Order No. 43 of the Ministry of Industry and Information Technology

China Internet Domain Name Regulations, as deliberated and adopted at the 32nd executive meeting of the Ministry of Industry and Information Technology on August 16, 2017, are hereby issued and shall come into force on November 1, 2017. China Internet Domain Name Regulations (Order No. 30, former Ministry of Information Industry) issued by the former Ministry of Information Industry on November 5, 2004 shall be repealed concurrently.

Minister: Miao Wei

August 24, 2017

China Internet Domain Name Regulations

Chapter I General Provisions

Article 1.To regulateInternet domain name services, protect users' legitimate rights and interests, guarantee the safe and reliable operation of the Internet domain name system, promote the development and application of Chinese domain names and top-level domain names of the state, and promote the healthy development of China's Internet, China Internet Domain Name Regulations(hereafter the Regulations)is developed in accordance with Administrative License Law of the People's Republic of China and theDecision of the State Council on Establishing Administrative Licensing for the Administrative Approval Items Really Necessary to Be Retained and other provisions and by reference to the international rules on the administration of Internet domain names.

Article 2.Whoever engages in Internet domain name services and its operation and maintenance, supervision and administration and other related activities within the territory of the People's Republic of China shall abide by the Regulations.

For the purpose of theRegulations, “Internet domain name services (hereinafter referred to as “domain name services”)” means the operation and management of domain name root servers, operation and management of top-level domain names, domain name registration, domain name resolution and other activities.

Article 3.The Ministry of Industry and Information Technology is responsible for the supervision and administration of the domain name services in China. Its major functions and responsibility are as follows:

(1) formulatingthe regulations and policies concerning the administration of the Internet domain names;

(2) establishingthe Internet Domain Names Systemof Chinaand domain name development planning;

(3) administeringthe domain name root server operating institutionand the domain name registrywithin the territory of China;

(4) administeringthe network and information security management of the domain name system;

(5) protectingusers' personal information and legitimate rights and interests in accordance with the law;

(6) beingin charge of the international coordination regarding domain names;

(7) administeringthe domain name resolution services within the territory of China;

(8) administeringother activities related to domain name services.

Article 4. The communications administrations of all provinces, autonomous regions and municipalities directly under the central government areresponsible forthe supervisionand administration of the domain name services within their respective administrative regions.Theirmajor functions and responsibility are as follows:

(1) implementingthe domain name administration laws, administrative regulations, rules and policies;

(2) administering the domain name registrars within their respective administrative regions;

(3) assistingthe Ministry of Industry and Information Technology in administering the domain name root server operating institution and the domain name registry within their respective administrative regions;

(4) beingin charge ofthe network and information security management of the domain name system within their respective administrative regions;

(5) protectingusers' personal information and legitimate rights and interests in accordance with the law;

(6) administeringthe domain name resolution services within their respective administrative regions;

(7) administeringother activities related to domain name services within their respective administrative regions.

Article 5. China Internet Domain Name System shall be announced by the Ministry of Industry and Information Technology. The Ministry of Industry and Information Technology may adjust China Internet domain name system.

Article 6. “.CN” and “.中国” are top-level domain names of China.

Chinese domain name is an integral part of the China Internet Domain Names System. The state shall encourage and support the technical research, spreading and application of Chinese Domain Names System.

Article 7. The provision of domain name services shall comply with the relevant laws and regulations of the state as well as the technical specifications and standards.

Article 8. No organization or individual may obstruct the safe and stable operation of the Internet domain name system.

Chapter II Domain Name Administration

Article 9. Where a domain name root server or a domain name root server operating institution, a domain name registry or a domain name registrar is to be established within the territory of China, the corresponding permit issued by the Ministry of Industry and Information Technology or the communications administration of the province, autonomous region or municipality directly under the central government (hereinafter collectively referred to as “telecommunications administration”) shall be obtained in accordance with theRegulations.

