The Cyberspace Administration of China (CAC) in January 2019 released the Blockchain Information Management Regulations, translated in full below, and they took effect the following month. The Regulations, which followed an October 2018 draft, lay out basic content and registration rules for entities offering blockchain functionality as a service.
The rules reiterate existing content controls under the Cybersecurity Law and other regulations, outline the functions of a blockchain service provider registry run by the CAC, and define fines and other penalties for violations.
The CAC has separately declared its intention is to standardize blockchain-related services, support a “healthy” development of the technology, and address security risks, such as the spread of illegal and harmful information or the conduct of illegal and criminal activities.
In August 2019 the CAC announced that it had established a “complete certification system” and had assigned a number of “evaluation institutions” to undertake the security assessments under these regulations (see Article 9).
To date, a total of 1,015 “blockchain information service providers” have completed filing and registration (285on October 30, 2020, 244 on April 24, 2020, 309 on October 18, 2019, and 197 on March 30, 2019).
Original source URL: http://www.cac.gov.cn/2019-01/10/c_1123971164.htm
TRANSLATION
Blockchain Information Service Management Regulations
Article 1: In order to standardize the activities of blockchain information services; while safeguarding national security and society’s public interest, protecting the lawful rights and interests of citizens, legal persons, and other organizations, and promoting the healthy development of blockchain technology and related services; and in accordance with the Cybersecurity Law of the People’s Republic of China, the Internet Information Services Management Measures, and the Notice of the State Council on Charging the Cyberspace Administration of China with Internet Information Content Management, these Regulations are formulated.
Article 2: Those engaging in blockchain information services within the mainland territory of the People’s Republic of China shall comply with these Regulations. Where laws and administrative regulations require otherwise, such provisions shall be complied with.
In these Regulations, “blockchain information services” refers to information services based on blockchain technologies or systems, accessible through Internet websites, applications, and other modes, provided to the general public.
In these Regulations, “blockchain information service provider” (BISP) refers to entities or nodes providing blockchain information services to the general public, as well as institutions or organizations, providing technical support to blockchain information service entities. In these Regulations, “blockchain information service user” (BISU) refers to an organization or individual using blockchain information services.
Article 3: The Cyberspace Administration of China (CAC), according to its duties, is responsible for the supervision, administration, and law enforcement for blockchain information services nationwide. Provincial, autonomous region, and municipal CAC offices, according to their duties, are responsible for supervision, administration, and law enforcement for blockchain information services within their administrative regions.
Article 4: Blockchain industry organizations are encouraged to strengthen the industry’s self-discipline; to establish and improve an industry self-discipline system and industry standards; to push forward construction of an industry trustworthiness evaluation system; and to supervise and urge BISPs to provide their services according to law, accept society’s supervision, improve the professional quality of blockchain information service practitioners, and promote the healthy and orderly development of the industry.
Article 5: BISPs shall implement security management responsibilities, establishing and improving user registration, information examination and verification, emergency response, security protection, and other management systems.
Article 6: BISPs shall be able to provide the technical prerequisites suitable for their services. They shall possess immediate response capabilities with regard to the publication, recording, storage, or dissemination of information content prohibited by laws and administrative regulations. Technical solutions shall comply with relevant national standards and specifications.
Article 7: BISPs shall formulate and publish management rules and platform covenants, sign service agreements with BISUs, clarify the rights and obligations of both parties, and require them to promise to abide by the legal provisions and platform covenants.
Article 8: BISPs, in accordance with the Cybersecurity Law of the People’s Republic of China, shall verify real identification information of BISUs using organizational registration numbers, personal ID numbers, mobile phone numbers, or other such means. If a user does not undergo real identification verification, the BISP shall not provide them with relevant services.
Article 9: When BISPs develop and bring online new products, applications, or functions, they shall, in accordance with relevant regulations, report them to the national and regional offices of the CAC for security assessment.
