The Ministry of Public Security ("MPS") issued the Draft Provisions for the Supervision and Inspection of Internet Security by Public Security Organs (“Draft”) on 4 April 2018 to solicit public comments.
Under the Draft, the MPS and its local branches are authorized with the power to enforce various cybersecurity requirements. The following parties are identified by the Draft as falling under the enforcement focus of the MPS and its local branches: (i) operators of: internet access services, data centres, content distribution, and domain name services; (ii) internet information service providers; (iii) operators of venues where internet access and surfing services are provided; and (iv) operators that have had cybersecurity incidents or violations within the last two years.
The MPS and its local branches will examine whether operators have satisfied the relevant cybersecurity obligations in their daily operations or when major cyber incidents occur. These obligations include (without limitation) keeping accurate and up-to-date user IDs and operation logs; taking sufficient technical and organisational measures to protect cybersecurity and the response to potential incidents; and monitoring the information distributed online and establishing capabilities to terminate illegal distribution.
The Draft also sets out the legal procedures and standards that the MPS and its local branches must follow when carrying out enforcement activities. In addition, the Draft states the administrative measures and punishments that the MPS and its local branches are allowed to use in accordance with the relevant provisions under the PRC Cybersecurity Law.
Please click here to read the full text (Chinese only) of the Draft.