NOTE: This translation was originally published on the China Copyright and Media blog, a project of DigiChina’s Prof. Rogier Creemers of the University of Leiden. It has not been edited, double-checked, or standardized with DigiChina’s original content. Read more.

Ministry of Public Security of the People’s Republic of China Decree

No. 151

The “Regulations on Internet Security Supervision and Inspection by Public Security Bodies” were passed at the Minister’s business meeting of the Ministry of Public Security on 5 September 2018, are hereby promulgated, and take effect on 1 November 2018.

Minister: Zhao Kezhi

15 September 2018

Regulations on Internet Security Supervision and Inspection by Public Security Bodies

Chapter I: General provisions

Article 1: These Regulations are formulated in order to standardize public security bodies’ Internet security supervision and inspection work, prevent online law-breaking and crime, safeguard cybersecurity, protect the lawful rights and interests of citizens, legal persons and other organizations, on the basis of the “People’s Police Law of the People’s Republic of China”, the “Cybersecurity Law of the People’s Republic of China” and other such laws and administrative regulations. 

Article 2: These Regulations apply to public security bodies conducting security supervision and inspection of Internet service providers’ and network-using work units’ fulfilment of cybersecurity duties provided in laws and administrative regulations. 

Article 3: Internet security supervision and inspection work is conducted by county-level or higher local People’s Government public security body cybersecurity protection departments. 

Higher-level public security bodies shall implement guidance and supervision of lower levels’ public security bodies’ conduct of Internet security supervision and inspection work.

Article 4: Public security bodies conducting Internet security supervision and inspection shall abide by the policies of scientific management, ensuring and stimulating development, strictly abide by statutory powers and procedures, incessantly improve law enforcement methods, and comprehensively implement law enforcement responsibilities. 

Article 5: Public security bodies and their work personnel shall strictly preserve the secrecy of personal information and privacy, commercial secrets and State secrets they learn in the process of fulfilling Internet security supervision and inspection duties and responsibilities, they may not leak this, sell it or illegally provide it to others.

Public security bodies and their work personnel can only use information they learn in the process of fulfilling Internet security supervision and inspection duties as required for maintaining cybersecurity, and may not use it for other purposes.

Article 6: Public security bodies shall timely notify relevant controlling departments and work units about cybersecurity risks they discover in the process of Internet security supervision and inspection work, which may harm national security, public security or social order.

Article 7: Public security bodies shall establish and implement rules for Internet security supervision and inspection work, and consciously accept supervision by inspection counterparts and the popular masses.

Chapter II: Supervision and inspection counterparts and content.

Article 8: Internet security supervision and inspection will be conducted by public security bodies of the locality of Internet service providers’ network service operations bodies and network using work units’ network management bodies. Where an Internet service provider is an individual, it may be implemented by the public security body of their regular place of residence.

Article 9: Public security bodies shall, on the basis of cybersecurity protection requirements and the concrete circumstances of cybersecurity risks and vulnerabilities, conduct supervision and inspection of the following Internet service providers and network-using work units.

(1) Those providing Internet access, Internet data centre, content distribution and domain name services;

(2) Those providing Internet information services;

(3) Those providing public network access services;

(4) Those providing other Internet services. 

Focus supervision and inspection shall be conducted of those who have not conducted the services provided in the previous Paragraph for a full year, those where a cybersecurity incident, breach of law or crime occurred within two years, or those who have been subject to administrative punishment by a public security body for not fulfilling statutory cybersecurity duties.

Article 10: Public security bodies shall, on the basis of the actual circumstances of Internet service providers’ and network-using work units fulfilling their statutory cybersecurity duties, and according to relevant State regulations and standards, conduct supervision and inspection of the following content:

(1) Whether or not they have conducted network work unit filing formalities, and have reported the access work unit, basic user information and changes therein;

(2) Whether or not they have formulated and implemented cybersecurity management rules and operating rules, and appointed a person responsible for cybersecurity;

(3) Whether or not they have adopted technical measures to record and preserve user registration information and network use record information according to the law;

(4) Whether or not they have adopted technical measures to defend against computer viruses, cyberattacks, cyber intrusions, etc.;

(5) Whether or not they have adopted corresponding prevention measures against the publication or transmission of information prohibited in laws and administrative regulations according to the law in public information services;

(6) Whether or not they have provided technical support and assistance to public security bodies lawfully maintaining cybersecurity, preventing and investigating terror activities, or investigating crimes according to statutory provisions;

(7) Whether or not they have fulfilled cybersecurity multi-level protection duties as provided in laws and administrative regulations.