Article 10. An applicant for the establishment of a domain name root server and the formation of a root server operating institution shall meet the following conditions:

(1) thedomain name root server is established within the territory of China, and complies with the relevant planning for Internet development and the requirements for the safe and stable operation of domain name system;

(2) theapplicant is a legal person formed in accordance with the law, and the legal person and its major investors and major operation and management personnel have good credit records;

(3) the applicant has the site, capital, environment, professionals and technical capacity which can ensure the safe and reliable operation of the domain name root server and the information management system which complies with the requirements of the telecommunications administration;

(4) the applicant has sound network and information security guarantee measures, including management personnel, network and information security management system, emergency response plans and relevant technical and management measures, among others;

(5) theapplicant has the capabilities of protecting users' personal information and providing long-term services, and sound service exit mechanism;

(6) otherconditions as prescribed by laws and administrative regulations.

Article 11. An applicant for the establishment of a domain name registry shall meet the following conditions:

(1) the domain name management system is established within the territory of China, and the top-level domain names the applicant holds comply with the relevant laws and regulations and the requirements for the safe and stable operation of domain name system;

(2) theapplicant is a legal person formed in accordance with the law, and the legal person and its major investors and major operation and management personnel have good credit records;

(3) the applicant has perfect business development planning and technical proposals and the site, capital, and professionals appropriate for engaging in top-level domain name operation management and the information management system that meets the requirements of the telecommunications administration;

(4) the applicant has sound network and information security guarantee measures, including management personnel, network and information security management system, emergency response plans and relevant technical and management measures, among others;

(5) theapplicant has the capabilities of verifying real identity information, protecting users' personal information and providing long-term services, and sound service exit mechanism;

(6) theapplicant has sound domain name registration service management system and the supervision mechanism for the domain name registrar;

(7) otherconditions as prescribed by laws and administrative regulations.

Article 12. An applicant for the establishment of a domain name registrar shall meet the following conditions:

(1) theapplicant establishes the domain name registration service system, registration database and the corresponding domain name resolution system within the territory of China;

(2) theapplicant is a legal person formed in accordance with the law, and the legal person and its major investors and major operation and management personnel have good credit records;

(3) theapplicant has the site, capital, and professionals appropriate for engaging in domain name registration services and the information management system that meets the requirements of the telecommunications administration;

(4) theapplicant has the capabilities of verifying real identity information, protecting users' personal information and providing long-term services, and sound service exit mechanism;

(5) theapplicant has a sound domain name registration service management system and the supervision mechanism for domain name registration agencies;

(6) the applicant has sound network and information security guarantee measures, including management personnel, network and information security management system, emergency response plans and relevant technical and management measures, among others;

(7) otherconditions as prescribed by laws and administrative regulations.

Article 13. An applicant for the establishment of a domain name root server or a domain name root server operating institution or a domain name registry shall submit application materials to the Ministry of Industry and Information Technology. An applicant for the establishment of a domain name registrar shall submit application materials to the telecommunications administration of the province, autonomous region or municipality directly under the central government at the place where it is located.

Application materials shall include:

(1) the basic information of the applying entity and the letter of commitment to operating in good faith in accordance with the law signed by its legal representative;

(2) certification materials on conducting effective administration of domain name services, including the certification materials on the relevant system and place and service capability, management system, and agreements concluded with other institutions, among others;

(3) network and information security guarantee system and measures; and

(4) materials proving the reputation of the applying entity.

Article 14. Where application materials are complete and in statutory forms, an telecommunications administration shall issue the application acceptance notice to the applying entity; if the application materials are incomplete or fail to be in statutory forms, the telecommunications administration shall notify in writing the applying entity of all supplements and corrections at one time on the spot or within five working days; or if the application is not accepted, the telecommunications administration shall issue a notice on refusing to accept the application and give the reasons therefor.

