Internet Security Supervision and inspection is one of the responsibilities of the network security department of the public security organ. The provisions on Internet Security Supervision and inspection of the public security organ (Order No. 151 of the Ministry of Public Security) (hereinafter referred to as the provisions) will be implemented from November 1, providing guidance for the supervision and inspection. The regulation is a deep combination of the inspection of network security law enforcement and the network security law. It has detailed regulations on the process of law enforcement, so that the supervision and inspection work can be inspected and disposed according to law.

1、 The first chapter "General Provisions" of the provisions describes the basis for formulation, scope of application, subject of implementation, responsibilities of higher public security organs and general requirements for inspection.

Basis for formulation: Article 1 in order to standardize the Internet Security Supervision and inspection work of public security organs, prevent network crimes, maintain network security, and protect the legitimate rights and interests of citizens, legal persons and other organizations, these Provisions are formulated in accordance with the people's police law of the people's Republic of China, the network security law of the people's Republic of China and other relevant laws and administrative regulations.

Scope of application: Article 2 These Provisions are applicable to the security supervision and inspection by the public security organs on the Internet service providers and Internet users' performance of the network security obligations stipulated by laws and administrative regulations.

Executive body: Article 3 the Internet Security Supervision and inspection shall be organized and implemented by the network security department of the public security organ of the local people's government at or above the county level.

Responsibilities of public security organs at higher levels: Article 3 public security organs at higher levels shall guide and supervise the Internet Security Supervision and inspection conducted by public security organs at lower levels.

General requirements for inspection:

Article 4 in carrying out Internet Security Supervision and inspection, the public security organs shall follow the principle of scientific management, guarantee and promotion of development in accordance with the law, strictly abide by the legal authority and procedures, constantly improve law enforcement methods, and comprehensively implement law enforcement responsibilities.

Article 5 the public security organs and their staff shall keep strictly confidential the personal information, privacy, trade secrets and state secrets they know in the course of performing their duties of Internet Security Supervision and inspection, and shall not disclose, sell or illegally provide them to others. The information obtained by public security organs and their staff in the course of performing their duties of Internet Security Supervision and inspection can only be used for the needs of maintaining network security, and may not be used for other purposes.

Article 6 the public security organ shall promptly notify the relevant competent departments and units of the cyber security risks that may endanger national security, public security and social order found in the supervision and inspection of Internet security.

Article 7 the public security organ shall establish and implement the Internet Security Supervision and inspection system, and consciously accept the supervision of the inspection object and the people.

2、 Chapter II "supervision and inspection objects and contents" of the Regulations stipulates the inspection contents corresponding to the inspection implementation unit, inspection object and inspection object, and both supervision and inspection and major special security supervision and inspection are specified.

Inspection and implementation unit: Article 8 Internet Security Supervision and inspection shall be carried out by the network service operation organization of Internet service provider and the public security organ of the place where the network management organization of the network using unit is located. If the Internet service provider is an individual, it may be implemented by the public security organ in its habitual residence.

Object of inspection: Article 9 the public security organ shall, according to the needs of network security prevention and the specific situation of network security risks, supervise and inspect the following Internet service providers and Internet users:

（1） Providing internet access, Internet data center, content distribution and domain name services;

（2） Providing Internet information services;

（3） Providing public Internet services;

（4） Providing other Internet services;

If the service provided in the preceding paragraph has been carried out for less than one year, if there have been network security incidents or cases of illegal crimes within two years, or if the public security organ has imposed administrative penalties for failing to perform the statutory network security obligations, it shall carry out key supervision and inspection.

By interpreting articles 10 and 11, it can be concluded that supervision and inspection pay more attention to the compliance of daily management of the system. Such as filing, implementation of responsible person, user information and log, security measures, review of released content, etc. According to the six types of services, this paper puts forward targeted inspection contents, including those providing internet access services, Internet data center services, Internet domain name services, Internet information services, Internet content distribution services, and Internet public Internet services

In Article 12, the contents of special safety supervision and inspection during major network security tasks are specified, focusing on the implementation of safety prevention and safety emergency, such as the implementation of safety work plan and safety personnel, the blocking of potential risks, emergency drill and construction, other safety precautions, safety precautions and situation reports.

