The Cyberspace Administration of China (CAC) in January 2019 released the Blockchain Information Management Regulations, translated in full below, and they took effect the following month. The Regulations, which followed an October 2018 draft, lay out basic content and registration rules for entities offering blockchain functionality as a service.
The rules reiterate existing content controls under the Cybersecurity Law and other regulations, outline the functions of a blockchain service provider registry run by the CAC, and define fines and other penalties for violations.
The CAC has separately declared its intention is to standardize blockchain-related services, support a “healthy” development of the technology, and address security risks, such as the spread of illegal and harmful information or the conduct of illegal and criminal activities.
In August 2019 the CAC announced that it had established a “complete certification system” and had assigned a number of “evaluation institutions” to undertake the security assessments under these regulations (see Article 9).
To date, a total of 1,015 “blockchain information service providers” have completed filing and registration (285on October 30, 2020, 244 on April 24, 2020, 309 on October 18, 2019, and 197 on March 30, 2019).
Original source URL: http://www.cac.gov.cn/2019-01/10/c_1123971164.htm
Blockchain Information Service Management Regulations
Article 1: In order to standardize the activities of blockchain information services; while safeguarding national security and society’s public interest, protecting the lawful rights and interests of citizens, legal persons, and other organizations, and promoting the healthy development of blockchain technology and related services; and in accordance with the Cybersecurity Law of the People’s Republic of China, the Internet Information Services Management Measures, and the Notice of the State Council on Charging the Cyberspace Administration of China with Internet Information Content Management, these Regulations are formulated.
Article 2: Those engaging in blockchain information services within the mainland territory of the People’s Republic of China shall comply with these Regulations. Where laws and administrative regulations require otherwise, such provisions shall be complied with.
In these Regulations, “blockchain information services” refers to information services based on blockchain technologies or systems, accessible through Internet websites, applications, and other modes, provided to the general public.
In these Regulations, “blockchain information service provider” (BISP) refers to entities or nodes providing blockchain information services to the general public, as well as institutions or organizations, providing technical support to blockchain information service entities. In these Regulations, “blockchain information service user” (BISU) refers to an organization or individual using blockchain information services.
Article 3: The Cyberspace Administration of China (CAC), according to its duties, is responsible for the supervision, administration, and law enforcement for blockchain information services nationwide. Provincial, autonomous region, and municipal CAC offices, according to their duties, are responsible for supervision, administration, and law enforcement for blockchain information services within their administrative regions.
Article 4: Blockchain industry organizations are encouraged to strengthen the industry’s self-discipline; to establish and improve an industry self-discipline system and industry standards; to push forward construction of an industry trustworthiness evaluation system; and to supervise and urge BISPs to provide their services according to law, accept society’s supervision, improve the professional quality of blockchain information service practitioners, and promote the healthy and orderly development of the industry.
Article 5: BISPs shall implement security management responsibilities, establishing and improving user registration, information examination and verification, emergency response, security protection, and other management systems.
Article 6: BISPs shall be able to provide the technical prerequisites suitable for their services. They shall possess immediate response capabilities with regard to the publication, recording, storage, or dissemination of information content prohibited by laws and administrative regulations. Technical solutions shall comply with relevant national standards and specifications.
Article 7: BISPs shall formulate and publish management rules and platform covenants, sign service agreements with BISUs, clarify the rights and obligations of both parties, and require them to promise to abide by the legal provisions and platform covenants.
Article 8: BISPs, in accordance with the Cybersecurity Law of the People’s Republic of China, shall verify real identification information of BISUs using organizational registration numbers, personal ID numbers, mobile phone numbers, or other such means. If a user does not undergo real identification verification, the BISP shall not provide them with relevant services.
Article 9: When BISPs develop and bring online new products, applications, or functions, they shall, in accordance with relevant regulations, report them to the national and regional offices of the CAC for security assessment.
Article 10: Both BISPs and BISUs shall not use blockchain information services to engage in activities prohibited by laws and administrative regulations, including activities that harm national security, disturb social order, or infringe the lawful rights and interests of others. They shall not use blockchain information services to produce, copy, publish, or disseminate any information content prohibited by laws and administrative regulations.
Article 11: A BISP shall, within ten working days after beginning to provide services, use the blockchain information service filing management system of the CAC to submit the name of the service provider, service category, service form, application domain, server address, etc., and fulfill filing procedures.