Article 11: Apart from the content listed in Article 10 of these Regulations, public security bodies shall also conduct supervision and inspection of the following content, on the basis of the category of provided Internet services:

(1) Where Internet access services are provided, supervising and inspecting whether they have recorded and preserved network address, allocation and use details;

(2) Where Internet data centre services are provided, supervising and inspecting whether they have recorded user information of the host entrustment, host rental and virtual space rental they provide;

(3) Where Internet domain name services are provided, supervising and inspecting whether they have recorded network domain name application and modification information, and whether or not they have adopted measures to deal with unlawful domain names according to the law.

(4) Where Internet information services are provided, supervising and inspecting whether they have adopted user-disseminated information management measures according to the law, whether or not they have adopted measures to deal with already published or transmitted information of which the dissemination or transmission is prohibited by laws and administrative regulations, and maintained related records;

(5) Where Internet content distribution services are provided, supervising and inspecting whether or not they have recorded circumstances concerning content distribution network and content source network links;

(6) Where Internet public access services are provided, supervising and inspecting whether or not they have adopted technical network and information security protection measures conform to national standards.

Article 12: During periods of national major cybersecurity defence tasks, public security bodies may conduct targeted security supervision and inspection of the following content of Internet service providers and network-using work units related to national major cybersecurity defence tasks:

(1) Whether or not they have formulated work plans required for major national cybersecurity defence tasks, clarified cybersecurity duties and work divisions, and appointed a management person for cybersecurity;

(2) Whether or not they have organized and conducted cybersecurity risk assessments, and adopted corresponding risk control measures to remedy cybersecurity leaks and vulnerabilities;

(3) Whether or not they have formulated cybersecurity emergency response plans, organized and conducted emergency response exercises, and whether or not emergency response-related equipment is complete and effective.

(4) Whether or not they have adopted other cybersecurity protection tasks required for major cybersecurity protection tasks according to the law;

(5) Whether or not they have reported cybersecurity protection measures and implementation circumstances to public security bodies according to requirement. 

Internet security supervision and inspection with preventing terror attacks as its major objective will be implemented according to the content provided in the previous Paragraph.

Chapter III: Supervision and inspection procedures

Article 13: Public security bureaus conducting Internet security supervision and inspection may adopt on-site supervision and inspection or remote monitoring methods to do so.

Article 14: When public security bodies conduct on-site Internet security supervision and inspection, the number of People’s Police may not be less than 2, and they shall produce their People’s Police card and county-level or higher local People’s Government public security body-issued supervision and inspection notification letter.

Article 15: Public security bodies conducting on-site Internet security supervision and inspection may adopt the following measures on the basis of requirement:

(1) Entering business premises, computer rooms, work premises;

(2) Requiring the supervision and inspection counterpart’s responsible person or cybersecurity management personnel to explain supervision and inspection matters;

(3) Consulting and reproducing information related to Internet security supervision and inspection;

(4) Checking the operational state of technical network and information security protection measures.

Article 16: Public security bodies may conduct remote monitoring on whether or not cybersecurity leaks exist with Internet service providers and network-using work units.

Public security bodies conducting remote monitoring shall notify the supervision and inspection counterpart in advance about the inspection time, inspection cope and other such matters, or publish the related inspection matters, they may not interfere with or destroy the regular operations of the supervision and inspection counterpart’s networks.

Article 17: Public security bodies conducting on-site supervision and inspection or remote monitoring may entrust cybersecurity service bodies having corresponding technical capabilities with providing technical support. 

Cybersecurity service bodies and their work personnel shall strictly preserve the secrecy of personal information and privacy, commercial secrets and State secrets they learn in the process of fulfilling Internet security supervision and inspection duties and responsibilities, they may not leak this, sell it or illegally provide it to others.

Public security bodies shall strictly supervise cybersecurity service bodies’ implementation of cybersecurity management and secrecy protection responsibilities.

Article 18: Public security bodies conducting on-site supervision and inspection shall draft supervision and inspection records, and have them signed by the People’s Police conducting supervision and inspection and the responsible person or cybersecurity management personnel from the supervision and inspection counterpart. Where the responsible person or cybersecurity management personnel from the supervision and inspection counterpart object to the supervision and inspection record, they shall be allowed to explain the matter; where they refuse to sign, People’s Police shall indicate this on the supervision and inspection record.