3、 Chapter III "supervision and inspection procedures" of the Regulations stipulates inspection methods, pre inspection requirements, inspection power, requirements in inspection and post inspection requirements.

Inspection method: Article 13 the public security organ may carry out Internet Security Supervision and inspection by means of on-site supervision and inspection or remote inspection.

Requirements before inspection: Article 14 when the public security organs carry out on-site supervision and inspection of Internet security, the number of people's police shall not be less than two, and they shall show the people's police certificate and the notice of supervision and inspection issued by the public security organs of the local people's governments at or above the county level.

Inspection power: Article 15 the public security organ may take the following measures as necessary to carry out on-site supervision and inspection of Internet Security:

（1） Enter the business place, computer room and workplace;

（2） Require the person in charge of the object of supervision and inspection or the network security management personnel to explain the supervision and inspection items;

（3） Consult and copy information related to Internet Security Supervision and inspection;

（4） Check the operation of technical measures for network and information security protection.

Inspection requirements:

No interference or damage: Article 16 when carrying out remote detection, the public security organ shall inform the supervision and inspection objects of the inspection time, inspection scope and other matters in advance or disclose the relevant inspection matters, and shall not interfere with or damage the normal operation of the network of supervision and inspection objects.

Conservative inspection information: when conducting on-site supervision and inspection or remote inspection, the public security organ may entrust a network security service institution with corresponding technical capabilities to provide technical support. The network security service institution and its staff shall keep strictly confidential the personal information, privacy, trade secrets and state secrets they know in their work, and shall not disclose, sell or illegally provide them to others. The public security organ shall strictly supervise the network security service institutions to implement the responsibility of network security management and confidentiality.

Making inspection records: when conducting on-site supervision and inspection, the public security organ shall make supervision and inspection records, which shall be signed by the people's police conducting the supervision and inspection, the person in charge of the supervision and inspection object or the network security administrator. If the person in charge of the supervision and inspection object or the network security management personnel have any objection to the supervision and inspection record, they shall be allowed to make explanation; if they refuse to sign, the people's police shall indicate in the supervision and inspection record. When carrying out remote inspection, the public security organ shall make records of supervision and inspection, which shall be signed by two or more people's policemen who carry out supervision and inspection. Where a network security service institution is entrusted to provide technical support, the technical support personnel shall sign the supervision and inspection records together.

Requirements after inspection:

Order rectification and recheck: Article 19 In the supervision and inspection of Internet security, if the public security organ finds that the Internet service providers and Internet users have potential risks of network security, it shall urge and guide them to take measures to eliminate such risks, and indicate them on the supervision and inspection records; if any illegal act is found, but the circumstances are minor or no consequence is caused, it shall order them to rectify within a time limit. If the supervision and inspection object considers that the rectification has been completed before the expiration of the rectification period, it may apply to the public security organ in writing for reexamination in advance. The public security organ shall, within three working days after the expiration of the rectification period or the receipt of the application for reexamination in advance from the supervision and inspection objects, reexamine the rectification situation and feed back the reexamination results within three working days after the reexamination.

Data archiving: the data collected in the process of supervision and inspection, all kinds of documents and other materials shall be filed and filed in accordance with the provisions of the twentieth article.

4、 The fourth chapter "legal liability" of the provisions stipulates the corresponding punishment methods of the inspection contents involved in the "second chapter supervision and inspection objects and contents" in combination with the punishment clauses in the network security law, which truly achieves the "law enforcement inspection".

