Anti-Telecom and Online Fraud Law of the People's Republic of China
(Adopted at the 36th Meeting of the Standing Committee of the Thirteenth National People's Congress on September 2, 2022)
Contents
Chapter I General Provisions
Chapter II Regulations for the Telecommunications Sector
Chapter III Regulations for the Financial Sector
Chapter IV Regulations for the Internet Sector
Chapter V Comprehensive Measures
Chapter VI Legal Liability
Chapter VII Supplementary Provisions
Chapter I
General Provisions
Article 1 This Law is enacted in accordance with the Constitution to prevent, deter and punish telecom and online fraud, strengthen the work against telecom and online fraud, protect the legitimate rights and interests of citizens and organizations, and safeguard social stability and national security.
Article 2 For purposes of this Law, "telecom and online fraud" refers to the act of fraudulently obtaining public or private property by telecom and network technologies through remote, non-contact, or other methods for the purpose of illegal possession.
Article 3 This Law applies to the combat against and deterrence of telecom and online fraud committed within the territory of the People's Republic of China as well as that committed overseas by citizens of the People's Republic of China.
Any overseas organization or individual that carries out telecom and online fraud targeted at individuals or organizations within the territory of the People's Republic of China, or provides products, services or any other assistance for others to carry out telecom and online fraud targeted at individuals or organizations within the territory of the People's Republic of China, shall be dealt with and held liable in accordance with the relevant provisions of this Law.
Article 4 The work against telecom and online fraud shall be carried out by adhering to the people-centered approach and coordinating the pursuit of development and ensuring security; laying emphasis on tackling the root causes and implementing punishment and deterrence in a comprehensive way with systems thinking and under the rule of law; with joint efforts from all sides and public participation, fully implementing various measures for combat, prevention, administration and control of such fraud activities, and strengthening public awareness in this regard; and insisting on precise prevention and control to ensure normal production and business activities and the convenience of people's lives.
Article 5 The work against telecom and online fraud shall be carried out in accordance with the law, and the legitimate rights and interests of citizens and organizations shall be protected.
Relevant departments, entities and individuals shall keep confidential the state secrets, trade secrets, personal privacy and personal information that come to their knowledge in the work against telecom and online fraud.
Article 6 The State Council shall establish an anti-telecom and online fraud work mechanism to coordinate the combat against telecom and online fraud.
Local people's governments at all levels shall organize and lead the work against telecom and online fraud within their respective administrative areas, determine the targets, missions, and mechanisms of the work against telecom and online fraud, and shall implement punishment and deterrence with a holistic approach.
Public security organs shall be in charge of the work against telecom and online fraud, and relevant departments in charge of, inter alia, finance, telecommunications, cyberspace administration, and market regulation shall, ex officio, assume the primary responsibilities for regulation and be responsible for the work against telecom and online fraud in the corresponding industry.
People's courts and people's procuratorates shall play judicial and procuratorial functions to punish and prevent telecom and online fraud in accordance with the law.
Telecommunications business operators, banking institutions, non-banking payment institutions, and Internet service providers shall assume the liability for risk prevention and control against telecom and online fraud, establish relevant internal control mechanisms and security liability system, and strengthen security assessment on the fraud risks in new lines of business.
Article 7 Relevant departments and entities shall closely cooperate in the work against telecom and online fraud, achieve cross-industry and cross-regional coordination and fast interaction, and strengthen professional teams, to effectively crack down on and punish telecom and online fraud.
Article 8 People's governments at all levels and relevant departments shall strengthen publicity for the combat against telecom and Internet fraud, and popularize the relevant legal and other relevant knowledge to increase public awareness on prevention of different sorts of telecom and online fraud as well as improving the ability to identify such fraud.
The departments in charge of education administration, market regulation, and civil affairs as well as other relevant departments, villagers' committees, and residents' committees shall, based on the distribution and other characteristics of victims, enhance the pertinence and preciseness of awareness campaigns against telecom and online fraud by strengthening publicity and education among the elderly, teenagers and other groups and by carrying out publicity and education against telecom and online fraud in schools, enterprises, communities, rural areas, families, and the like.