Public security bodies conducting remote monitoring shall draft supervision and inspection records, and have the supervision and inspection record signed by two or more People’s Police conducting the supervision and inspection. 

Where cybersecurity service bodies are entrusted with providing technical support, the technical support personnel shall sign the supervision and inspection record together.

Article 19: Public security bodies discovering that cybersecurity risks or vulnerabilities exist in Internet service providers and network-using work unit in the process of Internet security supervision and inspection, shall urge and guide them to adopt measures to eliminate the risks or vulnerabilities, and indicate this in the supervision and inspection records; where they discover unlawful acts, but circumstances are light or no results have been created, they shall order them to correct the matter within a limited time.

Where the supervision and inspection counterpart believes they have completed correction before the end of the time limit, they may submit a re-inspection application in writing to the public security body.

Public security bodies shall, within three working days after the time limit ends or after receiving an earlier re-inspection application from the supervision and inspection counterpart, conduct a re-inspection of the corrected situation, and feed back the re-inspection results within three working days after the re-inspection concludes.

Article 12: All kinds of material collected in the process of inspection, or all kinds of produced documents and other materials, shall be stored in files according to regulations.

Chapter IV: Legal liability

Article 21: Where public security bodies discover Internet service providers or network-using work units committed the following unlawful acts in the process of Internet security supervision and inspection, they shall impose administrative punishment according to the law:

(1) Those not formulating or implementing cybersecurity management rules and operating rules, or not appointing a responsible person for cybersecurity, will be punished according to Article 59 Paragraph I of the “Cybersecurity Law of the People’s Republic of China”;

(2) Those not adopting technical measures to defend against computer viruses, cyberattacks, cyber intrusions and other such acts harming cybersecurity, will be punished according to the provisions of Article 59 Paragraph I of the “Cybersecurity Law of the People’s Republic of China”;

(3) Those not adopting measures to record and preserve user registration information and web access daily record information, will be punished according to the provisions of Article 59 Paragraph I of the “Cybersecurity Law of the People’s Republic of China”;

(4) Those not requiring users to provide real identity information according to requirements in the process of providing Internet information dissemination, instant communication and other such services, or who provide related services to users not providing real identity information, will be punished according to the provisions of Article 61 of the “Cybersecurity Law of the People’s Republic of China”;

(5) Those who do not adopt measures to cease transmission and delete information of which the dissemination and transmission is prohibited by laws and administrative regulations according to the law or according to public security bodies’ requirements, and preserve relevant records, will be punished according to the provisions of Article 68 or Article 69 Paragraph I of the “Cybersecurity Law of the People’s Republic of China”;

(6) Those refusing to provide technical support and assistance to public security bodies maintaining cybersecurity and investigating criminal activities according to the law, will be punished according to the provisions of Article 69 Paragraph III of the “Cybersecurity Law of the People’s Republic of China”.

Where the acts in the preceding items 4 to 6 violate the “Anti-Terrorism Law of the People’s Republic of China”, they will be punished according to the provisions of Article 84 or Article 86 Paragraph I of the “Anti-Terrorism Law of the People’s Republic of China”.

Article 22: Where public security bodies, in the process of Internet security supervision and inspection, discover Internet service providers and network-using work units steal or obtain personal information in an illegal manner, illegally sell or illegally provide it to others, but it does not constitute a crime, they will be punished according to the provisions of Article 64 Paragraph II of the “Cybersecurity Law of the People’s Republic of China”.

Article 23: Where public security bodies, in the process of Internet security supervision and inspection, discover Internet service providers and network-using work units have installed malicious programmes in the Internet services they provide, they will be punished according to the provisions of Article 60 Paragraph I of the “Cybersecurity Law of the People’s Republic of China”.

Article 24: Where Internet service providers and network-using work units refuse or impede public security bodies’ conduct of Internet security supervision and inspection, they will be punished according to the provisions of Article 69 Paragraph II of the “Cybersecurity Law of the People’s Republic of China”; where they refuse to cooperate with anti-terrorism work, they will be punished according to the provisions of Article 91 or Article 92 of the “Anti-Terrorism Law of the People’s Republic of China.