Article 15.A telecommunications administration shall, within 20 working days of receipt of an application, complete the examination thereof, and make a decision of approval or disapproval. Where no decision can be made within 20 working days, upon approval by the person in charge of the telecommunications administration, the time limit may be extended by ten working days, and the reasons for extending the time limit shall be notified to the applying entity. Where it is necessary to organize expert demonstration, the demonstration time shall not be included in the examination period.

Where approval is granted, the corresponding permit shall be issued; or where the application is disapproved, the applying entity shall be notified in writing and the reasons therefor shall be given.

Article 16. The permit of a domain name root server operating institution, domain name registry or domain name registrar shall be valid for five years.

Article 17.Where the name, domicile, or legal representative of a domain name root server operating institution, domain name registry or domain name registrar or any other information changes, the institution shall undergo the modification formalities with the original permit issuer within 20 days from the date of the change.

Article 18. Where, during the validity period of the permit, a domain name root server operating institution, domain name registry or domain name registrar is to terminate the relevant services, it shall notify users in writing 30 days in advance, and propose feasible afterward treatment plan, and submit a written application to the original permit issuer.

The original permit issuer shall, after receiving the application, publish it for 30 days. Within 60 days after the ending of the publication period, the original permit issuer shall complete the examination and make a decision.

Article 19. Where, after the validity period of a permit expires, an institution needs to continue engaging in domain name services, it shall apply to the original permit issuer for the renewal thereof 90 days in advance; or where it will not continue engaging domain name services, it shall report to the original permit issuer 90 days in advance and effectively conduct the afterward work.

Article 20. Where a domain name registrar authorizes a domain name registration agency to conduct market sales or any other work, it shall supervise and administer the work of the domain name registration agency.

A domain name registration agency shall, when being authorized to conduct market sales or any other work, take the initiative to show the agency relationship, and explicitly indicate the name and agency relationship of the relevant domain name registrar in the domain name registration service contract.

Article 21. A domain name registry and a domain name registrar shall establish the corresponding emergency response backup system and regular backup domain name registration data within the territory of China.

Article 22. A domain name root server operating institution, domain name registry or domain name registrar shall explicitly indicate the relevant information on its permit on the homepage of its website or at the conspicuous place of its business place. A domain name registry shall also indicate the list of the domain name registrars which cooperate with it.

A domain name registration agency shall indicate the name of the domain name registrar of which it acts as an agent on the homepage of its website or at the conspicuous place of its business place.

Chapter III Domain Name Services

Article 23. A domain name root server operating institution, domain name registry or domain name registrar shall provide users with safe, convenient and stable services.

Article 24. A domain name registry shall, in accordance with the Regulations, formulateand publicly disclose the detailed rules for the implementation of domain name registration.

Article 25. A domain name registry shall provide domain name registration services through the domain name registrar authorized by the telecommunications administration.

A domain name registrar shall provide services according to the domain name registration service items authorized by the telecommunications administration, and shall not provide domain name registration services for the domain name registry unauthorized by the telecommunications administration.

Article 26. Domain name registration services shall, in principle, be subject to the principle of “apply first, register first,” except as otherwise provided for by the corresponding detailed rules for the implementation of domain name registration.

Article 27. To safeguard national interests and public interests, a domain name registry shall establish the reserved word system for domain name registration.

Article 28.Any of the following contents shall not be included in any domain name registered and used by any organization or individual:

(1)thosethat are against the basic principles prescribed in the Constitution;

(2)thosejeopardize national security, leak state secrets, intend to overturn the government, or disrupt of state integrity;

(3)thoseharm national honor and national interests;

(4)thoseinstigate hostility or discrimination between different nationalities, or disrupt the national solidarity;

(5)thoseviolate the state religion policies or propagate cult and feudal superstition;

(6)thosespread rumors, disturb public order or disrupt social stability;

(7)thosespread pornography, obscenity, gambling, violence, homicide, terror or instigate crimes;

(8)thoseinsult, libel against others and infringe other people's legal rights and interests; or

(9)othercontents prohibited in laws, rules and administrative regulations.