Article 10: Both BISPs and BISUs shall not use blockchain information services to engage in activities prohibited by laws and administrative regulations, including activities that harm national security, disturb social order, or infringe the lawful rights and interests of others. They shall not use blockchain information services to produce, copy, publish, or disseminate any information content prohibited by laws and administrative regulations.
Article 11: A BISP shall, within ten working days after beginning to provide services, use the blockchain information service filing management system of the CAC to submit the name of the service provider, service category, service form, application domain, server address, etc., and fulfill filing procedures.
If a BISP changes its service program, the platform URL, or other matters, it shall conduct change procedures within five working days after the date of the change.
If a BISP terminates a service, it shall conduct cancellation procedures at least thirty working days before the termination of services and make appropriate arrangements.
Article 12: Upon receiving the submitted materials by the filing entity, the national and regional offices of the CAC shall, if the materials are complete, record them within twenty working days, issue a filing number, and announce the filing information to the public through the CAC’s blockchain information service filing management system. If the materials are incomplete, they shall not be filed, and the filer shall be notified with an explanatory justification within twenty working days.
Article 13: A BISP that has completed the filing shall visibly indicate its filing number on the website or application through which the services are externally provided.
Article 14: National and regional offices of the CAC shall conduct regular inspections of the filing information of blockchain information services. BISPs shall log into the blockchain information service filing management system within prescribed intervals to provide relevant information.
Article 15: If information security dangers exist within blockchain information services provided by BISPs, they shall undertake rectification. Only if relevant laws, administrative regulations, and other relevant national standards and specifications are followed may information service provision continue.
Article 16: Where BISUs violate laws, administrative regulations, or service agreements, BISPs shall, in accordance with law and agreements, carry out corrective measures, such as warnings, functionality restrictions, or account closure. They should promptly respond to illegal information content with corresponding measures, prevent information proliferation, preserve relevant records, and report to relevant department in charge.
Article 17: BSPs shall record information produced by BISUs, such as published content and logs. Backup records shall be retained for at least six months and shall be provided to relevant law enforcement authorities, when inquired about them in accordance with the law.
Article 18: BISPs shall cooperate with supervisions and inspections lawfully carried out by the cyberspace and informatization [CAC] departments and provide necessary technical support and assistance.
BISPs shall accept society’s supervision, set up convenient portals for complaints and reports, and handle public complaints and reports in a timely manner.
Article 19: If a BISP violates the provisions of Articles 5, 6, 7, 9, Article 11 paragraph 2, or Articles 13, 15, 17, or 18 of these Regulations, the national or regional offices of the CAC will issue a warning, in accordance with their duties, and order a correction before a specified deadline, and relevant businesses will be suspended until correction. If the provider refuses to implement the correction or if circumstances are severe, it shall be penalized with a fine of between RMB 20,000 and RMB 30,000. If a crime is constituted, criminal responsibility shall be investigated according to law.
Article 20: If a BISP violates the provisions of Article 8 or Article 16, the national or regional offices of the CAC shall, based on their duties, handle the matter in accordance with the provisions of the Cybersecurity Law of the People’s Republic of China.
Article 21: If a BISP violates the provisions of Article 10 by producing, copying, publishing, or disseminating information content prohibited by laws and administrative regulations, the national or regional offices of the CAC will issue a warning, in accordance with their duties, and order a correction before a specified deadline, and relevant businesses will be suspended until correction.If the provider refuses to implement the correction or if the circumstances are severe, it shall be penalized with a fine between RMB 5,000 and RMB 30,000. If a crime is constituted, criminal responsibility shall be investigated according to law.
If a BISU violates the provisions of Article 10, by producing, copying, publishing, or disseminating any information content prohibited by laws and administrative regulations, the matter shall be dealt with by the national or regional offices of the CAC in accordance with the provisions of relevant laws and administrative regulations.
