《网络安全法》解读|Cybersecurity Law
上一节
下一节
《网络安全法》解读 Interpretation of the Cybersecurity Law
《网络安全法》是我国第一部全面规范网络空间安全管理方面问题的基础性法律,是我国网络空间法治建设的重要里程碑,是依法治网、化解网络风险的法律重器,是让互联网在法治轨道上健康运行的重要保障。
《网络安全法》将近年来一些成熟的好做法制度化,并为将来可能的制度创新做了原则性规定,为网络安全工作提供切实法律保障。本法在以下几个方面值得特别关注:
一、《网络安全法》确立了网络安全法的基本原则
第一,网络空间主权原则
● 《网络安全法》第1条“立法目的”开宗明义,明确规定要维护我国网络空间主权。网络空间主权是一国国家主权在网络空间中的自然延伸和表现。习近平总书记指出,《联合国宪章》确立的主权平等原则是当代国际关系的基本准则,覆盖国与国交往各个领域,其原则和精神也应该适用于网络空间。各国自主选择网络发展道路、网络管理模式、互联网公共政策和平等参与国际网络空间治理的权利应当得到尊重。
● 第2条明确规定《网络安全法》适用于我国境内网络以及网络安全的监督管理。这是我国网络空间主权对内最高管辖权的具体体现。
第二,网络安全与信息化发展并重原则
● 习近平总书记指出,安全是发展的前提,发展是安全的保障,安全和发展要同步推进。网络安全和信息化是一体之两翼、驱动之双轮,必须统一谋划、统一部署、统一推进、统一实施。
● 《网络安全法》第3条明确规定,国家坚持网络安全与信息化并重,遵循积极利用、科学发展、依法管理、确保安全的方针;既要推进网络基础设施建设,鼓励网络技术创新和应用,又要建立健全网络安全保障体系,提高网络安全保护能力,做到“双轮驱动、两翼齐飞”。
第三,共同治理原则
●网络空间安全仅仅依靠政府是无法实现的,需要政府、企业、社会组织、技术社群和公民等网络利益相关者的共同参与。
●《网络安全法》坚持共同治理原则,要求采取措施鼓励全社会共同参与,政府部门、网络建设者、网络运营者、网络服务提供者、网络行业相关组织、高等院校、职业学校、社会公众等都应根据各自的角色参与网络安全治理工作。
二、《网络安全法》提出制定网络安全战略,明确网络空间治理目标,提高了我国网络安全政策的透明度
●《网络安全法》第4条明确提出了我国网络安全战略的主要内容,即:明确保障网络安全的基本要求和主要目标,提出重点领域的网络安全政策、工作任务和措施。
●第7条明确规定,我国致力于“推动构建和平、安全、开放、合作的网络空间,建立多边、民主、透明的网络治理体系。”这是我国第一次通过国家法律的形式向世界宣示网络空间治理目标,明确表达了我国的网络空间治理诉求。
●上述规定提高了我国网络治理公共政策的透明度,与我国的网络大国地位相称,有利于提升我国对网络空间的国际话语权和规则制定权,促成网络空间国际规则的出台。
三、《网络安全法》进一步明确了政府各部门的职责权限,完善了网络安全监管体制
●《网络安全法》将现行有效的网络安全监管体制法制化,明确了网信部门与其他相关网络监管部门的职责分工。
●第8条规定,国家网信部门负责统筹协调网络安全工作和相关监督管理工作,国务院电信主管部门、公安部门和其他有关机关依法在各自职责范围内负责网络安全保护和监督管理工作。这种“1+X”的监管体制,符合当前互联网与现实社会全面融合的特点和我国监管需要。
四、《网络安全法》强化了网络运行安全,重点保护关键信息基础设施
●《网络安全法》第三章用了近三分之一的篇幅规范网络运行安全,特别强调要保障关键信息基础设施的运行安全。
●关键信息基础设施是指那些一旦遭到破坏、丧失功能或者数据泄露,可能严重危害国家安全、国计民生、公共利益的系统和设施。
●网络运行安全是网络安全的重心,关键信息基础设施安全则是重中之重,与国家安全和社会公共利益息息相关。为此,《网络安全法》强调在网络安全等级保护制度的基础上,对关键信息基础设施实行重点保护,明确关键信息基础设施的运营者负有更多的安全保护义务,并配以国家安全审查、重要数据强制本地存储等法律措施,确保关键信息基础设施的运行安全。
五、《网络安全法》完善了网络安全义务和责任,加大了违法惩处力度
●《网络安全法》将原来散见于各种法规、规章中的规定上升到人大法律层面,对网络运营者等主体的法律义务和责任做了全面规定,包括守法义务,遵守社会公德、商业道德义务,诚实信用义务,网络安全保护义务,接受监督义务,承担社会责任等,并在“网络运行安全”、“网络信息安全”、“监测预警与应急处置”等章节中进一步明确、细化。
●在“法律责任”中则提高了违法行为的处罚标准,加大了处罚力度,有利于保障《网络安全法》的实施。
六、《网络安全法》将监测预警与应急处置措施制度化、法制化
● 《网络安全法》第五章将监测预警与应急处置工作制度化、法制化,明确国家建立网络安全监测预警和信息通报制度,建立网络安全风险评估和应急工作机制,制定网络安全事件应急预案并定期演练。
●这为建立统一高效的网络安全风险报告机制、情报共享机制、研判处置机制提供了法律依据,为深化网络安全防护体系,实现全天候全方位感知网络安全态势提供了法律保障。
The Cybersecurity Law is the first fundamental law in China that comprehensively regulates issues in the field of cyberspace security management. It is an important milestone in the construction of the rule of law in China's cyberspace, a powerful legal tool for governing the Internet in accordance with the law and resolving network risks, and an important guarantee for the healthy operation of the Internet on the track of the rule of law. The Cybersecurity Law institutionalizes some proven and effective practices in recent years and makes principled provisions for possible institutional innovations in the future, providing practical legal guarantees for cybersecurity work. The following aspects of this law deserve special attention: I. The Cybersecurity Law establishes the basic principles of the law on cybersecurity First, the principle of cyberspace sovereignty ● Article 1 of the Cybersecurity Law, which states the "legislative purpose", clearly stipulates that it aims to safeguard China's cyberspace sovereignty. Cyberspace sovereignty is the natural extension and manifestation of a country's national sovereignty in cyberspace. General Secretary Xi Jinping pointed out that the principle of sovereign equality established by the Charter of the United Nations is a basic norm of contemporary international relations, covering all fields of inter - state exchanges, and its principles and spirit should also apply to cyberspace. The rights of each country to independently choose its path of network development, network management model, Internet public policy and to participate equally