Article 21 If, in the course of Internet Security Supervision and inspection, the public security organ finds that the Internet service provider and the Internet user have the following illegal acts, it shall be given administrative punishment according to law:

（1） If the network security management system and operation procedures are not formulated and implemented, and the person in charge of network security is not determined, the punishment shall be given in accordance with the provisions of the first paragraph of Article 59 of the network security law of the people's Republic of China;

（2） Failure to take technical measures to prevent computer viruses, network attacks, network intrusions and other acts endangering network security shall be punished in accordance with the provisions of the first paragraph of Article 59 of the network security law of the people's Republic of China;

（3） Those who fail to take measures to record and retain the user registration information and online log information shall be punished in accordance with the provisions of the first paragraph of Article 59 of the network security law of the people's Republic of China;

（4） In providing Internet information publishing, instant messaging and other services, if the user is not required to provide real identity information, or the user who does not provide real identity information provides relevant services, he shall be punished in accordance with the provisions of Article 61 of the network security law of the people's Republic of China;

（5） In the process of public information service, if the information prohibited to be published or transmitted by laws or administrative regulations is not disposed of and relevant records are kept according to laws or the requirements of public security organs, punishment shall be given in accordance with Article 68 or item 1 of Article 69 of the network security law of the people's Republic of China;

（6） Those who refuse to provide technical support and assistance to the public security organs in safeguarding national security and investigating criminal activities according to law shall be punished in accordance with the provisions of item 3, Article 69 of the network security law of the people's Republic of China.

If any of the acts mentioned in items 4 to 6 of the preceding paragraph violates the provisions of the Anti Terrorism Law of the people's Republic of China, it shall be punished in accordance with the provisions of Article 84 or the first paragraph of Article 86 of the Anti Terrorism Law of the people's Republic of China.

Article 22 If, in the course of Internet Security Supervision and inspection, the public security organ finds that the Internet service provider and the Internet using unit have stolen or obtained, illegally sold or illegally provided personal information to others by other illegal means, which does not constitute a crime, it shall be punished in accordance with the provisions of the second paragraph of Article 64 of the Internet Security Law of the people's Republic of China.

Article 23 in the course of Internet Security Supervision and inspection, if the public security organ finds that Internet service providers and Internet users have set up malicious programs in the Internet services they provide, it shall be punished in accordance with the provisions of paragraph 1, Article 60 of the network security law of the people's Republic of China.

Article 24 If Internet service providers and Internet users refuse or obstruct public security organs from implementing internet security supervision and inspection, they shall be punished in accordance with the provisions of item 2, Article 69 of the network security law of the people's Republic of China; if they refuse to cooperate in anti-terrorism work, they shall be punished in accordance with Article 91 or 92 of the anti-terrorism law of the people's Republic of China The provisions of Article shall be punished.

Article 25 If the network security service institutions and their staff entrusted by the public security organs to provide technical support engage in activities endangering the network security, such as illegally invading the network of supervision and inspection objects, interfering with the normal functions of the network of supervision and inspection objects, stealing network data, etc., they shall be punished in accordance with the provisions of Article 63 of the network security law of the people's Republic of China; stealing or Anyone who illegally obtains, sells or provides personal information learned in work to others in other ways shall be punished in accordance with the provisions of the second paragraph of Article 64 of the network security law of the people's Republic of China. If a crime is constituted, criminal responsibility shall be investigated according to law.

If the institutions and personnel mentioned in the preceding paragraph infringe upon the trade secrets of the objects of supervision and inspection and constitute a crime, they shall be investigated for criminal responsibility according to law.

Article 26 If a public security organ or its staff neglects their duties, abuses their power or engages in malpractices for personal gain in the supervision and inspection of Internet security, the persons who are directly in charge and other persons who are directly responsible shall be punished according to law; if a crime is constituted, they shall be investigated for criminal responsibility according to law.

Article 27 If an Internet service provider or Internet user violates these provisions and constitutes a violation of public security administration, it shall be punished for public security administration according to law; if a crime is constituted, it shall be investigated for criminal responsibility according to law.

5、 Chapter five "Supplementary Provisions" of the regulations also explains the supervision and inspection contents of Internet service business places.

Article 28 the supervision and inspection of Internet service business places shall be carried out in accordance with the relevant provisions of the regulations on the administration of Internet service business places.

Article 29 these Provisions shall come into force as of November 1, 2018.

(source: safety information)