Entities shall attach importance to the prevention of telecom and online fraud within the entities and provide relevant education for their members. Individuals shall increase their awareness in this regard. Entities and individuals shall assist the relevant departments and cooperate with them in carrying out work against telecom and online fraud in accordance with this Law.
Chapter II
Regulations for the Telecommunications Sector
Article 9 Telecommunications business operators shall thoroughly implement the system for registering the real identities of telephone users in accordance with the law.
Enterprises in basic telecommunications or mobile communications resale services shall undertake the managerial responsibility to ensure that their agents implement the telephone user real-name registration system, and shall specify in the agreements their agents' obligation to register users' real names as well as the relevant measures for breaching this obligation.
Article 10 No one shall apply for telephone cards in excess of the number provided by relevant state regulations.
On identifying an abnormal telephone card application, the relevant telecommunications business operator shall have the right to conduct further verification or deny the application. The specific identification methods shall be provided by the department in charge of telecommunications under the State Council.
The department in charge of telecommunications under the State Council shall organize the establishment of mechanisms verifying the number of telephone cards possessed by users, and sharing relevant risk information, and shall provide easy access for users to inquire about the information on telephone cards registered under their names.
Article 11 Telecommunications business operators shall conduct real-name reverification on identified abnormal telephone cards suspected of being involved in fraud by adopting corresponding verification measures based on different risk levels. Where a user fails to have a telephone card as prescribed above reverified according to regulations or fails the reverification, the relevant telecommunications business operator may limit or suspend the use of the telephone card.
Article 12 Telecommunications business operators shall establish risk assessment systems on the users of Internet of Things card, and shall not sell Internet of Things cards to those who fail the assessment. Registration of the identity information of Internet of Things card users shall be strictly carried out. Effective technical measures shall be taken to ensure the restricted use of Internet of Things cards in terms of their available functions, usage scenarios, and applicable equipment.
Entity users that purchase Internet of Things cards from telecommunications business operators and then sell equipment with the Internet of Things cards to other users shall verify and register the identity information of these other users, and shall send the sales volume, stock, and information about these other users' real identity to the corresponding telecommunications business operators.
Telecommunications business operators shall establish Internet of Things card monitoring and alert mechanisms. In the event of any abnormal use of an Internet of Things card, the relevant telecommunications business operator shall suspend the corresponding service, reverify the identity and usage scenarios of the card user, or take other measures as agreed in the contracts to deal with the situation.
Article 13 Telecommunications business operators shall regulate the delivery of authentic calling numbers and the leasing of telecommunications lines, and block, intercept, trace and verify the origins of calls with spoofed numbers.
Telecommunications business operators shall strictly regulate the calling number delivery by international communications business gateway exchanges, display to the users the countries or regions of the calling numbers truthfully and accurately, and identify and intercept fake and irregular callings at both intra-network and inter-network levels.
Article 14 No entity or individual may illegally manufacture, trade, provide, or use the following equipment or software:
(1) equipment for batch insertion of telephone cards;
(2) equipment or software with functions of spoofing calling numbers, virtual dialing, unauthorized access to public telecommunications network with Internet telephones, etc.;
(3) automatic switching systems for batch accounts and network addresses, and platforms for receiving or providing batch SMS or voice verification; and
(4) other equipment or software used for committing telecom and online fraud or other criminal or illegal acts.
Telecommunications business operators and Internet service providers shall adopt technical measures to identify the illegal equipment or software provided in the preceding paragraph and block them from connecting to the network in a timely manner, and shall report to the relevant public security organ and the departments in charge of the relevant industries.
Chapter III
Regulations for the Financial Sector
Article 15 A banking institution or a non-banking payment institution shall establish a due diligence system on clients to perform due diligence at the time when opening bank accounts or payment accounts or providing payment or settlement services and during the time the customer-business relationship exists, to identify the beneficial owners and take appropriate risk management measures to prevent the bank accounts or payment accounts from being used for the telecom and online fraud in accordance with the law.
Article 16 No one shall open bank accounts and payment accounts in excess of the number provided by the relevant state regulations.
On identifying an abnormal application for opening an account, the relevant banking institutions or non-banking payment institution shall have the right to conduct further verification or deny the application. The specific identification methods shall be provided by the department in charge of telecommunications under the State Council.
