A.Information service

On June 6, 2023, the Cyberspace Administration of China issued a notice to solicit public opinions on the "Regulations on the Administration of Information Services for Proximity Ad Hoc Networks (Draft for Comment)" (the "Regulations").

The "Regulations" clarify that short-distance ad hoc network information services refer to the use of Bluetooth, Wi-Fi and other information technologies to establish networks in close proximity and provide services for publishing and receiving information. The "Regulations" emphasize that short-distance ad hoc network information service providers should deal with illegal information in accordance with the law, prevent and resist the spread of bad information, keep relevant records, and report to relevant competent departments such as network information. Proximity ad hoc network information service users are not allowed to use the service to release or forward illegal information; they should prevent and resist the production, copying, and publishing of bad information; if they receive illegal or bad information, they must not forward it, and have the right to report to relevant supervisors such as Netcom Departmental complaints, reports, etc.

On April 11, 2023, China Netcom published the "Notice of the State Internet Information Office on Public Comments on the Administrative Measures for Generative Artificial Intelligence Services (Draft for Comment)" (the "Measures").

The "Measures" apply to entities that develop and use generative artificial intelligence products to provide services to the public in China, and emphasize that the provision of generative artificial intelligence products or services should meet the requirements of ideology, intellectual property rights, information security, and fair competition. The "Measures" clarify that the main body that uses generative artificial intelligence to provide services shall bear the responsibility of the content producer and the personal information processor (if involved); Filing and modification, cancellation of filing procedures. The "Measures" also emphasize that service providers are obliged to protect the user's input information and use records, and shall not illegally retain input information that can infer the user's identity, shall not make portraits based on user input information and usage conditions, and shall not provide other users with user input information. Information; do not generate discriminatory content based on the user's race, country, gender, etc. Providers who violate the provisions of these measures shall be punished by the network information department and relevant competent departments to give warnings, circulate criticisms, and order corrections within a time limit.

B. Cyber Security

On April 17, 2023, China Netcom published the "Announcement on Adjusting Matters Concerning the Safety Management of Special Network Security Products" (the "Announcement") to strengthen the safety management of special network security products and promote the exchange of security certification and security testing results. To avoid repeated certification and testing.

The "Announcement" clarifies four items: (1) From July 1, 2023, the special network security products listed in the "Catalogue of Key Network Equipment and Special Network Security Products" shall be certified by qualified institutions or have passed the safety inspection. May be sold or offered upon request. (2) From July 1, 2023, the issuance of the "Sales License for Special Products for Computer Information System Security" will be stopped, and product producers do not need to apply for it. (3) From July 1, 2023, the implementation of the "Announcement on Adjusting the Implementation Requirements for Compulsory Certification of Information Security Products" and "The Ministry of Finance, Ministry of Industry and Information Technology, General Administration of Quality Supervision, Inspection and Quarantine Commission on Government Procurement of Information Security Products" will be suspended from July 1, 2023. announcement of". (4) The Cyberspace Administration of China will work with the Ministry of Industry and Information Technology, the Ministry of Public Security, and the Certification and Accreditation Administration to publish and update the list of key network equipment and special network security products that meet the requirements, for public inquiry and use.

C.Information/Data Security

On May 6, 2023, the Ministry of Transport announced the "Administrative Measures for the Security Protection of Highway and Waterway Key Information Infrastructure", which will be implemented from June 1, 2023.

The "Measures" apply to the safety protection, supervision and management of key information infrastructure of highways and waterways, clarify the identification of key information infrastructure of highways and waterways and the responsibilities of operators, and stipulate the key information basis of new construction, reconstruction, expansion or upgrading of roads and waterways by operators facilities, the security protection measures shall be planned, constructed and used simultaneously with the key information infrastructure of highways and waterways. In addition, it also clarifies the responsibilities and obligations of operators in terms of institutional setup, staffing, funding guarantee, product and service procurement, security testing and risk assessment, as well as data protection, password application, confidentiality management, education and training, etc. In terms of planning, monitoring and early warning, emergency plans, and information security, the guarantee and supervision responsibilities of the transportation department are emphasized.

On May 5, 2023, the National Security Standards Committee released the "Information Security Technology Data Security Evaluation Institution Capability Requirements" draft for comments ("Requirements").