No domain name registry or domain name registrar may provide services for domain names that contain contents as listed in the preceding paragraph.

Article 29. No domain name registrar may require any other party to register any domain name by taking such improper means as fraud or duress.

Article 30. A domain name registrar shall, in the process of providing domain name registration services, require an applicant for the registration of a domain name to provide authentic, accurate and complete identity information on the holder of the domain name and other domain name registration information.

A domain name registry or domain name registrar shall verify the authenticity and completeness of the domain name registration information.

Where the domain name registration information provided by an applicant for the registration of a domain name is inaccurate or incomplete, the domain name registrar shall require the applicant to make supplements and corrections. Where the applicant fails to make supplements and corrections or provides unauthentic domain name registration information, the domain name registrar shall not provide domain name registration services for it or him.

Article 31. A domain name registrar shall publicize the contents, time limit and fees of domain name registration services, guarantee service quality, and provide public consulting services for domain name registration information.

Article 32. A domain name registry or domain name registrar shall store and protect users' personal information in accordance with the law. No domain name registry or domain name registrar may offer any user's personal information to any other party without the consent of the user, except as otherwise provided for by any law or administrative regulation.

Article 33. Where the contact information of a domain name holder or any other information changes, it or he shall undergo the formalities for the change of domain name registration information with the domain name registrar within 30 days after the change.

Where the domain name holder transfers the domain name to any other party, the transferee shall comply with the relevant requirements for domain name registration.

Article 34. A domain name holder shall have the right to select or change the domain name registrar. If the domain name holder changes the domain name registrar, the original domain name registrar shall assist the domain name holder in transferring the relevant domain name registration information.

No domain name registrar may obstruct any domain name holder from changing the domain name registrar without a good reason.

Where the resolution of a domain name is required to be stopped by a telecommunications administration in accordance with the law, the domain name registrar shall not be changed.

Article 35. A domain name registry or domain name registrar shall establish a complaint acceptance mechanism, and publish the ways of accepting complaints on the homepage of its website or at the conspicuous place of its business place.

A domain name registry or domain name registrar shall handle complaints in a timely manner; and where a complaint cannot be handled in a timely manner, it shall give the reasons therefor and the time limit for the handling thereof.

Article 36. Whoever provides domain name resolution services shall abide by the relevant laws, regulations and standards, have the corresponding technologies and services and network and information security guarantee capabilities, implement network and information security guarantee measures, record and retain in accordance with the law domain name resolution log, maintenance log and change records, guarantee the quality of resolution services and the security of the resolution system. Where the operation of telecommunications business is involved, the telecommunications business permit shall be obtained in accordance with the law.

Article 37. When domain name resolution services are provided, no resolution information may be tampered with without authorization.

No organization or individual may maliciously point domain name resolution to IP address of any other party.

Article 38. When domain name resolution services are provided, no domain name skip may be provided for a domain name that contains the contents as listed in Article 28.1 of the Regulations.

Article 39. The domain names used by those engaging in Internet information services shall comply with laws and regulations and the relevant provisions of telecommunications administrations, and no domain name may be used to commit any illegal act.

Article 40. A domain name registry or domain name registrar shall support the inspection conducted by the relevant departments of the state in accordance with the law, and terminate the resolution of or take any other disposal measure against the domain names involving illegal acts in accordance with the requirements of the telecommunications administration.

Where a domain name registry or domain name registrar finds any domain name for which it provides services issues or transmits any information whose issuance or transmission is prohibited by any law or administrative regulation, it shall cancel or terminate the resolution of or take any other disposal measure against such information immediately to prevent the information from spreading, preserve relevant records, and report it to the competent department.

