Cybercrime Prevention and Control Law
| Cybercrime Prevention and Control Law | |
|---|---|
| Standing Committee of the National People's Congress | |
| Enacted by | Standing Committee of the National People's Congress |
| Introduced by | Ministry of Public Security |
| Status: Pending | |
| Cybercrime Prevention and Control Law | |||||||
|---|---|---|---|---|---|---|---|
| Simplified Chinese | 网络犯罪防治法 | ||||||
| Traditional Chinese | 網路犯罪防治法 | ||||||
| |||||||
The Cybercrime Prevention and Control Law is a draft legislation in China concerning cybercrime.
Legislative history
The draft law was released to the public for comments by the Ministry of Public Security on 31 January 2026.[1]
Content
The draft law includes the obligations of various government and private sector actors in combating cybercrime, while creating new offenses for enabling cybercrime.[2][3]
Article 2 states that the law applies to the prevention and control of cybercrime in the territory of the People's Republic of China, while adding that Chinese citizens outside China can be held liable for violating the law anywhere in the world and that authorities can pursue the liability of foreign individuals and organizations which violate the law when providing services within China.[2]
The Chapter II of the law, titled the Management of Basic Network Resources, mainly deals with the Internet real-name system. Articles 11, 12 and 13 of the law lays out prohibited user conduct, including the usage fake IDs to open accounts or sharing network and phone connections, payment methods, information-sharing accounts, and web hosting. These conducts are listed as administrative violations, with punishments including fines and possible detention of up to 15 days. Agencies are also authorized to blacklist offending individuals or organizations and require service providers to restrict blacklisted users’ access to services.[2]
Article 14 prohibits equipment primarily designed to evade regulatory controls or facilitate cybercrime, including devices for bulk control of SIM cards; intercepting others’ text messages; spoofing caller ID; disabling or disrupting others’ phones; and systems that mass-process SMS or voice verification codes. Article Article 15 requires providers of controlled software and services that provincial police designate as readily used in cybercrimes to file users’ or purchasers’ real identity information with the police and regulatory authorities. Controlled software and services are include tools that can undermine traceability, such as spoofing or masking a user's location, enabling remote control of other systems, and facilitating the bulk management of multiple internet connections, devices, or accounts.[2]
Articles 16 and 17 mandate additional verification where there is irregular account activity, and allows government agencies to request either new verification of specific accounts or a general increase in reverification frequency for areas or times of high criminal activity. It states that users who fail verification may potentially face restricted or terminated functionality, though they are entitled to automatic review, with services restored once verification is successfully completed.[2]
Chapter III of the law, titled Governance of the Cybercrime Ecosystem, provides administrative offenses for Articles 19-33 of the law.[2] Chapter IV of the law is titled Obligations for the Prevention and Control of Cybercrime.[4] Article 24 bans the unauthorized "discovery, collection, and publication of network product vulnerabilities."[1] Article 44 of the law prohibits the production, sale, or provision of means to assist or support in the access of blocked illegal content that originate from outside of the territory of the People's Republic of China.[2] Article 48 and 49 authorizes the police or cybersecurity administration to directly issue 'online protection orders', requiring network operators to promptly block offending, bullying content. Article 50 concerns offenses against minors, including penalties for the possession of child sexual abuse material.[2]
Chapter V of the law, titled the Prevention and Control of Cross-border Cybercrimes, mainly concerns cross-border crimes. Article 54 states the foreign individuals who commit crimes via the Internet in China may have their assets seized, which is in accordance with the Criminal Procedure Law.[2] Article 55 authorizes sanctions, including entry bans and asset freezing, against foreign organizations and individuals that create or spread adverse "fake" information online which impact China's national sovereignty, security, and interests.[2]
See also
References
- ^ a b Nie, Youlan. "New PRC Cybercrime Law Heralds Digital Iron Curtain". Jamestown Foundation. Retrieved 2026-03-06.
- ^ a b c d e f g h i j Daum, Jeremy (2026-02-16). "China's Draft Cybercrime Law". China Law Translate. Retrieved 2026-02-16.
- ^ Zhuang, Sylvie (2 February 2026). "China moves to boost cybercrime penalties by adding exit ban after sentences". South China Morning Post. Retrieved 16 February 2026.
- ^ Translate, China Law (2026-02-02). "Law on the Prevention and Control of Cybercrime (Draft for Solicitation of Comments)". China Law Translate. Retrieved 2026-02-16.