The People's Bank of China and the banking regulatory department under the State Council shall organize the relevant settlement institutions to establish a cross-institution mechanism to verify the number of accounts opened and a mechanism sharing relevant risk information, and shall provide easy access for customers to inquire about the bank accounts and payment accounts under their names. Banking institutions and non-banking payment institutions shall provide information about the accounts opened and the relevant risks in accordance with the relevant state regulations. Such information shall not be used for purposes other than combating telecom and online fraud.
Article 17 A banking institution or a non-banking payment institution shall establish a risk prevention and control mechanism to deal with abnormal situations concerning enterprise accounts. The departments in charge of finance, telecommunications, market regulation, and taxation, as well as other relevant departments shall establish an enterprise accounts information sharing and inquiring system and shall provide online verification services.
Registration authorities of market entities shall, in handling real-name registration, perform the duty of verifying the identity information of the applying enterprises in accordance with the law; shall supervise and inspect the registration items in accordance with regulations, especially those of the enterprises suspected of being involved in false registration or fraud, and shall, once a registration is thereby revoked in accordance with the law, share the relevant information in a timely manner according to the provisions in the preceding paragraph; and shall provide convenience for banking institutions and non-banking payment institutions in conducting due diligence on clients and in identifying beneficial owners in accordance with the law.
Article 18 Banking institutions or non-banking payment institutions shall strengthen the monitoring of bank accounts, payment accounts as well as payment and settlement services, and according to the characteristics of telecom and online fraud, establish and improve the mechanism monitoring abnormal accounts and suspicious transactions.
The People's Bank of China shall establish a unified anti-money laundering monitoring system covering banking institutions and non-banking payment institutions, and shall, in conjunction with the department of public security under the State Council and based on the characteristics of the flow of funds involved in telecom and online fraud, improve the system for reporting suspicious transactions involving money laundering.
On identifying an abnormal account or a suspicious transaction in the course of monitoring, the relevant banking institution or non-banking payment institution shall adopt necessary preventive measures based on the risks posed, such as verifying the transaction, reverifying relevant identities, postponing payment and settlement, and restricting or suspending relevant business.
Banking institutions and non-banking payment institutions, while monitoring abnormal accounts and suspicious transactions according to the provisions in the first paragraph, may collect the necessary transaction and equipment location information of abnormal clients, such as Internet protocol addresses, network card addresses, and payment acceptance terminal information. Without authorization of the relevant clients, the above-mentioned information shall not be used for purposes other than combating telecom and online fraud.
Article 19 Banking institutions and non-banking payment institutions shall, in accordance with the relevant state regulations, transmit complete and accurate transaction information such as the names of the merchants which directly provide goods or services, and the names and account numbers of the clients paying or receiving the money, to ensure that transaction information is veracious and complete, and is consistent throughout the whole process of payment.
Article 20 The department of public security under the State Council shall, in conjunction with other relevant departments, establish and improve the systems of instant fund inquiry, instant withholding of payment, and quick freezing, timely unfreezing and return of funds as regards the funds involved in telecom and online fraud, with specific conditions, procedures, and remedial measures prescribed.
Where a public security organ decides to take any of the above-mentioned measures in accordance with the law, relevant banking institutions and non-banking payment institutions shall cooperate.
Chapter IV
Regulations for the Internet Sector
Article 21 Telecommunications business operators and Internet service providers offering the following services shall lawfully require their users to provide information of their real identity while signing the agreement with the users or confirming the services to be offered, and shall not provide these services if the users fail to provide such information:
(1) Internet access services;
(2) proxy service and other network address conversion services;
(3) Internet domain name registration, server hosting, space rental, cloud services, or content distribution services; and
(4) information and software distribution services, or services such as instant messaging, online transactions, online games, online live-streaming, and advertisement promotion.
Article 22 Internet service providers shall reverify the abnormal accounts suspected of being involved in fraud which are identified in the course of monitoring and shall, in accordance with the relevant state regulations, take measures such as restricting functions and suspending services.
Internet service providers shall, as required by the relevant public security organs and the departments in charge of telecommunications, verify all the relevant Internet accounts registered with the telephone cards involved in, or suspected of being involved in fraud, and shall, in light of the risks posed, take measures such as requiring rectification within a specified time period, restricting functions, suspending the use, closing the accounts, and prohibiting re-registration.