Article 22: If a BISP violates the provisions of Article 11, paragraph 1, and fails to perform filing procedures, or files false information, in accordance with these Regulations, the national or regional offices of the CAC shall, in accordance with their duties, order a correction before a specified deadline. If the provider refuses to make the correction or the circumstances are severe, it shall be given a warning and be fined between RMB 10,000 and RMB 30,000.
Article 23: Anyone engaging in blockchain information services prior to the publication of this Regulation shall, within twenty working days from the date of the entry into force of this provision, make up the relevant procedures in accordance with this Regulation.
Article 24: This Regulation takes effect on February 15, 2019.
ORIGINAL TEXT
区块链信息服务管理规定
第一条 为了规范区块链信息服务活动,维护国家安全和社会公共利益,保护公民、法人和其他组织的合法权益,促进区块链技术及相关服务的健康发展,根据《中华人民共和国网络安全法》《互联网信息服务管理办法》和《国务院关于授权国家互联网信息办公室负责互联网信息内容管理工作的通知》,制定本规定。
第二条 在中华人民共和国境内从事区块链信息服务,应当遵守本规定。法律、行政法规另有规定的,遵照其规定。
本规定所称区块链信息服务,是指基于区块链技术或者系统,通过互联网站、应用程序等形式,向社会公众提供信息服务。
本规定所称区块链信息服务提供者,是指向社会公众提供区块链信息服务的主体或者节点,以及为区块链信息服务的主体提供技术支持的机构或者组织;本规定所称区块链信息服务使用者,是指使用区块链信息服务的组织或者个人。
第三条 国家互联网信息办公室依据职责负责全国区块链信息服务的监督管理执法工作。省、自治区、直辖市互联网信息办公室依据职责负责本行政区域内区块链信息服务的监督管理执法工作。
第四条 鼓励区块链行业组织加强行业自律,建立健全行业自律制度和行业准则,指导区块链信息服务提供者建立健全服务规范,推动行业信用评价体系建设,督促区块链信息服务提供者依法提供服务、接受社会监督,提高区块链信息服务从业人员的职业素养,促进行业健康有序发展。
第五条 区块链信息服务提供者应当落实信息内容安全管理责任,建立健全用户注册、信息审核、应急处置、安全防护等管理制度。
第六条 区块链信息服务提供者应当具备与其服务相适应的技术条件,对于法律、行政法规禁止的信息内容,应当具备对其发布、记录、存储、传播的即时和应急处置能力,技术方案应当符合国家相关标准规范。
第七条 区块链信息服务提供者应当制定并公开管理规则和平台公约,与区块链信息服务使用者签订服务协议,明确双方权利义务,要求其承诺遵守法律规定和平台公约。
第八条 区块链信息服务提供者应当按照《中华人民共和国网络安全法》的规定,对区块链信息服务使用者进行基于组织机构代码、身份证件号码或者移动电话号码等方式的真实身份信息认证。用户不进行真实身份信息认证的,区块链信息服务提供者不得为其提供相关服务。
第九条 区块链信息服务提供者开发上线新产品、新应用、新功能的,应当按照有关规定报国家和省、自治区、直辖市互联网信息办公室进行安全评估。
第十条 区块链信息服务提供者和使用者不得利用区块链信息服务从事危害国家安全、扰乱社会秩序、侵犯他人合法权益等法律、行政法规禁止的活动,不得利用区块链信息服务制作、复制、发布、传播法律、行政法规禁止的信息内容。
第十一条 区块链信息服务提供者应当在提供服务之日起十个工作日内通过国家互联网信息办公室区块链信息服务备案管理系统填报服务提供者的名称、服务类别、服务形式、应用领域、服务器地址等信息,履行备案手续。
