[co-author: Joe He]
On 24 August 2017, the Chinese Ministry of Industry and Information Technology (“MIIT“) issued the final version of the Rules on the Administration of Internet Domain Names (“New Domain Name Rules“). These new Rules will come into effect on 1 November 2017 and replace the existing rules promulgated in 2004.
As compared to the draft of these Rules (“Draft“) published in March 2016 (for details, please refer to our article: Towards a Greater Chinese Firewall?), the most eye-catching change in these new Rules is the deletion of the controversial Article 37. Article 37 of the Draft provides that any domain name whose website is hosted in China must be registered with a Chinese domain name registrar; otherwise Chinese Internet access service providers must refuse Internet access. Article 37 has led to concerns that all foreign websites would be blocked in China and that China’s internet would become an intranet closed off to other regions.
The US Government issued a statement publicly criticising the Chinese Government’s proposed stance to Internet governance (for details, please refer to our article: “US government slams Chinese domain name rules“). Various sources in the international media also interpreted the Draft as an attempt to fence the Chinese internet off from foreign website.
Possibly in response to these concerns and controversies, MIIT has removed Article 37 from the New Domain Name Rules. While this is a welcoming move, it remains to be seen whether and to what extent the Chinese Government is relaxing its control over websites hosted in China and more generally, the Internet. In practice, government control can still be exerted in other ways such as through technological measures (e.g. access-blocking) and restrictions on ICP recordal.
Other notable changes in these new Rules (as compared to the Draft) include:
Removal of the requirement that root server operators and domain name registries/registrars must be legal entities established in China.
No one shall maliciously direct its domain name to another person’s IP address.
Providers of Internet information services must not use domain names for unlawful activities. Domain name registries and registrars are required to take measures against these domain names, including cancelling or disabling these domain names.
We will continue to watch this space to see how these Rules are carried out in practice and whether MIIT and other authorities may issue further implementation guidelines. For now, it seems to be the case that websites hosted on foreign servers will be unaffected by these new Rules, subject to the existing Internet censorship control often referred to as the “Great Firewall”.
The developments on the domain name registration front should be viewed in the context of wider national security and cyber security developments in China. With the effectiveness of the Cyber Security Law on 1 June and with an important leadership transition coming in the autumn of this year, China’s cyber space has seen a stepping up of regulation, in terms of the policing of online content, the regulation of those who provide internet services and the localization of data. Amidst reports that the Chinese authorities have directed the three largest state owned telecommunications carriers to completely block access to virtual private network (“VPN“) services, the position of cross-border internet traffic is in question and multi-national businesses with an online presence in China should remain vigilant as matters develop.