Article 23 Whoever intends to create a mobile Internet application shall go through formalities for licensing or filing for record with the department in charge of telecommunications in accordance with the relevant state regulations.
Whoever provides packaging and distribution services for a mobile Internet application shall register and verify the information of the developer's and operator's real identity, and shall verify the functions and purposes of the application.
The departments of, inter alia, public security, telecommunications, and cybersecurity administration, as well as the telecommunications business operators and the Internet service providers shall strengthen the monitoring and timely disposal of suspected fraud-related applications which are downloaded and transmitted by means other than through the distribution platforms.
Article 24 Whoever provides the services of domain name resolution, domain name forwarding, or URL redirection shall, in accordance with the relevant state regulations, verify the authenticity and accuracy of the domain name registration, the resolution information and the Internet protocol address, regulate domain name forwarding, record and retain the log information of the corresponding services it provides, and support the traceability of records related to resolution, forwarding and redirection.
Article 25 No entity or individual may provide the following support or assistance for others to commit telecom and online fraud:
(1) selling or providing personal information;
(2) helping others to launder money through virtual currency transactions or any other method; or
(3) any other act providing support or assistance for telecom and online fraud.
Telecommunications business operators and Internet service providers shall, in accordance with the relevant state regulations, fulfill the duty of reasonable care, and monitor, identify and handle activities that are suspected of using the following business to support or assist fraud:
(1) providing Internet access, server hosting, network storage, communication, transmission, line rental, domain name resolution, or any other network resource related service;
(2) providing online promotion service, such as information distribution service, information searching service, or any promotion by advertisement or by increasing traffic;
(3) providing service of producing or maintaining applications, websites, or other network technologies or products; or
(4) providing payment and settlement service.
Article 26 When a public security organ collects evidence according to the law in handling cases of telecom and online fraud, the Internet service providers concerned shall provide technical support and assistance in a timely manner.
Where, in monitoring suspected fraud-related information and activities in accordance with this Law, an Internet service provider discovers any clue to a crime or other violation involving fraud or any information about a fraud risk, such clue or information shall be transferred to the departments of, inter alia, public security, finance, telecommunications, and cyberspace administration in light of the type and level of the risks posed according to the relevant state regulations. The relevant departments shall establish and improve the feedback mechanism, notifying the transferring entity of the relevant situation in a timely manner.
Chapter V
Comprehensive Measures
Article 27 Public security organs shall establish and improve the working mechanism for combating and punishing telecom and online fraud, and strengthen the professional teams and technologies. Police forces and local public security organs shall closely cooperate to effectively punish telecom and online fraud in accordance with the law.
A public security organ that receives a report of a telecom and online fraud or discovers one shall file and investigate the case according to the Criminal Procedure Law of the People's Republic of China.
Article 28 The departments of finance, telecommunications, and cyberspace administration shall, ex officio, supervise and inspect the implementation of this Law by banking institutions, non-banking payment institutions, telecommunications business operators, and Internet service providers. The relevant supervision and inspection shall be carried out in accordance with the law and in a regulated manner.
Article 29 Personal information processors shall conduct personal information processing in accordance with the Personal Information Protection Law of the People's Republic of China and other applicable laws, strengthen personal information protection, and establish a mechanism preventing personal information from being used in telecom and online fraud.
The departments and entities which have the duty of protecting personal information shall pay special attention to the protection of information collected in the course of providing logistics, trading, loaning, medical, matchmaking and other service that may be used in telecom and online fraud. When handling telecom and online fraud cases, public security organs shall also investigate the sources of the personal information abused in the cases and hold the relevant individuals or entities liable in accordance with the law.
Article 30 Telecommunications business operators, banking institutions, non-banking payment institutions, and Internet service providers shall carry out publicity against telecom and online fraud among their staff and users, give reminders about preventing telecom and Internet fraud in their relevant business activities, notify the users of emerging telecom and online fraud in the field of their businesses in time, and give warnings on the legal liability for illegally trading, leasing, or lending their own relevant cards, accounts and the like to be used for telecom and online fraud.
News, radio, television, culture, Internet information services and other entities shall give publicity and education on the prevention of telecom and online fraud among the public.
