Chapter III Network Operation Security
Article 23
Translation Notice
This is an unofficial English translation prepared for general informational purposes only. It does not constitute legal advice. In case of any discrepancy, the official Chinese text published by the competent authority shall prevail.
本文为非官方英文翻译,仅供一般信息参考,不构成法律意见。如与主管机关发布的中文正式文本不一致,以中文正式文本为准。
Chinese Original
第二十三条 国家实行网络安全等级保护制度。网络运营者应当按照网络安全等级保护制度的要求,履行下列安全保护义务,保障网络免受干扰、破坏或者未经授权的访问,防止网络数据泄露或者被窃取、篡改: (一)制定内部安全管理制度和操作规程,确定网络安全负责人,落实网络安全保护责任; (二)采取防范计算机病毒和网络攻击、网络侵入等危害网络安全行为的技术措施; (三)采取监测、记录网络运行状态、网络安全事件的技术措施,并按照规定留存相关的网络日志不少于六个月; (四)采取数据分类、重要数据备份和加密等措施; (五)法律、行政法规规定的其他义务。
English Translation
The State implements a cybersecurity classified protection system. Network operators shall, in accordance with the requirements of the cybersecurity classified protection system, perform the following security protection obligations to safeguard networks from interference, destruction, or unauthorized access, and to prevent network data from being leaked, stolen, or tampered with: (1) formulate internal security management systems and operating procedures, designate cybersecurity responsible persons, and implement cybersecurity protection responsibilities; (2) take technical measures to prevent computer viruses, network attacks, network intrusions, and other conduct that endangers cybersecurity; (3) take technical measures to monitor and record network operation status and cybersecurity incidents, and retain relevant network logs for not less than six months in accordance with regulations; (4) take measures such as data classification, backup of important data, and encryption; and (5) perform other obligations provided by laws and administrative regulations.
Free web reference version. Editable bilingual Word/PDF/Excel packages may be provided separately after editorial review.