区块链信息服务提供者变更服务项目、平台网址等事项的,应当在变更之日起五个工作日内办理变更手续。
区块链信息服务提供者终止服务的,应当在终止服务三十个工作日前办理注销手续,并作出妥善安排。
第十二条 国家和省、自治区、直辖市互联网信息办公室收到备案人提交的备案材料后,材料齐全的,应当在二十个工作日内予以备案,发放备案编号,并通过国家互联网信息办公室区块链信息服务备案管理系统向社会公布备案信息;材料不齐全的,不予备案,在二十个工作日内通知备案人并说明理由。
第十三条 完成备案的区块链信息服务提供者应当在其对外提供服务的互联网站、应用程序等的显著位置标明其备案编号。
第十四条 国家和省、自治区、直辖市互联网信息办公室对区块链信息服务备案信息实行定期查验,区块链信息服务提供者应当在规定时间内登录区块链信息服务备案管理系统,提供相关信息。
第十五条 区块链信息服务提供者提供的区块链信息服务存在信息安全隐患的,应当进行整改,符合法律、行政法规等相关规定和国家相关标准规范后方可继续提供信息服务。
第十六条 区块链信息服务提供者应当对违反法律、行政法规规定和服务协议的区块链信息服务使用者,依法依约采取警示、限制功能、关闭账号等处置措施,对违法信息内容及时采取相应的处理措施,防止信息扩散,保存有关记录,并向有关主管部门报告。
第十七条 区块链信息服务提供者应当记录区块链信息服务使用者发布内容和日志等信息,记录备份应当保存不少于六个月,并在相关执法部门依法查询时予以提供。
第十八条 区块链信息服务提供者应当配合网信部门依法实施的监督检查,并提供必要的技术支持和协助。
区块链信息服务提供者应当接受社会监督,设置便捷的投诉举报入口,及时处理公众投诉举报。
第十九条 区块链信息服务提供者违反本规定第五条、第六条、第七条、第九条、第十一条第二款、第十三条、第十五条、第十七条、第十八条规定的,由国家和省、自治区、直辖市互联网信息办公室依据职责给予警告,责令限期改正,改正前应当暂停相关业务;拒不改正或者情节严重的,并处五千元以上三万元以下罚款;构成犯罪的,依法追究刑事责任。
第二十条 区块链信息服务提供者违反本规定第八条、第十六条规定的,由国家和省、自治区、直辖市互联网信息办公室依据职责,按照《中华人民共和国网络安全法》的规定予以处理。
第二十一条 区块链信息服务提供者违反本规定第十条的规定,制作、复制、发布、传播法律、行政法规禁止的信息内容的,由国家和省、自治区、直辖市互联网信息办公室依据职责给予警告,责令限期改正,改正前应当暂停相关业务;拒不改正或者情节严重的,并处二万元以上三万元以下罚款;构成犯罪的,依法追究刑事责任。
区块链信息服务使用者违反本规定第十条的规定,制作、复制、发布、传播法律、行政法规禁止的信息内容的,由国家和省、自治区、直辖市互联网信息办公室依照有关法律、行政法规的规定予以处理。
第二十二条 区块链信息服务提供者违反本规定第十一条第一款的规定,未按照本规定履行备案手续或者填报虚假备案信息的,由国家和省、自治区、直辖市互联网信息办公室依据职责责令限期改正;拒不改正或者情节严重的,给予警告,并处一万元以上三万元以下罚款。
第二十三条 在本规定公布前从事区块链信息服务的,应当自本规定生效之日起二十个工作日内依照本规定补办有关手续。
第二十四条 本规定自2019年2月15日起施行。
Kai von Carnap is a research analyst at the Mercator Institute for China Studies (MERICS) with a research focus on technological trends and digital developments in China, with an expertise in blockchain technology and cryptocurrencies. In addition, von Carnap is building up the EU-China forecasting capabilities at MERICS. He holds a double MA in Chinese-European Economics and Business Studies from the Berlin School of Economics and Law and the Southwestern University of Finance and Economics Chengdu, as well as a BA in Sinology and Economics from the Heidelberg University.