Article 25: Where cybersecurity service bodies and their work personnel entrusted with providing technical support engage in illegal intrusion into the supervision and inspection counterpart’s networks, interfere with the regular functioning of the supervision and inspection counterpart’s networks, or steal online data and other such activities harming cybersecurity, they will be punished according to the provisions of Article 63 of the “Cybersecurity Law of the People’s Republic of China”; where they steal personal information they have obtained in the process of their work or obtain it in an illegal manner, illegally sell or illegally provide it to others, they will be punished according to the provisions of Article 64 Paragraph II of the “Cybersecurity Law of the People’s Republic of China”, where it constitutes a crime, criminal liability will be prosecuted according to the law.

Where bodies and their work personnel as provided in the previous Paragraph infringe the commercial secrets of the supervision and inspection counterpart, constituting a crime, criminal liability will be prosecuted according to the law.

Article 26: Where public security bodies and their work personnel, in the process of Internet security supervision and inspection work, are derelict in their duties, abuse their powers, or engage in favouritism, the directly responsible person in charge and other directly responsible personnel will be punished according to the law; where it constitutes a crime, criminal liability will be prosecuted according to the law.

Article 27: Where Internet service providers and network-using work units violate these Regulations, constituting a violation of public security management, they will be subject to public order management punishment; where it constitutes a crime, criminal liability will be prosecuted according to the law.

Chapter V: Supplementary provisions

Article 28: Supervision and inspection of commercial Internet access service venues will be implementing according to the relevant provisions of the “Commercial Internet Access Service Venue Management Regulations”.

Article 29: These Regulations take effect on 1 November 2018.

中华人民共和国公安部令第151号

《公安机关互联网安全监督检查规定》已经2018年9月5日公安部部长办公会议通过，现予发布，自2018年11月1日起施行。

部长　 赵克志

2018年9月15日

公安机关互联网安全监督检查规定

第一章　总则

第一条　为规范公安机关互联网安全监督检查工作，预防网络违法犯罪，维护网络安全，保护公民、法人和其他组织合法权益，根据《中华人民共和国人民警察法》《中华人民共和国网络安全法》等有关法律、行政法规，制定本规定。

第二条　本规定适用于公安机关依法对互联网服务提供者和联网使用单位履行法律、行政法规规定的网络安全义务情况进行的安全监督检查。

第三条　互联网安全监督检查工作由县级以上地方人民政府公安机关网络安全保卫部门组织实施。

上级公安机关应当对下级公安机关开展互联网安全监督检查工作情况进行指导和监督。

第四条　公安机关开展互联网安全监督检查，应当遵循依法科学管理、保障和促进发展的方针，严格遵守法定权限和程序，不断改进执法方式，全面落实执法责任。

第五条　公安机关及其工作人员对履行互联网安全监督检查职责中知悉的个人信息、隐私、商业秘密和国家秘密，应当严格保密，不得泄露、出售或者非法向他人提供。

公安机关及其工作人员在履行互联网安全监督检查职责中获取的信息，只能用于维护网络安全的需要，不得用于其他用途。

第六条　公安机关对互联网安全监督检查工作中发现的可能危害国家安全、公共安全、社会秩序的网络安全风险，应当及时通报有关主管部门和单位。

第七条　公安机关应当建立并落实互联网安全监督检查工作制度，自觉接受检查对象和人民群众的监督。

第二章　监督检查对象和内容

第八条　互联网安全监督检查由互联网服务提供者的网络服务运营机构和联网使用单位的网络管理机构所在地公安机关实施。互联网服务提供者为个人的，可以由其经常居住地公安机关实施。