The "Requirements" point out that the requirements for data security assessment organization capabilities are composed of five parts: basic organization requirements, assessment management capabilities, assessment technical capabilities, assessment personnel capabilities, and assessment resource requirements. The basic requirements of the organization include basic conditions, evaluation work basis, impartiality and independence; evaluation management capabilities include implementation management, security and confidentiality and personnel management, normative management, risk control, and evaluation of business continuity assurance management; evaluation technical capabilities include data security risks Assessment technical capabilities, personal information protection impact assessment technical capabilities, and data export security assessment technical capabilities; assessment personnel capabilities include assessment team composition, personnel capabilities; assessment resource requirements include sites and environments, equipment and facilities. The "Requirements" clarifies the specific content of five parts of capabilities and requirements.

On May 23, 2023, the National Standardization Administration and the State Administration for Market Regulation jointly issued the "Information Security Technology - Implementation Guidelines for Notification and Consent in the Processing of Personal Information" ("Implementation Guidelines")

The "Implementation Guidelines" are applicable to personal information processors conducting personal information processing activities, and can also provide reference for supervision, inspection, evaluation and other activities. The main content of the "Practice Guidelines" includes the applicable circumstances and basic principles of notification and consent, the method, content and implementation of notification, the choice of consent mechanism and individual consent, written consent, refusal of consent, withdrawal of consent and retention of evidence. The processor informs the individual of the processing rules, implementation methods and steps for obtaining the individual's consent.

On May 23, 2023, the National Standardization Administration and the State Administration for Market Regulation jointly issued the "Information Security Technology Mobile Internet Application (App) Personal Information Security Evaluation Specification" ("Specification"), December 1, 2023 officially implemented.

The "Specifications" are applicable to guide third-party evaluation agencies to evaluate the personal information security of mobile Internet applications, and supervisory authorities to supervise and manage personal information security of mobile Internet applications. When mobile Internet application operators conduct personal information security self-assessment Refer to the implementation. The "Specification" stipulates the evaluation process for personal information security evaluation of mobile Internet applications based on GB/T35273-2020 and the methods for evaluating various security requirements.

On May 23, 2023, the National Standards Committee approved the release of the "Information Security Technology Cloud Computing Service Security Guidelines" and "Information Security Technology Cloud Computing Service Security Capability Requirements", (“Guidelines”, “Requirements”), December 2023 It will be officially implemented on the 1st.

The "Guidelines" and "Information Security Technology Cloud Computing Service Security Capability Requirements" constitute the basic documents for cloud computing service security management. The "Guide" proposes security management and technical measures for customers when using cloud computing services, guides customers to do a good job in the early analysis and planning of cloud computing services, selects appropriate cloud service providers and deployment models, and supervises the operation of cloud computing services , to avoid the security risks of quitting cloud computing services or changing cloud service providers. The "Requirements" are aimed at cloud service providers and specify the security capabilities that cloud service providers should possess when providing cloud computing services.

On May 30, 2023, the Cyberspace Administration of China issued the "Guidelines for the Recordation of Standard Contracts for Export of Personal Information (First Edition)" ("Guidelines").

The "Guidelines" clarifies the situations in which personal information processors provide personal information overseas by means of signing standard contracts, defines the circumstances of personal information export behaviors, and emphasizes that personal information processors must not use methods such as splitting the number, and will Personal information for security assessment is provided overseas by signing a standard contract. In addition, the "Guidelines" clearly state that personal information processors shall, within 10 working days from the effective date of the standard contract, file with the local provincial Cyberspace Administration of China by delivering written materials and attaching an electronic version of the materials. The filing process Including material submission, material inspection and feedback on filing results, supplementation or re-filing, etc. The "Guide" is accompanied by templates and documents such as the requirements for the recordation materials of the standard contract for the export of personal information, the power of attorney (template) of the handler, and the standard contract (template) for the export of personal information.

On May 26, 2023, the National Security Standards Committee officially released the "Guidelines for the Practice of Network Security Standards-Guidelines for the Implementation of Network Data Security Risk Assessment" ("Guidelines") to guide the development of network data security risk assessment work.

