Network operators and key information infrastructure operators who fail to fulfill their network security protection obligations will be punished as follows:
1. The public security organ shall order the network operators who refuse to implement the technical measures for security protection to make corrections and give them a warning; Those who refuse to correct or lead to the consequences of endangering network security shall be fined 1 10,000 yuan or more110,000 yuan or less, and the directly responsible person in charge shall be fined 5,000 yuan or more and 50,000 yuan or less;
2. The public security organ shall order the network operators who intentionally destroy the technical measures of security protection or hinder their normal functions to make corrections within a time limit and give them a warning. Illegal income, confiscate the illegal income; If no correction is made within the time limit, the person in charge of the unit and other directly responsible personnel may be fined up to 5,000 yuan, and the unit may be fined up to 15,000 yuan; If the circumstances are serious, it may be punished to stop networking or suspend business for rectification within six months, and if necessary, it may suggest that the original license issuing and examination and approval authority revoke its business license or cancel its networking qualification;
3. For telecom operators and Internet service providers who fail to implement the network security, information content supervision system and security technology preventive measures, resulting in information dissemination containing terrorism and extremism, and the circumstances are serious, the competent department shall impose a fine of more than 200,000 yuan and less than 500,000 yuan, and the directly responsible person in charge and other directly responsible personnel shall impose a fine of less than 100,000 yuan; If the circumstances are serious, a fine of more than 500,000 yuan shall be imposed, and a fine of more than 100,000 yuan and less than 500,000 yuan shall be imposed on the directly responsible person in charge and other directly responsible personnel. The public security organ may detain the directly responsible person in charge and other directly responsible personnel for more than five days and less than fifteen days.
Legal basis: Article 21 of the Cyber Security Law of the People's Republic of China.
The state implements a network security level protection system. Network operators shall, in accordance with the requirements of the network security level protection system, perform the following security protection obligations, protect the network from interference, destruction or unauthorized access, and prevent network data from being leaked, stolen or tampered with:
(a) to formulate internal security management systems and operating procedures, determine the person in charge of network security, and implement the responsibility of network security protection;
(two) to take technical measures to prevent computer viruses and network attacks, network intrusion and other acts that endanger network security;
(three) to take technical measures to monitor and record the network operation status and network security incidents, and keep the relevant network logs for not less than six months in accordance with the regulations;
(four) take measures such as data classification, important data backup and encryption;
(5) Other obligations stipulated by laws and administrative regulations.
Article 22
Network products and services shall meet the mandatory requirements of relevant national standards. Providers of network products and services shall not set up malicious programs; When it is found that there are risks such as security defects and loopholes in its network products and services, it shall immediately take remedial measures, inform users in a timely manner according to regulations, and report to the relevant competent departments.
Network products and service providers should provide continuous security maintenance for their products and services; The provision of safety maintenance shall not be terminated within the time limit stipulated or agreed by both parties.
If a network product or service has the function of collecting user information, its provider shall express it to the user and obtain consent; Where personal information of users is involved, the provisions of this law and relevant laws and administrative regulations on the protection of personal information shall also be observed.
Article 84 of the Anti-Terrorism Law of People's Republic of China (PRC).
Telecom business operators and Internet service providers are under any of the following circumstances, and the competent department shall impose a fine of more than 200,000 yuan and less than 500,000 yuan, and the directly responsible person in charge and other directly responsible personnel shall impose a fine of less than 100,000 yuan; If the circumstances are serious, a fine of more than 500,000 yuan shall be imposed, and a fine of more than 100,000 yuan and less than 500,000 yuan shall be imposed on the directly responsible person in charge and other directly responsible personnel. The public security organ may detain the directly responsible person in charge and other directly responsible personnel for more than five days and less than fifteen days.
(1) Failing to provide technical support and assistance such as technical interface and decryption for public security organs and state security organs to prevent and investigate terrorist activities according to law;
(2) Failing to stop spreading or deleting information containing terrorism and extremism as required by the competent authorities, keeping relevant records, closing related websites or closing related services;
(3) Failure to implement the network security, information content supervision system and security technology preventive measures, which leads to the dissemination of information containing terrorism and extremism, and the circumstances are serious.