Promulgation Date: 2022-6-27 Title: Provisions on the Management of Internet User Account Information Document Number:网信办令第10号 Expiration date: Promulgating Entities: Cybersecurity Administration Source of text: http://www.cac.gov.cn/2022-06/26/c_1657868775042841.htm Our Commentary:
Chapter I: General Provisions
Article 1: These Provisions are drafted on the basis of the Cybersecurity Law of the PRC, the PRC Data Security Law, the Personal Information Protection Law of the PRC, The Measures on the Administration of Internet Information Services, and other relevant laws and administrative regulations, so as to strengthen the management of internet user account information, carry forward the Core Socialist Values, preserve national security and the societal public interest, and protect the lawful rights and interests of citizens, legal persons, and other organizations.
Article 2: These Provisions apply to internet information service providers' registration and use of internet user account information for internet users within the mainland territory of the PRC, and to their management work. Where laws or administrative regulations otherwise provide, follow those provisions.
Article 3: The State Internet Information Office is responsible for oversight and management work on internet user account information nationwide.
Based on their duties, local Internet Information Offices are responsible for oversight and management work for Internet user account information in the corresponding administrative region.
Article 4: The registration and use of internet user accounts, as well as internet information service providers' management of internet user account information, shall comply with laws and regulations, respect public order and good customs, and be in good faith; it must not endanger national security, the societal public interest, or the lawful rights and interests of others.
Article 5: Relevant industry organizations are encouraged to strengthen self-discipline, establish and complete industry standards and norms, and self-discipline systems, urging and guiding internet information service providers to draft and improve service guidelines, strengthen the management of internet user account information security, provide services in accordance with law, and accept societal oversight.
Chapter II: The Registration and Use of Account Information
Article 6: In accordance with laws, administrative regulations, and relevant state provisions, internet information service providers shall draft and disclose rules for the management of internet user account information and platform conventions, sign service agreements with internet users, and clarify the rights and obligations related to the registration, use, and management of account information.
Article 7: Where the internet user account information being registered or used includes professional information, it shall conform to the corresponding person's actual professional information.
The internet account information registered and used by entities shall be consistent with the entity's name, identifiers, and so forth, and conform to the entity's characteristics, scope of business, industry type, and so forth.
Article 8: Account information registered and used by internet users must not have any of the following situations:
(1) Violations of articles 6 or 7 of the Provisions on the Management of the Online Information Ecosystem;
(2) Impersonating, counterfeiting, or fabricating of the names and logos etc. of political parties, party organs, government organs, or military organs, enterprises and public institutions, people's organizations, and social organizations;
(3) Impersonating, counterfeiting, or fabricating the names and logos etc. of domestic (regional) or international organizations;
(4) Impersonating, counterfeiting, or fabricating the names and logos, etc. of news media such as sites, publishers of newspapers and periodicals, radio and television institutions, or news agencies; or using names and logos with news characteristics such as "news" and "report" without authorization;
(5) Impersonating, counterfeiting, or maliciously associating oneself with geographic names and logos of state administrative regions, the location of the institution, landmark buildings, and other important places, etc.;
(6) Intentionally embedding QR codes, website addresses, email addresses, contact information, or using homophones, near homophones, proxy characters, numbers, or symbols for purposes such as harming the public interest or obtaining improper benefits;
(7) Containing self-inflating or exaggerated names and other such content that might deceive or mislead the public;
(8) Containing other content prohibited by laws, administrative regulations, and relevant state provisions.
Article 9: Where internet information service providers provide internet users with services such as information publication and instant messaging, they shall authenticate the real identity information of the account information of the users applying for registration, based on means such as their mobile phone numbers, identification numbers, or uniform social credit code. Where users do not provide real identity information or fraudulently use the identity information of organizations or other people to falsify register, they must not be provided with the relevant services.
Article 10: internet information service providers shall conduct reviews of the account information provided by internet users at registration and of proposed changes during use, and where violations of articles 7 or 8 of these provisions are found, they shall not grant the registration or change of the account information.
Where account information contains content such as "China", "Chinese", "National", or "State", or contains Party and state symbols and signs such as the Party flag, Party emblem, national flag, national anthem, or national emblem, it shall be strictly reviewed in accordance with laws, administrative regulations, and relevant state provisions.