The "Practice Guidelines" are applicable to guide data processors and third-party organizations to carry out risk assessments, and can also provide reference for relevant competent regulatory authorities to organize data security inspections and assessments. The "Practice Guide" clarifies the assessment ideas, work process and assessment content of network data security risk assessment, and proposes a data security risk assessment process, which mainly includes five stages: assessment preparation, information research, risk identification, comprehensive analysis, and assessment summary. Assess security risks in terms of data security management, data processing activities, data security technology, and personal information protection.

D.Internet Crime

On June 9, 2023, the Supreme People's Court issued the "Guiding Opinions of the Supreme People's Court, the Supreme People's Procuratorate, and the Ministry of Public Security on Legally Punishing Cyber Violence and Crimes (Draft for Comment)" ("Opinions").

The "Opinions" pointed out that to punish online defamation, online insults, violations of citizens' personal information, offline nuisance, malicious marketing and speculation through cyber violence, and illegal and criminal cyber violence, the following situations Violent crimes should be severely punished: targeting minors and disabled persons; organizing "naval armies" and "thugs" to implement; fabricating "sexual" topics to infringe on the personal dignity of others; using "deep synthesis" technology to publish illegal or Bad information, which violates public order, good customs, ethics and morals; initiated and organized by network service providers.

On April 4, 2023, the website of the Ministry of Science and Technology published the "Announcement on Publicly Soliciting Opinions on the Measures for the Review of Science and Technology Ethics (Trial Implementation)" (the "Measures").

The "Measures" stipulate that scientific and technological activities involving humans (including tests, surveys, observational studies, etc. involving humans as research participants, and involving the use of human genes, human embryos, human biological samples, personal information, etc.), scientific and technological activities involving experimental animals Activities, as well as scientific and technological activities that do not directly involve humans or experimental animals, but may pose ethical risk challenges in terms of life and health, ecological environment, public order, sustainable development, etc., shall be reviewed in accordance with these Measures for scientific and technological ethics. The "Measures" clarify that colleges and universities, scientific research institutions, medical and health institutions, and enterprises are the main bodies responsible for the management of scientific and technological ethics review. If the research content involves sensitive areas of scientific and technological ethics, a scientific and technological ethics (review) committee should be established. In addition, the "Measures" also classifies and stipulates the review procedures and supervision and management.

On June 27, 2023, the website of the Ministry of Industry and Information Technology announced the "Regulations of the People's Republic of China on Radio Frequency Allocation" ("Regulations"), which will come into effect on July 1.

The "Regulations" clearly apply to the development, production, import, sales, testing and installation of various radio equipment within the territory. It is divided into three chapters to stipulate the terms and definitions of radio management, technical characteristics of radio stations, and regulations on radio frequency allocation. The three appendices are the frequency tolerance of the transmitter, the emission power limit requirements of the transmitting equipment in the spurious domain, the emission identification and the necessary bandwidth. In this revision, the Ministry of Industry and Information Technology took the lead in allocating all or part of the 6425-7125MHz frequency band for IMT (International Mobile Telecommunications, including 5G/6G) systems in the world, which is conducive to stabilizing 5G/6G industry expectations and promoting 5G/6G spectrum resources. The regional division is consistent, providing the necessary mid-band frequency resources for the development of 5G/6G.

On May 30, 2023, the website of the Ministry of Industry and Information Technology announced the "Notice on Printing and Distributing Interim Regulations on Radio Management of Wireless Charging (Power Transmission) Equipment" ("Interim Regulations"), which will come into effect on September 1, 2024.

The "Interim Regulations" aim to regulate the use of wireless charging (power transmission) (hereinafter referred to as wireless charging) equipment, avoid harmful interference to various legally carried out radio services, maintain the order of air waves, and promote the development of the wireless charging industry. The "Interim Regulations" clearly apply to the production or import of wireless charging equipment for mobile communication terminals, wireless charging equipment for portable consumer electronics (hereinafter referred to as mobile and portable wireless charging equipment), and electric vehicles (including motorcycles) for domestic sale and use. Wireless charging devices. The production or import of wireless charging equipment for domestic sale and use does not require radio frequency use licenses, radio station licenses, and radio transmission equipment model approval, but it should comply with laws and regulations, national standards, and national regulations on product quality, electromagnetic radiation, and electrical safety. Regulations on radio management.