Article 41. Domain name root server operating institutions, domain name registries and domain name registrars shall comply with the relevant laws, regulations and standards of the state, implement network and information security guarantee measures, configure necessary network communications emergency equipment, and establish and improve network and information security monitoring technological means and emergency response system. Where any network and information security incident occurs to the domain name system, it shall be reported to the telecommunications administration within 24 hours.

For the needs of national security and disposal of emergencies, domain name root server operating institutions, domain name registries and domain name registrars shall subject themselves to the unified command and coordination of telecommunications administrations, and abide by the administrative requirements of telecommunications administrations.

Article 42. Where any organization or individual deems that the domain name registered or used by any other party infringes upon its or his legitimate rights and interests, it or he may apply to the domain name dispute resolution institution for arbitration orfile a lawsuit with the people's court in accordance with the law.

Article 43. If a registered domain name falls under any of the following circumstances, the domain name registrar shall cancel it, and notify the holder of the domain name:

(1) thedomain name holder applies for the cancellation of the domain name;

(2) thedomain name holder submits false domain name registration information;

(3) thedomain name shall be cancelled according to the judgment of the people's court or the arbitral award of domain name dispute resolution institution;

(4) anyother circumstance that the domain name shall be cancelled in accordance with any law or administrative regulation.

Chapter IV Supervision and Inspection

Article 44. Telecommunications administrations shall strengthen the supervision and inspection of domain name services. Domain name root server operating institutions, domain name registries and domain name registrars shall accept and support the supervision and inspection conducted by telecommunications administrations.

The domain name service industry shall be encouraged to conduct self-discipline management, and the public shall be encouraged to supervise domain name services.

Article 45. Domain name root server operating institutions, domain name registries and domain name registrars shall, in accordance with the requirements of telecommunications administrations, submit on a regular basis the information on business implementation, safe operation, implementation of network and information security responsibilities, and the handling of complaints and disputes, among others.

Article 46. When a telecommunications administration conducts supervision and inspection, it shall examine the materials submitted by a domain name root server operating institution or domain name registry or domain name registrar, and inspect its implementation of laws and regulations and the relevant provisions of the telecommunications administration.

A telecommunications administration may authorize a third-party professional institution to conduct the relevant supervision and inspection activities.

Article 47. A telecommunications administration shall establish the credit record system for domain name root server operating institutions, domain name registries and domain name registrars, and record their violations of the Regulations that have been subject to administrative punishments into credit archives.

Article 48. The supervision and inspection conducted by telecommunications administrations shall not obstruct the normal operation and service activities of domain name root server operating institutions, domain name registries and domain name registrars, and may not charge any fees nor disclose the domain name registration information to which they have access.

Chapter V Penalty Provisions

Article 49. Where a domain name root server operating institution, domain name registry or domain name registrar is established without permission in violation of the provisions of Article 9 of the Regulations, the telecommunications administration shall, in accordance with the provisions of Article 81 of the Administrative License Law of the People's Republic of China, take measures to stop the act, and, in light of the seriousness of the circumstances, give the violator a warning or impose a fine of not less than RMB 10,000 Yuan nor more than RMB 30,000 Yuan thereon.

Article 50. Where a domain name registry or domain name registrar, in violation of the provisions of the Regulations, conducts any of the following acts, the telecommunications administration shall, according to its functions, order it to take corrective action within a prescribed time limit, and, in light of the seriousness of the circumstances, impose a fine of not less than RMB 10,000 Yuan nor more than RMB 30,000 Yuan thereon, and announce to the public:

(1) it provides domain name registration services for any unauthorized domain name registry without permission, or provides domain name registration services through an unauthorized domain service registrar;

(2) itfails to provide services according to the authorized domain name registration service items;

(3) itfails to verify the authenticity and completeness of the domain name registration information;

(4) itprevents any domain name holder from changing the domain name registrar without a good reason.