Internet information service providers shall employ necessary measures to prevent re-registration of accounts that have been closed down in accordance with laws and agreements; and shall strictly review the relevant information where closely related account information is registered.
Article 11: Where internet users apply for registration accounts providing Internet news information services, online publication services, and other internet information services that require administrative permits, or apply to register accounts producing information content in areas such as economics, education, healthcare, and justice; the internet information service providers shall request that they provide service qualifications, professional qualifications, and other materials such as on their professional background, conduct a review, and make a special label in the accounts' information.
Article 12: Internet information service providers shall display accounts' IP address attribution within a reasonable range on internet account's information page to facilitate public oversight for the public interest.
Article 13: Internet information service providers shall display information on public [verified] accounts on their account information page such as the operating entity, registered business address, type of content produced, uniform social credit code, effective contact method, IP address attribution, public account's
Chapter III: Management of Account Information
Article 14: internet information service providers shall perform primary responsibility for the management of internet user account information, allot dedicated staff and technical capacity comensurate with their service model, and establish, complete, and strictly implement management systems such as for real-name registration, account information reviews, information content security, governance of the ecology, emergency response, and personal information protection.
Article 15: internet information service providers shall establish systems for dynamically reviewing account information, checking account resource information at appropriate times, and where it is found that the requirements of these Provisions are not being complied with, they shall suspend the provisions of services and notify the users to make corrections; where corrections are refused, they shall conclude the provision of services.
Article 16: Internet information service providers shall lawfully protect and handle the personal information in internet user account information, and employ measures to prevent unauthorized access as well as leaks, modification, and loss of personal information.
Article 17: Where internet information service providers discover that the account information registered or used by internet users violates laws, administrative regulations, or these Provisions, they shall employ measures to address it in accordance with laws and agreements such as giving warning notices, ordering corrections in a set period of time, restricting account functions, suspending use, closing accounts, and prohibiting re-registration, retain the related records and promptly report to the departments for internet information and other competent departments.
Article 18: Internet information service providers shall establish and complete credit management systems for internet user accounts, making credit appraisals related to account information an important consideration in the credit management of accounts, and providing related services accordingly.
Article 19: Internet information service providers shall set up conspicuous and convenient portals for making complaints and reports, announce the methods for making complaints and reports; establish mechanisms for accepting, screening, addressing, and responding to report information, and clarifying the process for handling them and time limits for giving feedback, to promptly handle users' and the public's complaints and reports.
Chapter IV: Oversight Inspections and Legal Responsibility
Article 20: Internet information departments, together with relevant departments, are to establish and complete mechanisms for information sharing, consultation and reporting, joint law enforcement, case oversight, and other work; and coordinate efforts to oversee and manage internet user account information.
Article 21: Internet information departments are to conduct oversight inspections of internet information service providers' management of account information registered and used by internet users. Internet information service providers shall cooperate and provide necessary technological, data, and other support and assistance.
Where it is discovered that internet information service providers have larger online information security risks, internet information departments at the provincial level and above may require them to employ measures such as suspending information updates, user account registrations, or other related services. Iinternet information service providers shall take measures as required to carry out rectification and eliminate threats.
Article 22: Where internet information service providers violate these provisions, they are to be punished in accordance with relevant laws and administrative regulations. Where laws and administrative regulations do not have relevant provisions, the internet information departments at the provincial level or above are to give warnings, circulate criticism, and order corrections be made in a set period of time on the basis of their duties, and may give a concurrent fine of between 10,000 and 100,0000 RMB. Where a public security administration violation is constituted, it is to be transferred for handling by the public security organs; where a crime is constituted, it is to be transferred for handling by the justice organs.
Chapter V: Supplementary Provisions
Article 23: The meanings of the following terms in these Provisions are:
(1) Internet user account information refers to information used to identify users' accounts, such as names, avatars, cover images, profiles, signatures, and authentication information registered and used by internet users on internet information services.
(2) "Internet information service providers" refers to entities providing users with internet information publication and application platform services, including but not limited to Internet news information services, online publication services, search engines, instant messengers, interactive information services, livestreaming, application software downloads, etc.
Article 24: These Provisions take effect on August 1, 2022. Where these Provisions are inconsistent with related provisions promulgated before these provisions, these provisions apply.