Any entity or individual has the right to report telecom and online fraud. Relevant departments shall handle such report in a timely manner in accordance with the law, and shall reward and protect the reporter who provides valid information.
Article 31 No entity or individual may illegally trade, lease, or lend any telephone card, Internet of Things card, telecommunications line, SMS port, bank account, payment account, or Internet account, etc., or provide assistance in real-name verification; nor may any entity or individual apply for any of the above-mentioned cards or accounts by assuming the identity of another person or by fabricating an agency relationship.
For the entities, individuals and related organizers that have committed the acts specified in the preceding paragraph, as confirmed by the public security organs at or above the level of cities divided into districts, and for the individuals who have been subjected to criminal punishment for engaging in telecom and online fraud or the related crimes, the relevant information may be recorded in their credit records in accordance with the relevant state regulations, and the relevant measures may be taken against them such as restricting the functions of their relevant cards and accounts, stopping offering the non-counter services to them, suspending offering new services to them, and restricting Internet access. An entity, individual or organizer concerned disagreeing with the above-mentioned confirmation or measures may file a petition. The relevant departments shall establish and improve the petition channels, credit restoration, and other remedial systems. The specific measures shall be provided by the department of public security under the State Council in conjunction with the relevant departments in charge.
Article 32 The state supports telecommunications business operators, banking institutions, non-banking payment institutions, and Internet service providers in the research and development of anti-telecom and online fraud technologies to be used for monitoring, identifying, and instantly blocking and disposing of abnormal information and activities suspected of being involved in fraud.
The department of public security under the State Council, the departments in charge of finance and telecommunications under the State Council, as well as the national cyberspace administration shall coordinate the development of the technical countermeasures in their respective fields, promote the sharing of sample information and data on telecom and online fraud, strengthen cross verification of suspicious user information involved in fraud, and establish mechanisms to monitor, identify, and instant block and dispose of abnormal information and activities suspected of being involved in fraud.
Where the disposal measures such as restriction or suspension of services are taken against suspicious and abnormal circumstances under Article 11, 12, 18, 22, or the preceding paragraph of this Article, the party concerned shall be informed of the reasons, remedial channels, materials to be submitted for remedy, and the like. The party may submit a petition to the authority or entity making the decision or taking the measures. The authority or entity that has made the decision shall establish and improve their petition channels, and accept the petition and conduct verification in a timely manner. If the petitioned matter passes verification, the relevant measures shall be immediately removed.
Article 33 The state promotes the development of the public service of online identity authentication and supports the voluntary use of this service by individuals and enterprises. Telecommunications business operators, banking institutions, non-banking payment institutions, and Internet service providers may reverify users' identity through the national online network identity authentication service once discovering abnormal telephone cards, bank accounts, payment accounts, or Internet accounts suspected of being involved in fraud.
Article 34 Public security organs shall, jointly with the departments of finance, telecommunications, and cyberspace administration, organize banking institutions, non-banking payment institutions, telecommunications business operators, and Internet service providers, etc. to establish an alert and dissuasion system, and shall take corresponding measures according to different circumstances to dissuade the potential victims. In handling telecom and online fraud cases, the efforts to pursue illegal proceeds and recover losses shall be strengthened, the system for disposing of the funds involved shall be improved, and the victims' lawful property shall be returned to them in a timely manner. For those victims who suffer from severe difficulties in life and meet relevant conditions for assistance set forth by the state, the relevant entities shall provide assistance in accordance with applicable regulations.
Article 35 Upon the decision or approval of the anti-telecom and online fraud work mechanism of the State Council, the departments of, inter alia, public security, finance, and telecommunications may, in accordance with the relevant state regulations, take temporary measures necessary to mitigate risks in specific regions where telecom and online fraud is serious.
Article 36 The immigration authority may decide to prohibit a person from leaving China who is travelling to a region where telecom and online fraud is serious and whose exit from China is highly suspected to be connected with telecom and online fraud.
The public security organ at or above the level of a city divided into districts may decide to prohibit a person from leaving China who has been subjected to criminal punishment for telecom and online fraud, for a period of six months to three years depending on the circumstances of the crime and the need for preventing a second offense, counting from the date this person has completed his sentence, and shall notify the immigration authority to enforce the decision.
