Provisions on the Management of Short-Range Ad-Hoc Network Information Services (Draft for Solicitation of Comments)

[Source]http://www.cac.gov.cn/2023-06/06/c_1687698272954687.htm

Article 1: These Provisions are formulated on the basis of the PRC Cybersecurity Law, the Measures on the Management of Internet Information Services, the Provisions on the Governance of the Online Information Content Ecology, and other laws and regulations, so as to regulate short-range ad-hoc network information services and to protect national security, the societal public interest, and the lawful rights and interests of citizens, legal persons, and other organizations.

Article 2: These Provisions apply to the provision and use of short-range ad-hoc network information services within the mainland territory of the PRC.

"Short-range ad-hoc network information services" as used in these Provisions refers to using information technology such as Bluetooth or Wi-Fi to instantly establish a network and provide service for the publication and receipt of information.

"Short-range ad-hoc network information service providers" as used in these Provisions refers to entities providing short-range ad-hoc network information services by developing or operating platforms, systems, applications, and so forth.

"Short-range ad-hoc network information service users" as referred to in these Provisions, refers to entities using short-range ad-hoc network information services to publish or receive information such as text, images, or audiovisual material, including publishers and recipients.

Article 3: The provision of short-range ad-hoc network information services shall abide by the Constitution, laws, and administrative regulations; carry forward the Core Socialist Values; uphold the correct political, public opinion, and values orientation; and maintain a clear and bright cyberspace.

Article 4: Short-range ad-hoc network information service providers are encouraged to give priority to the adoption of safe and reliable short-range ad-hoc networking technologies.

Article 5: Short-range ad-hoc network information service providers shall comply with laws, regulations, and relevant state provisions to employ necessary security management systems and technical measures, increase capacity for risk prevention, address illegal information in accordance with law, prevent and resist the transmission of negative information, store related records, and report to the relevant departments such as for internet information.

Short-range ad-hoc network information service users must not use those services to publish or forward illegal information and shall employ measures to prevent and resist the production, reproduction, and publication of negative information; and where they receive illegal or negative information, they must not forward it and have the right to make a complaint or report to the relevant departments such as for internet information.

Article 6: In the course of providing services, the short-range ad-hoc network information service providers shall require users to provide their real identity information in accordance with the PRC Cybersecurity Law.

Article 7: In the course of providing services, the short-range ad-hoc network information service providers shall provide functions for confirming the pairing between publishers and recipients in a clear and conspicuous fashion; requiring the publishers' and recipients' confirmation and consent for each pairing, and there must not be default or automatic pairing without both sides' consent.

Article 8: In the course of providing services, the short-range ad-hoc network information service providers shall provide recipients with functions on receiving such as turning off reception, selective reception, and making blacklists for which receipt is automatically refused, and the default setting is to be that receiving is turned off; when providing selective reception services, circumstances such as the speed of transmission and users' desires should be comprehensively considered to reasonably set a duration for receipt, and automatically switch to turning off reception after the duration is exceeded.

Article 9: In the course of providing services, short-range ad-hoc network information service providers must not have the default of providing information summary and preview functions such as for snapshots or thumbnail images without the recipient's consent.

Article 10: In the course of providing services, short-range ad-hoc network information service providers shall provide functions such as usage and risk alerts.

Article 11: Short-range ad-hoc network information service providers shall set up convenient portals or channels for complaints and reports, and promptly accept and address the public's complaints and reports regarding the short-range ad-hoc network information services.

Article 12: Short-range ad-hoc network information service users must not carry out acts such as network incursions, frequent sending of links, or stealing network data, and must not cause harmful disruptions to the lawful conduct of wireless operations.

Article 13: Short-range ad-hoc network information service providers shall draft emergency response plans for network security incidents and immediately activate the response plan when incidents harming network security occur, employing corresponding measures to address it and promptly reporting to the relevant departments in accordance with provisions.

Article 14: Short-range ad-hoc network information service providers putting online new technologies, applications, or functions that have a public opinion character or the capacity for societal mobilization, shall carry out security assessments in accordance with relevant state provisions. Where security threats are discovered, they shall promptly make corrections until the related security threats are eliminated.

Mobile application publishing platforms shall conduct verifications of the security assessment situation.

Article 15: Encourage and guide internet industry organizations in establishing and completing norms for the short-range ad-hoc network information services industry, to lead the healthy and orderly development of the industry.

Article 16: The internet information departments, departments in charge of industry and information technology, and public security departments are to establish and complete work mechanisms for information sharing, consultation, and reporting; carry out routine oversight and inspections of short-range ad-hoc network information service providers on the basis of their authority, and carry out special inspections of those providers that have issues.

Article 17: Short-range ad-hoc network information service providers shall cooperate with the internet information departments, industry and information technology departments, and public security departments that are carrying out oversight and inspections, and shall provide necessary techniques and data or other support and assistance.

Article 18: Where short-range ad-hoc network information service providers and users violate these Provisions, the internet information departments, industry and information departments, and public security departments are to address it on the basis of their duties and in accordance with laws and regulations such as the PRC Cybersecurity Law, The Measures on the Management of Internet Information Services, and the Provisions on the Governance of the Online Information Content Ecology.

Article 19: These Provisions are to take effect on XX/XX/XXXX.