China solicits public opinions on the draft of cyberspace security supervision regulations for state security, social stability, public interest
China has started to solicit public opinions on the drafted new cybersecurity supervision regulations in a bid to better regulate the cyberspace security supervision and inspection work, safeguard state security, social stability and public interest, according to the Ministry of Public Security (MPS).
The move also aims to prevent and address cyber-related illegal activities and crimes, and protect the legitimate rights and interests of citizens, legal persons and organizations.
According to a statement released by the MPS on Saturday, the newly drafted regulations on cyberspace security, which refers to cybersecurity, information security and data security, were based on China's Cybersecurity Law, Data Security Law, the Personal Information Protection Law and other laws and regulations and revised from a 2018 version of cybersecurity supervision regulations following thorough research and evaluation.
The regulations will apply to public security authorities’ oversight and inspection on the fulfillment of cybersecurity, information security, and data security obligations by network operators, data processors, personal information processors and others, according to the draft.
Public security authorities are authorized to conduct online inspections of the cybersecurity, information security, and data security conditions of the entities by using methods that do not endanger cyberspace security, such as online information inspections, information review capacity tests, and vulnerability scanning, in order to identify potential risks and hazards. Any risks or hazards discovered through online inspections must be verified offline through on-site inspections or other means, read the draft regulations.
Public security authorities at or above the municipal level are authorized to conduct vulnerability detection and penetration testing on network facilities and information systems other than critical information infrastructure. The authorities must notify the inspected entities in advance of the inspection time, scope, and other relevant matters, and shall not interfere with or damage the normal operation of the inspected entities’ network facilities or information systems, as per the draft.
Public security authorities shall supervise and inspect whether the inspected entities fulfill their legal obligations regarding cybersecurity, information security and data security.
The draft regulations stipulated the focused areas include whether the inspected entities record and retain user registration information and internet log data in accordance with the laws, and fulfill their legal obligations to protect critical information infrastructure.
Authorities shall also focus on whether the inspected entities deploy technical measures to prevent computer viruses, cyberattacks or intrusions, take corresponding remedial measures to address cybersecurity vulnerabilities and hazards in accordance with the law.
Public security authorities should also inspect whether the inspected entities adopt preventive measures over information prohibited from publication or transmission by laws and administrative regulations, implement the primary responsibility for algorithm security and establish rules and technical measures for algorithm recommendation management, fulfill obligations to protect data security and personal information, and provide technical support and assistance to public security authorities for safeguarding state security, preventing and investigating terrorist activities, and investigating crimes.
According to the draft regulations, if public security authorities discover significant cybersecurity, information security, or data security risks or hazards in key industries or within their region that seriously threaten state security, public safety, or the public interest, they shall report to the people’s government at the same level and public security authorities of higher level, and issue public security alerts or announcements.
The draft regulations also noted that public security authorities and their personnel, as well as cybersecurity service agencies and their personnel entrusted to provide technical support, must keep confidential any state secrets, work-related secrets, commercial secrets, personal information, and privacy learned during supervision and inspection, and shall not disclose, sell, or illegally provide them to others.
After the supervision and inspection are completed, cybersecurity service agencies and their personnel involved in the inspection shall hand over the obtained information and materials to the public security authorities for safekeeping, or delete and destroy them as required by the public security authorities, the drafted regulations said.
Photos
Related Stories
- AI support at heart of cybersecurity revision
- China's cybersecurity authority launches campaign to regulate tipping disorder in online live streaming
- China mulls amendment to cybersecurity law to strengthen legal responsibilities
- China to take necessary measures to safeguard its cybersecurity: foreign ministry
- China's cybersecurity police penalize 2 for fabricating, spreading disinformation about War of Resistance Against Japanese Aggression
- China tightens oversight on platforms spreading financial misinformation
- China seeks public opinions on draft revision to cybersecurity law
- Report unveils US agencies' cyberattacks on mobile devices
- China tightens security management over facial recognition
- Over 1,300 overseas APT attacks target China's 14 key sectors in 2024: cybersecurity report
Copyright © 2025 People's Daily Online. All Rights Reserved.