On May 23, 2023, the Ministry of Housing and Urban-Rural Development announced the "Specifications for Urban and Rural Historical and Cultural Protection and Utilization Projects" (the "Specifications"), which will be implemented from December 1, 2023.

The "Specification" is a mandatory engineering construction specification, and all provisions must be strictly implemented. The "Specifications" clearly stipulate the protection requirements for five types of protection objects: famous historical and cultural cities, famous historical and cultural towns and villages, historical and cultural blocks, historical areas, and historical buildings.

On April 13, 2023, the website of the Ministry of Culture and Tourism published the "Announcement on Publicly Soliciting Opinions on the Interim Regulations on Script Entertainment Management (Draft for Comment)" (the "Regulations").

The "Regulations" stipulate content management and minor protection, script and venue filing, supervision and management, etc. The "Regulations" divide scripted entertainment business units into exclusive scripted entertainment business sites and mixed non-scripted entertainment business sites, set "ten prohibitions on content", and stipulate the time and activity restrictions for the acceptance of minors. At the same time, the "Regulations" make it clear that script creation and production entities and script entertainment business units should establish a content self-examination system, equip content self-examination personnel suitable for their business, and hire experts to make review opinions on the age range and content of scripts. All should be filed, and scripted entertainment activities should use scripts that have been filed by the main body of script creation and production.

Recently, Beijing Hyundai Motor Co., Ltd.'s data export security assessment project jointly supported by ICMA Zhilian Mobility Research Institute and Beijing Capitel Cross-border Data Technology Co., Ltd. successfully passed the approval of the State Internet Office, becoming the first system-wide inventory in the automotive field in my country. The data export security assessment case with full business declaration and approval for all scenarios marks the first implementation of my country's data export security assessment system in the automotive field in Beijing.

Beijing Hyundai was approved to export more than 300 data items, including production procurement, claim management, and global quality feedback, after being double-checked by the Beijing Cyberspace Administration of China and the State Cyberspace Administration of my country. enterprises.

On June 29, 2023, the Guangdong High Court released three typical cases of cracking down on illegal fund-raising crimes. Among them, the Yang’s fund-raising fraud case was a typical case of severely punishing illegal fund-raising using Internet platforms in accordance with the law.

Since 2016, without obtaining the relevant financial license, Yang has published a large number of false financing targets through the Internet financial service platform he established and operated, and publicized them to the public with the promise of repayment of principal and interest as bait to attract the public. invest. After Yang raised funds, he squandered a lot of funds for personal consumption, investment, gambling, etc. After auditing, the platform illegally absorbed funds from more than 10,000 investors totaling more than 700 million yuan, and the outstanding amount was more than 170 million yuan. After trial, the court held that Yang had used fraudulent means to raise funds illegally for the purpose of illegal possession by issuing false and repeated bids on the Internet platform and paying high returns as a bait to absorb funds from the public. The court sentenced Yang to life imprisonment for the crime of fund-raising fraud, deprivation of political rights for life, and confiscation of all personal property.

Recently, the Hangzhou Internet Court made a first-instance judgment on the first infringement case involving "virtual digital human beings". The copyright or neighboring rights of the virtual digital human are defined, and the ownership of the performer's right of the virtual digital human is clarified.

Mofa has comprehensively applied a number of artificial intelligence technologies to create the virtual digital human Ada and released it to the public. Later, an Internet company in Hangzhou released two videos through its Douyin account, using related video content released by Mofa, replacing relevant logos and adding marketing information for virtual digital human courses at the beginning and end of the film. Mofa Company claimed that the above-mentioned acts violated its information network dissemination rights and the information network dissemination rights of video producers and performers in video products, and constituted false publicity and unfair competition, requiring it to eliminate the impact and compensate for the loss of 500,000 yuan . An Internet company in Hangzhou argued that Mofa did not enjoy the relevant rights, its behavior did not constitute infringement, and it did not actually profit from the release of the video.