Article 37 The department of public security and other departments under the State Council shall, in conjunction with the department of foreign affairs, strengthen international law enforcement and judicial cooperation by establishing efficient cooperation mechanisms with relevant countries, regions, and international organizations and by enhancing the level of cooperation in information exchange, investigation and evidence collection, apprehension and arrest, pursuit of illegal proceeds and recovery of losses, etc. through international police cooperation, to effectively crack down cross-border telecom and online fraud.
Chapter VI
Legal Liability
Article 38 Whoever organizes, plots, commits, or participates in telecom and online fraud or provides assistance for telecom and online fraud, if a crime is constituted, shall be held criminally liable in accordance with the law.
Whoever commits an act as prescribed in the preceding paragraph, whereas a crime is not constituted, shall be detained by the public security organ for not less than 10 days but not more than 15 days, the illegal proceeds shall be confiscated, and a fine of not less than one time but not more than ten times the illegal proceeds shall be imposed; where there are no illegal proceeds, or the illegal proceeds are worth less than RMB 10,000 yuan, the person shall be fined not more than RMB 100,000 yuan.
Article 39 Where a telecommunications business operator violates this Law under any of the following circumstances, the relevant department in charge shall order it to rectify, and shall impose upon it a warning, a circular of criticism, or a fine not less than RMB 50,000 yuan but not more than RMB 500,000 yuan if the circumstances are relatively minor; if the circumstances are serious, shall impose a fine not less than RMB 500,000 yuan but not more than RMB 5 million yuan, and may order it to suspend relevant business or to cease operation for rectification, or revoke the relevant business permit or its business license, and shall impose a fine of not less than RMB 10,000 yuan but not more than RMB 200,000 yuan upon the persons directly in charge and other directly responsible persons:
(1) failing to implement the internal control mechanisms against telecom and online fraud provided in the relevant state regulations;
(2) failing to implement real-name registration of telephone card or Internet of Things card users;
(3) failing to perform the duty of monitoring or identifying telephone cards or Internet of Things cards, giving alert, or taking relevant disposal measures;
(4) failing to conduct risk assessment on Internet of Things card users, or failing to restrict the functions, scenarios, or applicable equipment of Internet of Things cards; or
(5) failing to take measures to monitor or deal with spoofed numbers, fake callings, or illegal equipment with the like functions.
Article 40 Where a banking institution or a non-banking payment institution violates this Law under any of the following circumstances, the relevant department in charge shall order it to rectify, and shall impose upon it a warning, a circular of criticism, or a fine not less than RMB 50,000 yuan but not more than RMB 500,000 yuan if the circumstances are relatively minor; if the circumstances are serious, shall impose a fine not less than RMB 500,000 yuan but not more than RMB 5 million yuan, and may order it to stop expanding new lines of businesses, reduce the types or narrow the scope of business, suspend relevant business, or to cease operation for rectification, or may revoke the relevant business permit or its business license, and shall impose a fine of not less than RMB 10,000 yuan but not more than RMB 200,000 yuan upon the persons directly in charge and other directly responsible persons:
(1) failing to implement the internal control mechanisms against telecom and online fraud provided in the relevant state regulations;
(2) failing to perform due diligence or implement relevant risk management measures;
(3) failing to perform the duty of risk monitoring related to abnormal accounts or suspicious transactions or taking relevant disposal measures; or
(4) failing to completely and accurately transmit relevant transaction information in accordance with relevant regulations.
