Provisions come into effect on November 30, 2018.


Waonews is a news media from China, with hundreds of translations, rolling updates China News, hoping to get the likes of foreign netizens