The court judged that the relevant videos using the image of Ada constitute audio-visual works and video products respectively. Mofa Company enjoys the property rights and video producer rights of the above works. The virtual digital human Ada is driven by a real person, and the voice, demeanor, and movements of the "performance" displayed by it highly restore Xu's performance. Xu, as an employee of Mofa Company, performs on-the-job performances, and Mofa Company enjoys the property rights in the performer's rights. An Internet company in Hangzhou released two videos, one of which constituted an infringement of the right of information network dissemination of audio-visual works, and the other constituted an infringement of the right of information network dissemination of art works, video producers and performers. Moreover, it has the purpose of using Douyin video and the virtual digital human Ada to conduct marketing, which directly damages the commercial interests of Mofa, and constitutes an unfair competition behavior of false propaganda. In the end, the court ruled that an Internet company in Hangzhou should eliminate the influence of Mofa on its Douyin account and compensate 120,000 yuan for economic losses.

Recently, the Shanghai Yangpu District People's Court concluded an infringement case in which the drug instruction database in the "Drug Assistant" APP, a product of "Lilac Garden", was seized and used. This case is the first typical case of database protection in Yangpu.

The plaintiff in this case is the operator of the "Drug Assistant" APP, a product of "Lilac Garden", and the defendant is the operator of the "Medical Doctor Station" APP. Since the defendant provided a functional module similar to that of the plaintiff's drug instruction database, the plaintiff sued that the defendant completely copied the drug instruction database it established, resulting in the loss of users, and demanded that the defendant stop unfair competition, eliminate the impact and compensate for losses.

The court held that the drug instructions in the defendant’s software were not only basically the same as the plaintiff’s corresponding instructions in terms of drug classification and text content, but also had the same typos or pictures of drugs and prescriptions. At the same time, the defendant's software has updated more than 30,000 pieces of data within two months of its launch, but there is no evidence of data acquisition, which is unreasonable. Therefore, the defendant illegally obtained and used the plaintiff's drug instruction database, and his behavior has exceeded the limit of fair competition. At the same time, the defendant's behavior violated the plaintiff's economic interests and market competitive advantages, which constituted unfair competition. In the end, the defendant was ordered to compensate the plaintiff for economic losses and reasonable expenses totaling 310,000 yuan. After the judgment of the first instance, the defendant appealed but withdrew it in the second instance. This case is now in effect.

On May 15, 2023, the Shanghai Public Security Bureau announced the detection of the country's first money laundering crime using webcast "rewards". The case involves a new type of money laundering crime industry chain that uses webcast platforms to launder and transfer black and gray funds such as illegal fund-raising, and the amount involved is nearly 100 million yuan.

In order to transfer hidden criminal proceeds, the suspect involved in fund-raising fraud proposed to reward him with gifts in the live broadcast room of the network anchor Li and others, to increase his popularity and exposure, and to help him earn the top reward on the live broadcast platform, and asked Li A certain group of people returned the tipping money collected afterwards. After the incident was completed, part of the commission was given to Li and others as a reward. Subsequently, Li and others, knowing that the reward money was the proceeds of fund-raising fraud crimes, collected the stolen money by accepting live broadcast rewards, and laundered the reward funds through cash withdrawals, transfers, etc., to cleanse the suspects of fund-raising fraud. and transfer stolen money. From February 8 to 9, 2023, the Shanghai police arrested 21 suspects including Li and Fan.

On April 21, 2023, the Jiangsu High Court concluded the second-instance case of Tencent v. "E-sports Gang" game power leveling company. The power leveling company's appeal was rejected and it was determined that it constituted unfair competition.

It is reported that persons under the age of 18 can register and log in to Aidai's "E-sports Help God" APP, and can accept orders from adult players. It is suspected of circumventing the restrictions of the anti-addiction system and allowing minors to play games. Game and leveling. The court held that the actions of Aidai, the operator of the "E-sports Gang" APP, were illegitimate and violated industry-recognized industry norms such as the need to register an account with a real name and not to lend it to others without permission, as well as anti-addiction. Providing assistance for game cheating will inevitably lead to the failure of the fair competition mechanism of online games, destroying the fair ecology of Tencent's "Honor of Kings" game, causing damage to Tencent's rights and interests and public interests, and constitutes unfair competition. Therefore, it is determined to compensate Tencent for losses and reasonable expenses totaling $600,000.

The Ministry of Industry and Information Technology notified 56 APPs (SDKs)

that violated the rights and interests of users' personal information