第九条　公安机关应当根据网络安全防范需要和网络安全风险隐患的具体情况，对下列互联网服务提供者和联网使用单位开展监督检查：

（一）提供互联网接入、互联网数据中心、内容分发、域名服务的；

（二）提供互联网信息服务的；

（三）提供公共上网服务的；

（四）提供其他互联网服务的；

对开展前款规定的服务未满一年的，两年内曾发生过网络安全事件、违法犯罪案件的，或者因未履行法定网络安全义务被公安机关予以行政处罚的，应当开展重点监督检查。

第十条　公安机关应当根据互联网服务提供者和联网使用单位履行法定网络安全义务的实际情况，依照国家有关规定和标准，对下列内容进行监督检查：

（一）是否办理联网单位备案手续，并报送接入单位和用户基本信息及其变更情况；

（二）是否制定并落实网络安全管理制度和操作规程，确定网络安全负责人；

（三）是否依法采取记录并留存用户注册信息和上网日志信息的技术措施；

（四）是否采取防范计算机病毒和网络攻击、网络侵入等技术措施；

（五）是否在公共信息服务中对法律、行政法规禁止发布或者传输的信息依法采取相关防范措施；

（六）是否按照法律规定的要求为公安机关依法维护国家安全、防范调查恐怖活动、侦查犯罪提供技术支持和协助；

（七）是否履行法律、行政法规规定的网络安全等级保护等义务。

第十一条　除本规定第十条所列内容外，公安机关还应当根据提供互联网服务的类型，对下列内容进行监督检查：

（一）对提供互联网接入服务的，监督检查是否记录并留存网络地址及分配使用情况；

（二）对提供互联网数据中心服务的，监督检查是否记录所提供的主机托管、主机租用和虚拟空间租用的用户信息；

（三）对提供互联网域名服务的，监督检查是否记录网络域名申请、变动信息，是否对违法域名依法采取处置措施；

（四）对提供互联网信息服务的，监督检查是否依法采取用户发布信息管理措施，是否对已发布或者传输的法律、行政法规禁止发布或者传输的信息依法采取处置措施，并保存相关记录；

（五）对提供互联网内容分发服务的，监督检查是否记录内容分发网络与内容源网络链接对应情况；

（六）对提供互联网公共上网服务的，监督检查是否采取符合国家标准的网络与信息安全保护技术措施。

第十二条　在国家重大网络安全保卫任务期间，对与国家重大网络安全保卫任务相关的互联网服务提供者和联网使用单位，公安机关可以对下列内容开展专项安全监督检查：

（一）是否制定重大网络安全保卫任务所要求的工作方案、明确网络安全责任分工并确定网络安全管理人员；

（二）是否组织开展网络安全风险评估，并采取相应风险管控措施堵塞网络安全漏洞隐患；

（三）是否制定网络安全应急处置预案并组织开展应急演练，应急处置相关设施是否完备有效；

（四）是否依法采取重大网络安全保卫任务所需要的其他网络安全防范措施；

（五）是否按照要求向公安机关报告网络安全防范措施及落实情况。

对防范恐怖袭击的重点目标的互联网安全监督检查，按照前款规定的内容执行。

第三章　监督检查程序

第十三条　公安机关开展互联网安全监督检查，可以采取现场监督检查或者远程检测的方式进行。

第十四条　公安机关开展互联网安全现场监督检查时，人民警察不得少于二人，并应当出示人民警察证和县级以上地方人民政府公安机关出具的监督检查通知书。

第十五条　公安机关开展互联网安全现场监督检查可以根据需要采取以下措施：

（一）进入营业场所、机房、工作场所；

（二）要求监督检查对象的负责人或者网络安全管理人员对监督检查事项作出说明；

（三）查阅、复制与互联网安全监督检查事项相关的信息；

（四）查看网络与信息安全保护技术措施运行情况。

第十六条　公安机关对互联网服务提供者和联网使用单位是否存在网络安全漏洞，可以开展远程检测。

公安机关开展远程检测，应当事先告知监督检查对象检查时间、检查范围等事项或者公开相关检查事项，不得干扰、破坏监督检查对象网络的正常运行。

第十七条　公安机关开展现场监督检查或者远程检测，可以委托具有相应技术能力的网络安全服务机构提供技术支持。

网络安全服务机构及其工作人员对工作中知悉的个人信息、隐私、商业秘密和国家秘密，应当严格保密，不得泄露、出售或者非法向他人提供。公安机关应当严格监督网络安全服务机构落实网络安全管理与保密责任。

第十八条　公安机关开展现场监督检查，应当制作监督检查记录，并由开展监督检查的人民警察和监督检查对象的负责人或者网络安全管理人员签名。监督检查对象负责人或者网络安全管理人员对监督检查记录有异议的，应当允许其作出说明；拒绝签名的，人民警察应当在监督检查记录中注明。

公安机关开展远程检测，应当制作监督检查记录，并由二名以上开展监督检查的人民警察在监督检查记录上签名。

委托网络安全服务机构提供技术支持的，技术支持人员应当一并在监督检查记录上签名。

第十九条　公安机关在互联网安全监督检查中，发现互联网服务提供者和联网使用单位存在网络安全风险隐患，应当督促指导其采取措施消除风险隐患，并在监督检查记录上注明；发现有违法行为，但情节轻微或者未造成后果的，应当责令其限期整改。