in international cyberspace governance should be respected. ● Article 2 clearly stipulates that the Cybersecurity Law applies to networks within China's territory and the supervision and management of network security. This is a specific manifestation of China's supreme jurisdiction over its cyberspace sovereignty within its territory. Second, the principle of according equal importance to cybersecurity and informatization development ● General Secretary Xi Jinping pointed out that security is the prerequisite for development, and development is the guarantee for security. Security and development should be promoted in tandem. Cybersecurity and informatization are like the two wings of a bird and the two wheels of a vehicle. They must be planned, deployed, promoted and implemented in a unified manner. ● Article 3 clearly stipulates that China adheres to according equal importance to cybersecurity and informatization, following the principle of active utilization, scientific development, management in accordance with the law and ensuring security. It is necessary to promote the construction of network infrastructure, encourage innovation and application of network technologies, and at the same time establish and improve the cybersecurity guarantee system, enhance the ability to protect network security, so as to achieve "dual - wheel drive" like a vehicle and "two - wing flight" like a bird. Third, the principle of joint governance ● Cyberspace security cannot be achieved solely by the government. It requires the joint participation of all stakeholders in the network, including governments (government departments), enterprises, social organizations, technology communities and citizens. ● The Cybersecurity Law adheres to the principle of joint governance, requiring measures be taken encourage the whole society to participate jointly. Government departments, network builders, network operators, network service providers, relevant organizations in the network industry, institutions of higher learning (universities), vocational schools, and the general public should all participate according their respective roles in cybersecurity governance. II. The Cybersecurity Law proposes to formulate a cybersecurity strategy, clarifies the goals of cyberspace governance, and improves the transparency of China's cybersecurity policies ● Article 4 clearly puts forward the main content of China's cybersecurity strategy, that is, to clarify the basic requirements and main goals for ensuring network safety, and to put forward policies on network safety, work tasks and measures in key areas (sectors). ● Article 7 clearly stipulates that China is committed to "promoting the building of a peaceful, secure, open and cooperative cyberspace; establishing a multilateral, democratic and transparent cyberspace governance system." This is the first time that China has declared its cyberspace governance goals to the world through national law, clearly expressing China's aspirations for cyberspace governance. ● The above - mentioned provisions improve transparency regarding China's public policies on network governance, which is commensurate with status as a major cyber power; they are conducive to enhancing China's international voice and rule - making power over cyber space; they contribute towards the introduction of international rules for cyberspace III.The Cybersecurity Law further clarifies the functions and powers of each government department and improves regulatory regime for cybersecurity ● The Cybersecurity Law legalizes current effective regulatory regime regarding cyber space safety regulation; it clarifies the division of functions between the Cyberspace Administration and other relevant regulatory departments regarding cyber space. ●Article 