中华人民共和国计算机信息系统安全保护条例

国务院令第147号
（Promulgated by Decree No. 147 of the State Council of the People's Republic of China and effective as of February 18， 1994）
颁布日期：19940218 　实施日期：19940218 　颁布单位：国务院

　　Chapter I General Provisions

　　Article 1 These Regulations are formulated² in order to enforce the safety protection of computer information systems， promote the application and development of computers and safeguard the smooth fulfillment of socialist⁴ modernizations⁵.

　　Article 2 A computer information system referred to in these Regulations means a man-machine system composed of compute³ and its related and complementary sets of equipment and facilities （including network） which carry out collection， processing， storage， transmission， retrieval and other operations of information in accordance with specific application aims and rules.

　　Article 3 Enforcing the safety protection of computer information systems shall safeguard the safety of computer and its related and complementary sets of equipment and facilities （including network）， the safety of operating environment， the safety of information， and the normal performance of computer functions so as to maintain the safe operation of computer information systems.

　　Article 4 The emphasis of the safety protection work for computer information systems shall be put on maintaining the safety of computer information systems in the important fields such as state affairs， economic construction， national defence and most advanced science and technology.

　　Article 5 These Regulations are applicable to the safety protection of computer information systems within the territory of the People's Republic of China.

　　The measures for the safety protection of microcomputers⁶ not yet connected to the network shall be formulated separately.

　　Article 6 The Ministry⁷ of Public Security is in charge of the nationwide safety protection work of computer information systems.

　　The Ministry of State Security， the State Bureau of Secret and other concerned departments under the State Council shall do well the relevant work related to the safe protection of computer information systems within terms of reference stipulated⁸ by the State Council.

　　Article 7 Any organization or individual shall not make use of computer information systems to engage in activities harmful to the interests of the state， collectives and citizens， and shall not endanger the safety of computer information systems.

　　Chapter II Safety Protection Systems

　　Article 8 The construction and application of computer information systems shall abide⁹ by laws， administrative¹⁰ regulations and other relevant state stipulations.

　　Article 9 The safety grading protection shall be implemented¹¹ for computer information systems. The dividing standard for safety grades and specific measures for safety grading protection shall be formulated by the Ministry of Public Security in conjunction with other relevant departments.

　　Article 10 A computer room shall be in conformity¹² to the state standards and relevant state stipulations.

　　The construction activities near to a computer room shall not endanger the safety of computer information system.

　　Article 11 A computer information system connected to the international network shall be reported by its using organization to public security organs of the people's government at the provincial¹³ level or above for record.

　　Article 12 Anyone who transports， carries or posts media of computer information into or out of the territory shall be honestly declared to the Customs.

　　Article 13 An organization using the computer information system shall establish and complete the safety management systems， and shall be responsible for its own safety protection work of computer information systems.

　　Article 14 The concerned using organization shall， within 24 hours， report cases taking place in the computer information system to public organs of the people's government at the county level or above.

　　Article 15 The prevention， control and research work of computer viruses and other data harmful to the social public security shall come within the extent of power of the Ministry of Public Security.

　　Article 16 The state shall enforce a license¹⁴ system for sales of the special products for safety of computer information systems. The specific measures shall be formulated by the Ministry of Public Security in conjunction with the concerned departments.

　　Chapter III Safety Supervision¹⁵

　　Article 17 Public security organs shall exercise the following functions and powers of supervision over the safety protection work for computer information systems：

　　（1） To supervise， examine and instruct the safety protection work for computer information systems；

　　（2） To investigate and handle crime and illegality cases of endangering the safety of computer information systems；

　　（3） To perform other supervisory responsibility for the safety protection work of computer information systems.

　　Article 18 When discovering hidden dangers influencing the safety of computer information systems， public security organs shall notify the using organization in time to take safety protection measures.

　　Article 19 In case of emergency the Ministry of Public Security may issue a special circular order for the special matters relating to the safety of computer information systems.

　　Chapter IV Legal Responsibility

　　Article 20 Whoever commits one of the following acts violating the provisions of these Regulations shall be given a warning or ordered to suspend operation for rectification¹⁶ by public security organs：

　　（1） violating the safety grading protection systems for the safety of computer information systems to harm the safety of computer information systems；

　　（2） violating the record systems for the computer information systems connected to the international network；

　　（3） failing to report cases taking place in computer information systems in time as stipulated；

　　（4） refusing to improve the safety status within the time limit after receiving the notice requiring to improve from public security organs；

　　（5） Other acts harmful to the safety of computer information systems.

　　Article 21 Cases of computer rooms not in conformity to the state standards and other state stipulations concerned， or cases of construction activities near to computer rooms endangering the safety of computer information systems， shall be handled by public security organs in conjunction with concerned departments.

　　Article 22 Whoever fails to honestly declare to the Customs when transporting， carrying or posting media of computer information into or out of the territory， shall be dealt with by the Customs in accordance with the Customs Law of the People's Republic of China， these Regulations and relevant provisions of other laws and administrative regulations.

　　Article 23 Whoever intentionally¹⁷ inputs¹⁸ computer viruses and other harmful data to endanger the safety of computer information systems， or sells special products for the safety of computer information systems without permission， shall be given a warning or fined an amount of not more than 5，000 yuan for an individual offender¹⁹， or not more than 15，000 yuan for an organizational offender by public security organs； if there is income illegally obtained， may be imposed a fine of not less than one times and not more than three times an amount of income illegally obtained in addition to confiscation²⁰ of income illegally obtained.

　　Article 24 If an act violating the provisions of these Regulations constitutes an act violating the administration of public security， the offender shall be punished in accordance with the relevant provisions of the Regulations of the People's Republic of China on Administrative Penalties for Public Security； if such an act constitutes a crime， the offender shall be investigated for criminal responsibility according to law.

　　Article 25 Any organization or individual violating the provisions of these Regulations and causing losses to the property of the state， collective and others shall bear civil responsibility in accordance with the law.

　　Article 26 Any interested party disagreeing with concrete administrative acts conducted by public security organs according to these Regulations may apply for an administrative reconsideration or institute administrative lawsuit²¹ in accordance with the law.

　　Article 27 Any state civil servant implementing²² these Regulations who takes advantage of his power to extort²³ or accept bribes²⁴， neglects his duty or conduct other illegal acts shall be investigated for criminal responsibility according to law if his acts constitute a crime； if his acts do not constitute a crime， he shall be given administrative sanctions.

　　Chapter V Supplementary²⁵ Provisions

　　Article 28 The following terms used in these Regulations shall have the following meanings：

　　“Computer viruses” mean a set of computer instructions or programme codes compiled or inserted in computer programmes which damage computer functions or destroy data so as to impair²⁶ operation of computers， and have the capacity to reproduce themselves.

　　“Special products for the safety of computer information systems” mean special hardware and software products used for the safety protection of computer information systems.

　　Article 29 The safety protection work for computer information systems in the armed forces shall be effected according to the relevant rules and regulations applicable to the armed forces.

　　Article 30 The Ministry of Public Security may formulate¹ the measures for implementation²⁷ according to these Regulations.

　　Article 31 These Regulations shall come into force as of the date of promulgation²⁸.