监督检查对象在整改期限届满前认为已经整改完毕的，可以向公安机关书面提出提前复查申请。

公安机关应当自整改期限届满或者收到监督检查对象提前复查申请之日起三个工作日内，对整改情况进行复查，并在复查结束后三个工作日内反馈复查结果。

第二十条　监督检查过程中收集的资料、制作的各类文书等材料，应当按照规定立卷存档。

第四章　法律责任

第二十一条　公安机关在互联网安全监督检查中，发现互联网服务提供者和联网使用单位有下列违法行为的，依法予以行政处罚：

（一）未制定并落实网络安全管理制度和操作规程，未确定网络安全负责人的，依照《中华人民共和国网络安全法》第五十九条第一款的规定予以处罚；

（二）未采取防范计算机病毒和网络攻击、网络侵入等危害网络安全行为的技术措施的，依照《中华人民共和国网络安全法》第五十九条第一款的规定予以处罚；

（三）未采取记录并留存用户注册信息和上网日志信息措施的，依照《中华人民共和国网络安全法》第五十九条第一款的规定予以处罚；

（四）在提供互联网信息发布、即时通讯等服务中，未要求用户提供真实身份信息，或者对不提供真实身份信息的用户提供相关服务的，依照《中华人民共和国网络安全法》第六十一条的规定予以处罚；

（五）在公共信息服务中对法律、行政法规禁止发布或者传输的信息未依法或者不按照公安机关的要求采取停止传输、消除等处置措施、保存有关记录的，依照《中华人民共和国网络安全法》第六十八条或者第六十九条第一项的规定予以处罚；

（六）拒不为公安机关依法维护国家安全和侦查犯罪的活动提供技术支持和协助的，依照《中华人民共和国网络安全法》第六十九条第三项的规定予以处罚。

有前款第四至六项行为违反《中华人民共和国反恐怖主义法》规定的，依照《中华人民共和国反恐怖主义法》第八十四条或者第八十六条第一款的规定予以处罚。

第二十二条　公安机关在互联网安全监督检查中，发现互联网服务提供者和联网使用单位，窃取或者以其他非法方式获取、非法出售或者非法向他人提供个人信息，尚不构成犯罪的，依照《中华人民共和国网络安全法》第六十四条第二款的规定予以处罚。

第二十三条　公安机关在互联网安全监督检查中，发现互联网服务提供者和联网使用单位在提供的互联网服务中设置恶意程序的，依照《中华人民共和国网络安全法》第六十条第一项的规定予以处罚。

第二十四条　互联网服务提供者和联网使用单位拒绝、阻碍公安机关实施互联网安全监督检查的，依照《中华人民共和国网络安全法》第六十九条第二项的规定予以处罚；拒不配合反恐怖主义工作的，依照《中华人民共和国反恐怖主义法》第九十一条或者第九十二条的规定予以处罚。

第二十五条　受公安机关委托提供技术支持的网络安全服务机构及其工作人员，从事非法侵入监督检查对象网络、干扰监督检查对象网络正常功能、窃取网络数据等危害网络安全的活动的，依照《中华人民共和国网络安全法》第六十三条的规定予以处罚；窃取或者以其他非法方式获取、非法出售或者非法向他人提供在工作中获悉的个人信息的，依照《中华人民共和国网络安全法》第六十四条第二款的规定予以处罚，构成犯罪的，依法追究刑事责任。

前款规定的机构及人员侵犯监督检查对象的商业秘密，构成犯罪的，依法追究刑事责任。

第二十六条　公安机关及其工作人员在互联网安全监督检查工作中，玩忽职守、滥用职权、徇私舞弊的，对直接负责的主管人员和其他直接责任人员依法予以处分；构成犯罪的，依法追究刑事责任。

第二十七条　互联网服务提供者和联网使用单位违反本规定，构成违反治安管理行为的，依法予以治安管理处罚；构成犯罪的，依法追究刑事责任。

第五章　附则

第二十八条　对互联网上网服务营业场所的监督检查，按照《互联网上网服务营业场所管理条例》的有关规定执行。

第二十九条　本规定自2018年11月1日起施行。