8 stipulates: The Cyberspace Administration of PRC shall coordinate overall efforts related to cyber space safety and relevant regulatory work; the telecommunications department under the State Council, the public security department and other relevant authorities shall, in accordance with the laws, be responsible for cyber space safety protection and regulatory work within their respective scope of duties. This "1 + X" regulatory regime is in line with the current characteristics of the full integration between Internet and real society and meets China's regulatory needs. IV. The Cybersecurity Law strengthens the security of network operation and focuses on protecting critical information infrastructure ● Chapter III of the Cybersecurity Law uses nearly one - third of its content to regulate the security of network operation especially emphasizes ensuring operational safety critical information infrastructure. ● Critical information infrastructure refers to systems and facilities that, once damaged, losing their functionality or having their data leaked may seriously endanger national security livelihood of the people, and public interests. ● Network operational safety lies at core of cyber space safety; safety of critical information infrastructure is the most important part among all parts of network safety; it is closely related to national security and public interests. Therefore, the Cybersecurity Law emphasizes that based on hierarchical protection system for network safety, critical information infrastructure should be given priority protection ; it clearly states that operators of critical information infrastructure have more safety protection obligations ; it provides for legal measures such as national security review mandatory local storage important data to ensure operational safety of critical information infrastructure. V. The Cybersecurity Law improves obligations and responsibilities in the field of network safety and increases penalties for violations of the laws ●TheCyberSecurityLawelevatesprovisionsscatteredacrossvariousregulationsandrulesintolawspassedbytheNationalPeople’sCongress.Itcomprehensivelystipulatesthelegalobligationsandresponsibilitiesofsubjectssuchasnetworkoperators,includingobligationstocomplywithlaws,socialmoralityandbusinessethics,honestyandcredibilityobligations,customerprotectionobligations,obligationstoacceptsupervision,andobligationstoundertakesocialresponsibilities.Thesearefurtherclarifiedandspecifiedinchaptersontopicslike“networkoperationsafety”,“networkinformationsecurity”,and “monitoring,warning,andemergencyresponse”. ●Inthe“LegalLiabilityChapter,”thepenaltystandardsforillegalactsareincreasedandthepenaltyintensityisstrengthened,whichisconducivetotheimplementationoftheCybersecurityLaw.(“penaltyintensity”isnottheusualwaytoexpressit,but“strengthenpenalties”isusedabove,andhere“increasepenaltystandards”istranslatedfrom原文) VI.TheCyberSecurityLawinstitutionalizesandlegalizesmonitoring,warning,andemergencyresponsemeasures ●ChapterVoftheCybersecurityLawinstitutionalizesandlegalizesmonitoring,warning,andemergencyresponsework.ItclearlystatesthatChinawillestablishacybersecuritymonitoring,warning,andinformationnotificationsystem;establishacybersecurityriskassessmentandemergencyworkmechanism;andformulatecybersecurityincidentemergencyplanswhichwillberegularlydrilled. ●Thisprovidesalegalbasisfortheestablishmentofaunifiedandefficientcybersecurityriskreportingmechanism,intelligencesharingmechanism,andjudgment-and-disposalmechanism;itprovidesalegalguaranteefordeepeningthecybersecurityprotectionsystemtoachieveall-weather,all-roundawarenessofcybersecuritysituations.【法治中国:《网络安全法》】 [Rule of Law in China: Cybersecurity Law]
【法治中国:《网络安全法》宣传】 [Rule of Law in China: Promotion of the Cybersecurity Law]