Article 51. Where a provider of domain name resolution services, in violation of the provisions of the Regulations, conducts any of the following acts, the telecommunications administration shall order it to take corrective action within a prescribed time limit, and may, in light of the seriousness of the circumstances, impose a fine of not less than RMB 10,000 Yuan nor more than RMB 30,000 Yuan thereon, and announce to the public:

(1) tamperingwith domain name resolution information without authorization or maliciously point domain name resolution to the IP address of any other party;

(2) providingdomain name skip for a domain name that contains the contents as listed in Article 28.1 of the Regulations;

(3) failingto implement network and information security guarantee measures;

(4) failingto record and keep the domain name resolution log, maintenance log or change records in accordance with the law;

(5) failingto dispose of a domain name involving any illegal act as required.

Article 52. Where the provisions of Article 17, Article 18.1, Article 21, Article 22, Article 28.2, Article 29, Article 31, Article 32, Article 35.1, Article 40.2, or Article 41 are violated, a telecommunications administration shall, according to its functions, order the violator to take corrective action within a prescribed time limit, and may impose a fine of not less than RMB 10,000 Yuan nor more than RMB 30,000 Yuan thereon, and make an announcement to the public.

Article 53. Where any law or administrative regulation otherwise provides for the punishment on any relevant violation of laws, the provisions of the relevant law or administrative regulation shall prevail.

Article 54. Where any organization or individual registers or uses any domain name in violation of the provisions of Article 28.1 of the Regulations, which constitutes a crime, it or he shall be subject to criminal liability in accordance with the law; or if the act does not constitute a crime, it or he shall be punished by the relevant department in accordance with the law.

Chapter VI Supplementary Provisions

Article 55.The definitions of the following terms mentioned in the Regulations are as follows:

(1) domainname refers tothe character identification of hierarchical structure, which identifies and locates a computer on the Internet and corresponds to the IP address of that computer;

(2) Chinese domain name refers to the domain name containing Chinese characters;

(3) top-level domain name (TLD) refers to the name of the first level domain under the root node in the domain name system;

(4) domainname root server refers to the server that bears the function of root nodes in the domain name system (including a mirror image server);

(5) domainname root server operating institutionrefers to the institution that obtains a permit in accordance with the law, and operates, maintains and administers the domain name root servers;

(6) domainname registry refers to the administrative institution that obtains a permit in accordance with the law, and is responsible for operating, maintaining and managing top-level domain names;

(7) domainname registrar refers to the institution that obtains a permit in accordance with the law, accepts an application for the registration of domain names, and completes the registration of any domain name in top-level domain name database;

(8) domainname registration agency refers to an institution that is authorized by a domain name registrar to accept an application for the registration of domain names, and indirectly completes the registration of any domain name in top-level domain name database;

(9)domain name management system refers tothe main information systems needed by a domain name registry for conducting the operation and management of top-level domain names within the territory of China, including registration management system, registration database, domain name resolution system, domain name information inquiry system, and identity information verification system, among others;

(10) domain name skip refers to the skip, when visiting a domain name, to any other domain name, IP address or network information system, among others, bound or pointed to by the domain name.

Article 56. For the purpose of the Regulations, “days” means natural days, except that they are specified as working days.

Article 57. Whoever fails to provide domain name services with a corresponding permit before the implementation of the Regulations shall undergo the licensing formalities in accordance with the provisions of theRegulations within 12 months from the date when the Regulations come into force.

Where a domain name root server operating institution, domain name registry or domain name registrar has obtained a permit before the implementation of theRegulations, the valid period of its permit shall be governed by the provisions of Article 16 of the Regulations, and start from the date when the Regulations come into force.

Article 58. The Regulations shall come into force on November 1, 2017. China Internet Domain Name Regulations(Order No. 30, the former Ministry of Information Industry) issued on November 5, 2004 shall be repealed concurrently. For any discrepancy between the Regulations and the relevant provisions issued before the implementation of the Regulations, the Regulations shall prevail.