China Monthly TMT Update – September 2017

China

The CAC publishes two new regulations governing BBS and online comment services

The Cyberspace Administration of China (“CAC”) published the Administrative Provisions on Online Bulletin Board System (“BBS”) and Community Services and the Administrative Provisions on Online Comment Services on 25 August 2017. The two sets of rules are formulated in accordance with the PRC Cybersecurity Law and demonstrate the government’s efforts in further regulating information distribution in cyberspace.

The regulations provide that the operators of BBS, online communities and online information exchange platforms shall be responsible for reviewing the information distributed and removing any illegal information. Operators must obtain the authentic identification of the platform users and enter into agreements with users to specify the users’ obligations on non-distribution of illegal information. Protection of privacy and personal data in the context of online BBS and information exchange were also emphasised in the regulations.

The regulations also introduce a few new regulatory measures. For example, new products, applications and functions developed for users to make comments on the news must pass security assessments. The text of the content of all “bullet screens” must be shown on the same webpage. No platform operator or its personnel is allowed to gain benefits by distributing, re-distributing, removing or intervening in research results.

Please click here and here to read the full text (Chinese only) of the regulations.

Draft cybersecurity law standards are published to guide the practice

During the last week of August 2017, the National Information Security Standardisation Technical Committee (the so-called “TC260”) published a series of draft technical standards to solicit public opinions. All these draft standards are closely related to the implementation of the PRC Cybersecurity Law (the “Law”).

The draft standards cover different aspects of the Law concerning data exchange services, de-identification of personal information, assessments of cross-border transfer of data, inspections and evaluations of critical information infrastructure (CII), disaster recovery capability, network storage requirements, evaluations of ICS products, security requirements for network products and services, and security guidance for cloud services.

The public will have until mid-October to submit comments on these drafts. Please click here to read the full text (Chinese only) of the draft standards.

China bans initial coin offerings

The People's Bank of China together with the China Securities Regulatory Commissions and five other governmental departments issued the Circular on Preventing the Risks of Financing via Token Offerings (“Circular”) on 4 September 2017.

According to the Circular, “token offering” refers to an entity's raising of Bitcoins, ETH and other "virtual currencies” from investors through the sale or circulation of tokens. Token offerings (including initial coin offers “ICO”) are unapproved and are therefore illegal public fundraising. They might also be considered as illegal sales of promissory notes, illegal distributions of securities, illegal fundraisings, financial frauds, pyramid schemes and other illegal activities.  

Trading platforms are prohibited from trading tokens or “virtual currencies”. Financial institutions and non-bank payment agencies are prohibited from providing services such as account opening, registration, trading, liquidation, settlement related to token offerings or "virtual currencies".

Please click here to read the full text (Chinese only) of the Circular.

Online communication group and public content accounts face new regulation

The CAC published two regulations on 7 September to regulate the operations of online communication groups (e.g. WeChat groups, Weibo groups, Baidu Tieba groups and Alipay groups) and public content distribution accounts (e.g. WeChat public subscription accounts, Weibo accounts, Toutiao news accounts and video distribution accounts in Miaopai and Kuaishou) respectively.

The new regulations emphasise the responsibilities of the operator of the platform on which the communication groups and public accounts are established. A platform operator’s main responsibilities include obtaining the authentic identification of users, supervising the information exchanged within its platform, and establishing mechanisms (e.g. formulating service agreements and credit-based administrative measures) to manage the groups and public accounts.

In addition, the regulations also provide that the party who establishes a communication group or opens a public account shall be responsible for the information exchanged within the group or account, and shall obtain all the required qualifications (e.g. licence to engage in online news services).

Please click here and here to read the full text (Chinese only) of the regulations.

The MIIT publishes the measures to monitor and handle cybersecurity threats

The Ministry of Industry and Information Technology published the Measures for Monitoring and Handling Cybersecurity Threats in Public Networks (“Measures”) on 13 September 2017. The Measures are formulated in accordance with the PRC Cybersecurity Law and require network operators and online service providers to report cybersecurity incidents and threats to the government authorities.

Cybersecurity threats mainly include the threat of malicious IP addresses, domain names, URLs, emails, and programs which attach to networks; the threat of hidden security loopholes or risks such as hardware vulnerabilities and backdoors; and the risk of illegal invasions to network products and services. Professional institutions, basic telecom service operators, cybersecurity enterprises, internet enterprises and domain name administrators are required to monitor cybersecurity threats during their daily operation and report threats to MIIT and its designated institutions via an online information sharing platform. However, the scope of the enterprises subject to such reporting obligations and the reporting mechanisms have not been defined clearly in the Measures.

Please click here to read the full text (Chinese only) of the Measures.