If a BISP changes its service program, the platform URL, or other matters, it shall conduct change procedures within five working days after the date of the change.
If a BISP terminates a service, it shall conduct cancellation procedures at least thirty working days before the termination of services and make appropriate arrangements.
Article 12: Upon receiving the submitted materials by the filing entity, the national and regional offices of the CAC shall, if the materials are complete, record them within twenty working days, issue a filing number, and announce the filing information to the public through the CAC’s blockchain information service filing management system. If the materials are incomplete, they shall not be filed, and the filer shall be notified with an explanatory justification within twenty working days.
Article 13: A BISP that has completed the filing shall visibly indicate its filing number on the website or application through which the services are externally provided.
Article 14: National and regional offices of the CAC shall conduct regular inspections of the filing information of blockchain information services. BISPs shall log into the blockchain information service filing management system within prescribed intervals to provide relevant information.
Article 15: If information security dangers exist within blockchain information services provided by BISPs, they shall undertake rectification. Only if relevant laws, administrative regulations, and other relevant national standards and specifications are followed may information service provision continue.
Article 16: Where BISUs violate laws, administrative regulations, or service agreements, BISPs shall, in accordance with law and agreements, carry out corrective measures, such as warnings, functionality restrictions, or account closure. They should promptly respond to illegal information content with corresponding measures, prevent information proliferation, preserve relevant records, and report to relevant department in charge.
Article 17: BSPs shall record information produced by BISUs, such as published content and logs. Backup records shall be retained for at least six months and shall be provided to relevant law enforcement authorities, when inquired about them in accordance with the law.
Article 18: BISPs shall cooperate with supervisions and inspections lawfully carried out by the cyberspace and informatization [CAC] departments and provide necessary technical support and assistance.
BISPs shall accept society’s supervision, set up convenient portals for complaints and reports, and handle public complaints and reports in a timely manner.
Article 19: If a BISP violates the provisions of Articles 5, 6, 7, 9, Article 11 paragraph 2, or Articles 13, 15, 17, or 18 of these Regulations, the national or regional offices of the CAC will issue a warning, in accordance with their duties, and order a correction before a specified deadline, and relevant businesses will be suspended until correction. If the provider refuses to implement the correction or if circumstances are severe, it shall be penalized with a fine of between RMB 20,000 and RMB 30,000. If a crime is constituted, criminal responsibility shall be investigated according to law.
Article 20: If a BISP violates the provisions of Article 8 or Article 16, the national or regional offices of the CAC shall, based on their duties, handle the matter in accordance with the provisions of the Cybersecurity Law of the People’s Republic of China.
Article 21: If a BISP violates the provisions of Article 10 by producing, copying, publishing, or disseminating information content prohibited by laws and administrative regulations, the national or regional offices of the CAC will issue a warning, in accordance with their duties, and order a correction before a specified deadline, and relevant businesses will be suspended until correction.If the provider refuses to implement the correction or if the circumstances are severe, it shall be penalized with a fine between RMB 5,000 and RMB 30,000. If a crime is constituted, criminal responsibility shall be investigated according to law.
If a BISU violates the provisions of Article 10, by producing, copying, publishing, or disseminating any information content prohibited by laws and administrative regulations, the matter shall be dealt with by the national or regional offices of the CAC in accordance with the provisions of relevant laws and administrative regulations.
Article 22: If a BISP violates the provisions of Article 11, paragraph 1, and fails to perform filing procedures, or files false information, in accordance with these Regulations, the national or regional offices of the CAC shall, in accordance with their duties, order a correction before a specified deadline. If the provider refuses to make the correction or the circumstances are severe, it shall be given a warning and be fined between RMB 10,000 and RMB 30,000.
Article 23: Anyone engaging in blockchain information services prior to the publication of this Regulation shall, within twenty working days from the date of the entry into force of this provision, make up the relevant procedures in accordance with this Regulation.
Article 24: This Regulation takes effect on February 15, 2019.
Kai von Carnap is a research analyst at the Mercator Institute for China Studies (MERICS) with a research focus on technological trends and digital developments in China, with an expertise in blockchain technology and cryptocurrencies. In addition, von Carnap is building up the EU-China forecasting capabilities at MERICS. He holds a double MA in Chinese-European Economics and Business Studies from the Berlin School of Economics and Law and the Southwestern University of Finance and Economics Chengdu, as well as a BA in Sinology and Economics from the Heidelberg University.