China’s Anti-Terrorism Law – what it means for telecommunications and Internet service providers

Data Protection, Privacy and Security Alert


The State Council of China has published the Anti-Terrorism Law of the People's Republic of China, drafted to combat the threat of terrorism.

The initial draft was circulated for comments in late 2014.  Following several rounds of revisions during the subsequent 12 months, the Law was recently passed unanimously by the Standing Committee of the National People’s Congress and was published on December 27, 2015.

Among all the articles relating to the Law, a series of requirements and obligations are imposed on telecommunication and Internet service providers, under which these service providers are required to provide technical support to the security authority and prevent dissemination of information on terrorism/extremism.

The key implications for telecommunication and Internet service providers are summarized as follows:

1.    Technical support

Telecommunication operators and Internet service providers are required to provide assistance and technological support (including technological interface and decryption) to the public security bureaus and national security authorities for the purpose of preventing and investigating terrorism activities.

2.    Monitoring and reporting

Telecommunication operators and Internet service providers should take security measures and adopt monitoring mechanisms to identify terrorism and extremism information.

Upon detection of terrorism or extremism information, telecommunication operators and Internet service providers should immediately stop the transmission of such information, retain the records as evidence, delete such information, and report the incident to the public security authority or other relevant government authorities.

3.    Verification of users' IDs

Service providers of various industries (including telecommunication and Internet service) must verify the true identity of the users/customers before they can provide any services to such users/customers. 

Detailed implementation rules of the Law are expected to be issued in the coming year to provide further guidance on the practical issues, as among them types of "technological interface," the definition of "terrorism and extremism information," and information/documents requested for ID verification. 

It is advised that service providers in the telecommunication and Internet sectors take into account the above-mentioned statutory requirements when providing services, and take the necessary steps to ensure you are in compliance with the Law.

Find out more about these changes by contacting the authors.