A trio of China’s top regulatory bodies on Tuesday jointly published new rules aimed at patching up vulnerabilities that threaten businesses and consumers within the online ecosystem.
Due to be implemented on September 1, the regulation will target internet “loopholes” that pose potential risks to cybersecurity and can be viewed as part of Beijing’s wider efforts to tame the wide-ranging domestic digital space.
The legislation, issued by the Ministry of Industry and Information Technology, the Cyberspace Administration of China and the Ministry of Public Security, explicitly bans individuals and firms from collecting, publishing or selling information regarding certain internet vulnerabilities that could be exploited for personal or institutional gain.
Article 9 states that netizens “must not use network product security vulnerabilities to conduct unrestrained hype or engage in fraud, extortion and other illegal and criminal activities”. The article also goes on to forbid the unauthorized publishing of information about such issues during major national events.
At the core of the decision is a debate weighing companies’ responsibility to ensure their digital services are airtight against consumers’ duty to refrain from taking unfair advantage of the loopholes once uncovered.
In May, a court in Shanghai sentenced five university students to jail for varying lengths of time after their involvement in a 2018 scheme that enabled them to obtain more than 200,000 yuan ($30,900) in free food from the American fast-food chain KFC. In what later become a high-profile scandal, the students used two separate mobile apps to reimburse themselves for food purchases with digital coupons, going so far as to resell the discounts to others for personal profit.
In its decision, the Shanghai court likened the defendants’ behavior to taking money from a malfunctioning ATM – an illegal action amounting to fraud and subject to full legal prosecution.
In line with the court’s verdict, Tuesday’s move by the three regulatory bodies emphasizes the role consumers must play in mitigating potential threats to network security caused by inadvertent flaws in software or digital product design.
Recent years have seen a series of gradual developments in what now amounts to an expansive attempt by China’s authorities to enhance its governance in the realm of online personal and financial data, with possibly profound ramifications for the country’s domestic tech giants.