Article 41 Where a telecommunications business operator or an Internet service provider violates this Law under any of the following circumstances, the relevant department in charge shall order it to rectify, and shall impose upon it a warning, a circular of criticism, or a fine not less than RMB 50,000 yuan but not more than RMB 500,000 yuan if the circumstances are relatively minor; if the circumstances are serious, shall impose a fine not less than RMB 500,000 yuan but not more than RMB 5 million yuan, and may order it to suspend relevant business, cease operation for rectification, close a website, or to stop running an application, or may revoke the relevant business permit or its business license, and shall impose a fine of not less than RMB 10,000 yuan but not more than RMB 200,000 yuan upon the persons directly in charge and other directly responsible persons:
(1) failing to implement the internal control mechanism against the telecom and online fraud provided in the relevant state regulations;
(2) failing to perform the duty of implementing real-name system in network services, or failing to verify the Internet accounts registered with telephone cards involved in or suspected of being involved in fraud;
(3) failing to verify the authenticity and accuracy of the domain name registration, resolution information, or Internet protocol address, or failing to regulate the domain name forwarding, or record and retain the log information of the corresponding services it provides, in accordance with relevant state regulations;
(4) failing to register and verify information of the real identity of a mobile Internet application developer or operator, or failing to verify the functions or purposes of an application before providing packaging or distribution service;
(5) failing to perform the duty of monitoring, identifying, or disposing of Internet accounts or applications suspected of being involved in fraud or other suspicious information or activities; or
(6) refusing to provide technical support or assistance for the investigation or punishment of telecom and online fraud in accordance with the law, or refusing to transfer in accordance with regulations the clue to a crime or other violation involving fraud or the information about a fraud risk.
Article 42 Where anyone violates Article 14 or the first paragraph of Article 25 of this Law, the illegal proceeds shall be confiscated, and a fine of not less than one time but not more than ten times the illegal proceeds shall be imposed by the public security organ or the relevant department in charge; if there are no illegal proceeds or the illegal proceeds are less than RMB 50,000 yuan, a fine of not more than RMB 500,000 yuan shall be imposed; if the circumstances are serious, a detention of not more than 15 days shall be imposed by the public security organ.
Article 43 Where a telecommunications business operator or an Internet service provider violates the second paragraph of Article 25 of this Law, the relevant department shall order it to rectify, and shall impose upon it a warning, a circular of criticism, or a fine not less than RMB 50,000 yuan but not more than RMB 500,000 yuan if the circumstances are relatively minor; if the circumstances are serious, shall impose a fine not less than RMB 500,000 yuan but not more than RMB 5 million yuan, and may order it to suspend relevant business, cease operation for rectification, close the website, or to stop running an application, and shall impose a fine of not less than RMB 10,000 yuan but not more than RMB 200,000 yuan upon the persons directly in charge and other directly responsible persons.
Article 44 Where anyone violates the first paragraph of Article 31 of this Law, the illegal proceeds shall be confiscated, and a fine of not less than one time but not more than ten times the illegal proceeds shall be imposed by the public security organ or the relevant department in charge; if there are no illegal proceeds or the illegal proceeds are less than RMB 20,000 yuan, a fine of not more than RMB 200,000 yuan shall be imposed; if the circumstances are serious, a detention of not more than 15 days shall be imposed by the public security organ.
Article 45 Where any staff member of a department or entity engaged in anti-telecom and online fraud by abusing his power or neglecting his duty, engages in malpractice for personal gains, or commits any other violation provided in this Law, if a crime is constituted, he shall be held criminally liable in accordance with the law.
Article 46 Offenders and criminals who organize, plot, commit, or participate in telecom and online fraud or provide relevant assistance for such fraud shall, in addition to the corresponding criminal and administrative liabilities, bear civil liability in accordance with the Civil Code of the People's Republic of China and other laws if they have thereby caused damages to others.
Telecommunications business operators, banking institutions, non-banking payment institutions, and Internet service providers that violate this Law and have caused damages to others shall bear civil liability in accordance with the Civil Code of the People's Republic of China and other laws.
Article 47 The people's procuratorates, in the performance of their anti-telecom and online fraud duties, may file public interest lawsuits according to the law with the people's courts against conducts that harm the state interests and public interests.
Article 48 A relevant entity or individual that disagrees with a decision on administrative penalty or administrative compulsory measure imposed upon it or him which is made in accordance with this Law may apply for administrative reconsideration, or file an administrative lawsuit in accordance with the law.
Chapter VII
Supplementary Provisions
Article 49 In the absence of any provisions in this Law on the management and liability systems related to anti-telecom and online fraud work, the provisions of the Cybersecurity Law of the People's Republic of China, the Personal Information Protection Law of the People's Republic of China, the Anti-Money Laundering Law of the People's Republic of China, and other relevant laws shall be applicable.
Article 50 This Law shall come into force as of December 1, 2022.
Ministry of Justice of the
People's Republic of China